Infected: Backdoor.Win32.Small.gii

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi tju1 01.02.2009.

  1. tju1

    tju1 Regular member

    Liittynyt:
    13.02.2006
    Viestejä:
    118
    Kiitokset:
    0
    Pisteet:
    26
    Kaspersky online scanneri löysi trojalaisen, miten sen saa pois.
    Tässä hijackThis logi:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:02:01, on 1.2.2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18372)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\SOUNDMAN.EXE
    C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\CyberLink\Shared files\brs.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\scanneri.exe\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
    O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://asia.msi.com.tw
    O15 - Trusted Zone: http://global.msi.com.tw
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/prog/vista/prog/CLVistaGenie.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 9335 bytes
     
  2.  
  3. Hujo

    Hujo Guest

    scannaa hjt:llä merkkaa paina Fix checked

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O15 - Trusted Zone: http://asia.msi.com.tw
    O15 - Trusted Zone: http://global.msi.com.tw
    O15 - Trusted Zone: http://www.msi.com.tw

    =================

    Koneella avg8 ja avast poista toinen
     
  4. tju1

    tju1 Regular member

    Liittynyt:
    13.02.2006
    Viestejä:
    118
    Kiitokset:
    0
    Pisteet:
    26
    Tässä uusi logi:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:26:52, on 1.2.2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18372)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\SOUNDMAN.EXE
    C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\CyberLink\Shared files\brs.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
    C:\scanneri.exe\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
    O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/prog/vista/prog/CLVistaGenie.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 8361 bytes
     
  5. Hujo

    Hujo Guest

    Lataa Malwarebytes' Anti-Malware työpöydällesi.

    1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
    2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
    Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
    3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
    4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
    5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
    6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
    7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
    löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
    Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    8. Lähetä lokin sisältö seuraavassa viestissäsi
     
  6. tju1

    tju1 Regular member

    Liittynyt:
    13.02.2006
    Viestejä:
    118
    Kiitokset:
    0
    Pisteet:
    26
    Malwarebytes' Anti-Malware 1.33
    Tietokantaversio: 1713
    Windows 6.0.6001 Service Pack 1

    1.2.2009 18:49:50
    mbam-log-2009-02-01 (18-49-50).txt

    Tarkistustyyppi: Täysi tarkistus (C:\|F:\|)
    Tarkistetut kohteet: 137342
    Kulunut aika: 1 hour(s), 21 minute(s), 14 second(s)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 0
    Saastuneita rekisteriavaimia: 0
    Saastuneita rekisteriarvoja: 0
    Saastuneita rekisterikohteita: 0
    Saastuneita hakemistoja: 0
    Saastuneita tiedostoja: 0

    Saastuneita muistiprosesseja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita muistimoduuleja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriavaimia:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriarvoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisterikohteita:
    (Haitallisia kohteita ei löydetty)

    Saastuneita hakemistoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita tiedostoja:
    (Haitallisia kohteita ei löydetty)
     
  7. Hujo

    Hujo Guest

    Avaa Windows Defender.
    Klikkaa Tools ja General Settings.
    Selaa alas ja ota rasti pois Turn on real-time protection (recommended)-kohdasta.
    Tämän jälkeen klikkaa Save ja sulje Windows Defender.

    äläkkä laita päälle

    ================

    scannaa hjt:llä merkkaa paina Fix checked

    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    ===========

    Lataa Atribunen ATF Cleaner

    Ohjeet;

    Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
    Klikkaa Empty Selected valintaa.
    Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa taas.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
    Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

    =============

    sitten tuon voispoistaa lisää poista sovelutuksesta

    Yahoo!

    ja kansio pois

    C:\Program Files\Yahoo!
     
    Moderaattorin viimeksi muokkaama: 01.02.2009
  8. tju1

    tju1 Regular member

    Liittynyt:
    13.02.2006
    Viestejä:
    118
    Kiitokset:
    0
    Pisteet:
    26
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:59:55, on 1.2.2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18372)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Windows\SOUNDMAN.EXE
    C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\CyberLink\Shared files\brs.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\scanneri.exe\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
    O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/prog/vista/prog/CLVistaGenie.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 8028 bytes
     
  9. Hujo

    Hujo Guest

    eipä ne lähteneet vieläkään pois mutta eipä ne siellä haittaa.
    turhaa vain on käynnistyvissä.
     
  10. tju1

    tju1 Regular member

    Liittynyt:
    13.02.2006
    Viestejä:
    118
    Kiitokset:
    0
    Pisteet:
    26
    eipä ole troijalainenkaan lähtenyt.Scannasin uudestaan Kasperskilla ja tossa sen logi:


    KASPERSKY ONLINE SCANNER 7 REPORT
    Monday, February 2, 2009
    Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Monday, February 02, 2009 17:21:09
    Records in database: 1737914


    Scan settings
    Scan using the following database extended
    Scan archives yes
    Scan mail databases yes

    Scan area My Computer
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\

    Scan statistics
    Files scanned 119953
    Threat name 1
    Infected objects 1
    Suspicious objects 0
    Duration of the scan 02:45:16

    File name Threat name Threats count
    C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BH23PKX9\ASENNA_NEWS_TO_SCREEN_(FM)[1].0XE Infected: Backdoor.Win32.Small.gii 1

    The selected area was scanned.
     
  11. Hujo

    Hujo Guest

    1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
    Combofix1
    Combofix2

    älä asenna palautus consolia
    2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
     
  12. tju1

    tju1 Regular member

    Liittynyt:
    13.02.2006
    Viestejä:
    118
    Kiitokset:
    0
    Pisteet:
    26
    ComboFix 09-02-02.04 - Timo 2009-02-03 16:57:08.1 - NTFSx86
    Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2047.1311 [GMT 2:00]
    Sijainti: c:\users\Timo\Downloads\ComboFix.exe
    AV: avast! antivirus 4.8.1229 [VPS 081124-0] *On-access scanning enabled* (Updated)
    * Uusi palautuspiste luotu
    .
    ADS - Windows: deleted 24 bytes in 1 streams.

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Timo\AppData\Roaming\inst.exe
    c:\windows\system32\pthreadGC2.dll
    F:\Autorun.inf

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-03 to 2009-02-03 )))))))))))))))))
    .

    2009-02-01 11:26 . 2009-02-01 11:26 <KANSIO> d-------- c:\program files\SpeedFan
    2009-02-01 11:26 . 2009-02-01 11:26 45 --a------ c:\windows\System32\initdebug.nfo
    2009-01-29 21:50 . 2009-01-29 22:28 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\dvdcss
    2009-01-29 21:48 . 2009-01-29 21:57 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\vlc
    2009-01-29 21:46 . 2009-01-29 21:46 <KANSIO> d-------- c:\program files\VideoLAN
    2009-01-29 21:33 . 2009-01-29 21:33 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\AVS4YOU
    2009-01-29 21:33 . 2009-01-29 21:33 <KANSIO> d-------- c:\users\All Users\AVS4YOU
    2009-01-29 21:33 . 2009-01-29 21:33 <KANSIO> d-------- c:\programdata\AVS4YOU
    2009-01-29 21:31 . 2009-01-29 21:32 <KANSIO> d-------- c:\program files\Common Files\AVSMedia
    2009-01-29 21:31 . 2009-01-29 21:32 <KANSIO> d-------- c:\program files\AVS4YOU
    2009-01-29 21:31 . 2008-08-13 10:22 1,700,352 --a------ c:\windows\System32\GdiPlus.dll
    2009-01-29 21:31 . 2008-08-13 10:22 974,848 --a------ c:\windows\System32\mfc70.dll
    2009-01-29 21:31 . 2008-08-13 10:22 487,424 --a------ c:\windows\System32\msvcp70.dll
    2009-01-29 21:31 . 2008-08-13 10:22 344,064 --a------ c:\windows\System32\msvcr70.dll
    2009-01-29 21:09 . 2009-01-29 21:09 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\GRETECH
    2009-01-29 21:09 . 2009-01-29 21:09 <KANSIO> d-------- c:\program files\GRETECH
    2009-01-24 14:15 . 2009-01-24 17:48 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\Ashampoo
    2009-01-24 14:13 . 2009-01-24 14:13 <KANSIO> d-------- c:\users\All Users\ashampoo
    2009-01-24 14:13 . 2009-01-24 14:13 <KANSIO> d-------- c:\programdata\ashampoo
    2009-01-24 14:13 . 2009-01-24 14:24 <KANSIO> d-------- c:\program files\Ashampoo
    2009-01-23 17:00 . 2009-01-23 17:12 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\Audacity
    2009-01-22 21:59 . 2009-01-22 21:59 <KANSIO> d-------- c:\program files\winLAME
    2009-01-22 19:42 . 2009-01-22 19:43 <KANSIO> d--h----- c:\users\Timo\PP_MOTION.TMP
    2009-01-22 19:41 . 2009-01-22 19:41 <KANSIO> d--h----- c:\users\Timo\PP_ROTATE_SLIDE.TMP
    2009-01-22 19:41 . 2009-01-22 19:41 <KANSIO> d-------- c:\users\Timo\CyberLink
    2009-01-19 21:45 . 2009-01-19 21:45 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
    2009-01-19 21:44 . 2009-01-19 21:45 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\PC Suite
    2009-01-19 21:44 . 2009-01-19 21:45 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\Nokia
    2009-01-19 21:44 . 2009-01-19 21:45 <KANSIO> d-------- c:\users\All Users\PC Suite
    2009-01-19 21:44 . 2009-01-19 21:45 <KANSIO> d-------- c:\programdata\PC Suite
    2009-01-19 21:42 . 2009-01-19 21:42 <KANSIO> d-------- c:\program files\Common Files\PCSuite
    2009-01-19 21:41 . 2009-01-19 21:41 <KANSIO> d-------- c:\program files\DIFX
    2009-01-19 21:41 . 2008-08-26 09:26 18,816 --a------ c:\windows\System32\drivers\pccsmcfd.sys
    2009-01-19 21:39 . 2009-01-19 21:40 <KANSIO> d-------- c:\program files\PC Connectivity Solution
    2009-01-15 21:22 . 2009-01-15 21:22 <KANSIO> d-------- c:\users\Timo\Kesä 2008
    2009-01-14 21:15 . 2009-01-14 21:15 <KANSIO> d-------- c:\program files\Bonjour
    2009-01-14 21:14 . 2009-01-14 21:15 <KANSIO> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-01-14 21:14 . 2009-01-14 21:15 <KANSIO> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-01-14 21:14 . 2009-01-14 21:15 <KANSIO> d-------- c:\program files\iTunes
    2009-01-14 21:14 . 2009-01-14 21:14 <KANSIO> d-------- c:\program files\iPod
    2009-01-14 21:12 . 2009-01-14 21:12 <KANSIO> d-------- c:\program files\QuickTime
    2009-01-14 17:00 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
    2009-01-07 18:37 . 2009-01-07 18:37 40 --ah----- c:\windows\System32\ivireg.ivr
    2009-01-06 13:49 . 2009-01-06 13:50 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\Corel
    2009-01-06 13:49 . 2009-01-06 14:13 2,516 --ahs---- c:\users\All Users\KGyGaAvL.sys
    2009-01-06 13:49 . 2009-01-06 14:13 2,516 --ahs---- c:\programdata\KGyGaAvL.sys
    2009-01-06 13:49 . 2009-01-06 14:13 88 -r-hs---- c:\users\All Users\8A40BDA798.sys
    2009-01-06 13:49 . 2009-01-06 14:13 88 -r-hs---- c:\programdata\8A40BDA798.sys
    2009-01-05 11:58 . 2009-01-05 11:58 <KANSIO> d-------- c:\program files\AVG

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-02 21:31 --------- d-----w c:\users\Timo\AppData\Roaming\uTorrent
    2009-02-01 09:26 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 2
    2009-01-29 19:57 --------- d-----w c:\users\Timo\AppData\Roaming\vlc
    2009-01-22 17:43 --------- d-----w c:\users\Timo\AppData\Roaming\CyberLink
    2009-01-22 17:41 --------- d-----w c:\programdata\CyberLink
    2009-01-20 19:22 --------- d---a-w c:\programdata\TEMP
    2009-01-20 19:20 --------- d-----w c:\program files\SpywareBlaster
    2009-01-20 18:00 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-01-19 19:42 --------- d-----w c:\program files\Nokia
    2009-01-19 19:42 --------- d-----w c:\program files\Common Files\Nokia
    2009-01-19 19:38 --------- d-----w c:\programdata\Installations
    2009-01-15 10:05 911,872 ----a-w c:\windows\System32\wininet.dll
    2009-01-15 10:05 43,008 ----a-w c:\windows\System32\licmgr10.dll
    2009-01-15 10:04 18,944 ----a-w c:\windows\System32\corpol.dll
    2009-01-15 10:04 132,096 ----a-w c:\windows\System32\ieUnatt.exe
    2009-01-15 10:04 109,568 ----a-w c:\windows\System32\PDMSetup.exe
    2009-01-15 10:04 109,056 ----a-w c:\windows\System32\iesysprep.dll
    2009-01-15 10:04 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
    2009-01-15 10:04 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
    2009-01-15 10:04 103,936 ----a-w c:\windows\System32\SetDepNx.exe
    2009-01-15 10:03 72,704 ----a-w c:\windows\System32\admparse.dll
    2009-01-15 10:03 71,680 ----a-w c:\windows\System32\iesetup.dll
    2009-01-15 10:03 66,560 ----a-w c:\windows\System32\wextract.exe
    2009-01-15 10:03 420,352 ----a-w c:\windows\System32\vbscript.dll
    2009-01-15 10:02 169,472 ----a-w c:\windows\System32\iexpress.exe
    2009-01-15 10:01 34,304 ----a-w c:\windows\System32\imgutil.dll
    2009-01-15 10:00 48,128 ----a-w c:\windows\System32\mshtmler.dll
    2009-01-15 10:00 45,568 ----a-w c:\windows\System32\mshta.exe
    2009-01-15 09:50 156,160 ----a-w c:\windows\System32\msls31.dll
    2009-01-14 19:14 --------- d-----w c:\programdata\Apple Computer
    2009-01-14 19:14 --------- d-----w c:\program files\Common Files\Apple
    2009-01-14 19:07 --------- d-----w c:\program files\Safari
    2009-01-14 15:42 --------- d-----w c:\programdata\Microsoft Help
    2009-01-14 15:42 --------- d-----w c:\program files\Windows Mail
    2009-01-14 14:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-14 14:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-01-07 19:32 47,360 ----a-w c:\users\Timo\AppData\Roaming\pcouffin.sys
    2009-01-07 19:32 --------- d-----w c:\users\Timo\AppData\Roaming\Vso
    2009-01-06 11:44 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-28 12:26 --------- d-----w c:\programdata\SlySoft
    2008-12-28 12:26 --------- d-----w c:\program files\SlySoft
    2008-12-28 10:33 --------- d-----w c:\program files\Seagate
    2008-12-28 10:32 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2008-12-26 19:30 --------- d-----w c:\programdata\VistaCodecs
    2008-12-26 15:52 --------- d-----w c:\programdata\vsosdk
    2008-12-26 14:07 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
    2008-12-25 13:53 --------- d-----w c:\programdata\WindowsSearch
    2008-12-25 12:56 --------- d-----w c:\program files\CCleaner
    2008-12-25 12:46 --------- d-----w c:\programdata\DVD Shrink
    2008-12-22 14:07 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
    2008-12-22 13:36 --------- d-----w c:\programdata\Nokia
    2008-12-21 09:31 --------- d-----w c:\program files\IrfanView
    2008-12-20 11:59 --------- d-----w c:\program files\SystemRequirementsLab
    2008-12-20 11:58 --------- d-----w c:\users\Timo\AppData\Roaming\SystemRequirementsLab
    2008-12-20 11:02 --------- d-----w c:\program files\Java
    2008-12-15 17:55 --------- d-----w c:\program files\CyberLink
    2008-12-15 17:50 --------- d-----w c:\program files\Common Files\CyberLink
    2008-12-15 17:30 --------- d-----w c:\program files\Common Files\InstallShield
    2008-12-13 00:07 --------- d-----w c:\programdata\Nero
    2008-12-13 00:07 --------- d-----w c:\program files\Common Files\Nero
    2008-12-12 21:36 --------- d-----w c:\programdata\WinZip
    2008-12-12 21:32 --------- d-----w c:\users\Timo\AppData\Roaming\Uniblue
    2008-12-12 09:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
    2008-12-12 09:11 61,440 ----a-w c:\windows\System32\dnssd.dll
    2008-12-08 10:53 57,344 ----a-w c:\windows\System32\ff_vfw.dll
    2008-12-04 19:48 --------- d-----w c:\users\Timo\AppData\Roaming\Canneverbe_Limited
    2008-12-04 11:11 43,520 ----a-w c:\windows\system32\drivers\fetnd6v.sys
    2008-11-10 03:43 410,984 ----a-w c:\windows\System32\deploytk.dll
    2008-04-16 19:10 174 --sha-w c:\program files\desktop.ini
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-14 171448]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
    "P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
    "UpdatePDRShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-29 210216]
    "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
    "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
    "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-12-03 75048]
    "UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-10-09 90191]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-09 7741440]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-09 81920]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "SoundMan"="SOUNDMAN.EXE" [2008-09-10 c:\windows\SOUNDMAN.EXE]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-10 525664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= msaud32_divx.acm
    "msacm.l3codecp"= l3codecp.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{0A930A80-489C-4005-B55B-69FE54BFF007}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{A69319FB-6FB3-4879-8E80-1A48AA7EBAB7}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{18AF2190-AD75-47DA-BC01-3480DB0BECD3}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{1A8D8595-1E25-4B41-A578-B8B3C0510C26}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{91FA9597-81CD-4DC0-9825-9EB0D000A920}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "TCP Query User{3C354CFE-9834-44D1-8E13-6266FDF85FF1}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
    "UDP Query User{2FBACC84-C354-4E3E-B321-999217F26948}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
    "TCP Query User{8008D284-696A-4D98-8516-864C37F00CC4}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
    "UDP Query User{1D455224-FAE5-4F6D-8D00-BE2794C29209}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
    "TCP Query User{2750003C-945C-4A92-92F2-436BC4BC6FAF}c:\\users\\timo\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\timo\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
    "UDP Query User{A72FCBE3-94CD-4EDE-A143-D10CFDBC17FC}c:\\users\\timo\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\timo\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
    "TCP Query User{E6C95802-52DD-4D01-BECE-D90FF2123503}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
    "UDP Query User{0AD0F34E-C739-413D-A98F-6BBC43335719}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
    "{1BC54E8B-59B0-49D0-8F17-657DAB3128EB}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{57A1E5B2-31C6-42C3-8748-1F6F5906DC3E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "TCP Query User{F4800462-8B5E-4865-8B87-9FCD86A92952}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
    "UDP Query User{75904A3D-2CAC-48FB-8C10-96FBEA2FAFEE}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
    "TCP Query User{33DE5784-D683-4915-8E0D-7CF8F86A088B}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
    "UDP Query User{511EC3EE-4983-4217-BD09-DB67646F9B73}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
    "TCP Query User{CCEAA39B-AFC1-4B31-8272-4DED25649A03}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
    "UDP Query User{9B5798BB-BAD1-4E12-BE48-3A31CAFE9E85}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
    "TCP Query User{B26E4A4A-22E9-4CB6-ACE3-AAF8A973CA25}c:\\program files\\mozilla firefox 3 beta 2\\firefox.exe"= UDP:c:\program files\mozilla firefox 3 beta 2\firefox.exe:Firefox
    "UDP Query User{8280C7EC-70A7-4AFA-8D77-40F1ABA5701C}c:\\program files\\mozilla firefox 3 beta 2\\firefox.exe"= TCP:c:\program files\mozilla firefox 3 beta 2\firefox.exe:Firefox
    "TCP Query User{CBC98F0D-41D0-4EE6-8F34-70BCA7DAE018}c:\\program files\\nero\\nero 9\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero 9\nero showtime\showtime.exe:Nero ShowTime
    "UDP Query User{25E66763-0207-4F00-93DB-B321AF7EEA20}c:\\program files\\nero\\nero 9\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero 9\nero showtime\showtime.exe:Nero ShowTime
    "TCP Query User{85E218A7-221E-4803-AE27-501037EF8085}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
    "UDP Query User{8D363356-8058-4AA7-89E2-64EB9FA0CD88}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
    "{60ECAACB-2334-4B62-9920-B754840FFEAA}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "TCP Query User{0394EB07-2BD2-4573-A549-1A010C43C48E}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
    "UDP Query User{9B668597-BE27-42BD-A0D2-33A227E942B6}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
    "TCP Query User{785981E8-7D87-42A6-8B26-DC21BAAEA13D}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
    "UDP Query User{18721E67-5D0A-4D70-BD2A-32AA450CBACF}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
    "{2B8000E8-CC54-4EEB-987D-793FCF457620}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
    "{F63A325C-ACD7-41F0-A5BE-BDA9ED904A43}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{D0FF01FF-F192-4DFA-9EE9-E95621EA508A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{0D3F22C5-E33C-4113-90EC-62163FDE8339}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{A8980747-8B94-44E7-AA25-78747AA10376}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-04-05 111184]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-11-21 21:37:24 61424]
    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-04-05 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-02-03 51792]
    R3 BENDER;Pinnacle DV/AV Capture;c:\windows\System32\drivers\bender.sys [2006-11-21 203264]
    R3 ctxS51;Creatix V.9X DSP Data Fax Modem;c:\windows\System32\drivers\ctxS51.sys [2006-05-01 1903646]
    R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [2008-12-04 43520]
    S3 WEBNTACCESS;WEBNTACCESS;c:\windows\System32\Ntaccess.sys [2008-04-13 17920]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
    %SystemRoot%\system32\soundschemes.exe /AddRegistration

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
    %SystemRoot%\system32\soundschemes2.exe /AddRegistration
    .
    'Ajoitetut tehtävät'-kansion sisältö

    2009-02-02 c:\windows\Tasks\User_Feed_Synchronization-{6DDDB379-C441-4F13-A305-B41C202D29A1}.job
    - c:\windows\system32\msfeedssync.exe [2009-01-15 12:01]
    .
    - - - - POISTETUT JÄMÄRIVIT - - - -

    ShellIconOverlayIdentifiers-{8D2223A2-B3C6-4e32-B096-CDD11F628C60} - (no file)


    .
    ------- Täydentävä tarkistus -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} - hxxp://www.cyberlink.com/prog/vista/prog/CLVistaGenie.cab
    FF - ProfilePath - c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\3tokuz8a.default\
    FF - plugin: c:\program files\Mozilla Firefox 3 Beta 2\plugins\np-mswmp.dll
    FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
    FF - plugin: c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\3tokuz8a.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-03 17:02:35
    Windows 6.0.6001 Service Pack 1 NTFS

    tarkistaa piilotettuja prosesseja ...

    tarkistaa piilotettuja käynnistysarvoja ...

    tarkistaa piilotettuja tiedostoja ...

    tarkistus on valmis
    piilotetut tiedostot: 0

    **************************************************************************
    .
    Valmistumisajankohta: 2009-02-03 17:05:19
    ComboFix-quarantined-files.txt 2009-02-03 15:05:16

    Ennen ajoa: 90 078 736 384 tavua vapaana
    Ajon jälkeen: 89,798,164,480 tavua vapaana

    260 --- E O F --- 2009-02-02 16:27:08
     
  13. Hujo

    Hujo Guest

    Nyt tuon alla olevan lainauksen Kopioit / liität Tyhjään muistioon
    käynnistä nappi >apuohjelmat > muistio

    Tallenna se nimellä CFScript.txt työpöydälle

    Sitten raahaa CFScript ComboFix.exeen kuten alla.

    [​IMG]

    Laita tuleva loki tänne.

    Sammutat ja käynnistät koneen
     
  14. tju1

    tju1 Regular member

    Liittynyt:
    13.02.2006
    Viestejä:
    118
    Kiitokset:
    0
    Pisteet:
    26
    En voi raahata muistiota koska compofixi logoa ei tule työpöydälle eikä mihinkään muuallekkaan.
    Kun klikkaan combofix exe niin se alkaa heti asentamaan sitä eikä kysy mitään vaihtoehtoja muuta kuin sammuttamaan avastin.
     
  15. Hujo

    Hujo Guest

    c:\users\Timo\Downloads\ComboFix.exe
    ei pää niin kun se on tuolla

    ei ole asennettu työpöydälle
     
  16. tju1

    tju1 Regular member

    Liittynyt:
    13.02.2006
    Viestejä:
    118
    Kiitokset:
    0
    Pisteet:
    26
    no siellähän se pää oli,tässä uus logi:

    ComboFix 09-02-02.04 - Timo 2009-02-03 20:10:34.3 - NTFSx86
    Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2047.1343 [GMT 2:00]
    Sijainti: c:\users\Timo\Downloads\ComboFix.exe
    Käytetyt komentorivivalitsimet :: c:\users\Timo\Desktop\CFScript.txt
    AV: avast! antivirus 4.8.1229 [VPS 081124-0] *On-access scanning enabled* (Updated)
    * Uusi palautuspiste luotu
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-03 to 2009-02-03 )))))))))))))))))
    .

    2009-02-01 11:26 . 2009-02-01 11:26 <KANSIO> d-------- c:\program files\SpeedFan
    2009-02-01 11:26 . 2009-02-01 11:26 45 --a------ c:\windows\System32\initdebug.nfo
    2009-01-29 21:50 . 2009-01-29 22:28 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\dvdcss
    2009-01-29 21:48 . 2009-01-29 21:57 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\vlc
    2009-01-29 21:46 . 2009-01-29 21:46 <KANSIO> d-------- c:\program files\VideoLAN
    2009-01-29 21:33 . 2009-01-29 21:33 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\AVS4YOU
    2009-01-29 21:33 . 2009-01-29 21:33 <KANSIO> d-------- c:\users\All Users\AVS4YOU
    2009-01-29 21:33 . 2009-01-29 21:33 <KANSIO> d-------- c:\programdata\AVS4YOU
    2009-01-29 21:31 . 2009-01-29 21:32 <KANSIO> d-------- c:\program files\Common Files\AVSMedia
    2009-01-29 21:31 . 2009-01-29 21:32 <KANSIO> d-------- c:\program files\AVS4YOU
    2009-01-29 21:31 . 2008-08-13 10:22 1,700,352 --a------ c:\windows\System32\GdiPlus.dll
    2009-01-29 21:31 . 2008-08-13 10:22 974,848 --a------ c:\windows\System32\mfc70.dll
    2009-01-29 21:31 . 2008-08-13 10:22 487,424 --a------ c:\windows\System32\msvcp70.dll
    2009-01-29 21:31 . 2008-08-13 10:22 344,064 --a------ c:\windows\System32\msvcr70.dll
    2009-01-29 21:09 . 2009-01-29 21:09 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\GRETECH
    2009-01-29 21:09 . 2009-01-29 21:09 <KANSIO> d-------- c:\program files\GRETECH
    2009-01-24 14:15 . 2009-01-24 17:48 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\Ashampoo
    2009-01-24 14:13 . 2009-01-24 14:13 <KANSIO> d-------- c:\users\All Users\ashampoo
    2009-01-24 14:13 . 2009-01-24 14:13 <KANSIO> d-------- c:\programdata\ashampoo
    2009-01-24 14:13 . 2009-01-24 14:24 <KANSIO> d-------- c:\program files\Ashampoo
    2009-01-23 17:00 . 2009-01-23 17:12 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\Audacity
    2009-01-22 21:59 . 2009-01-22 21:59 <KANSIO> d-------- c:\program files\winLAME
    2009-01-22 19:42 . 2009-01-22 19:43 <KANSIO> d--h----- c:\users\Timo\PP_MOTION.TMP
    2009-01-22 19:41 . 2009-01-22 19:41 <KANSIO> d--h----- c:\users\Timo\PP_ROTATE_SLIDE.TMP
    2009-01-22 19:41 . 2009-01-22 19:41 <KANSIO> d-------- c:\users\Timo\CyberLink
    2009-01-19 21:45 . 2009-01-19 21:45 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
    2009-01-19 21:44 . 2009-01-19 21:45 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\PC Suite
    2009-01-19 21:44 . 2009-01-19 21:45 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\Nokia
    2009-01-19 21:44 . 2009-01-19 21:45 <KANSIO> d-------- c:\users\All Users\PC Suite
    2009-01-19 21:44 . 2009-01-19 21:45 <KANSIO> d-------- c:\programdata\PC Suite
    2009-01-19 21:42 . 2009-01-19 21:42 <KANSIO> d-------- c:\program files\Common Files\PCSuite
    2009-01-19 21:41 . 2009-01-19 21:41 <KANSIO> d-------- c:\program files\DIFX
    2009-01-19 21:41 . 2008-08-26 09:26 18,816 --a------ c:\windows\System32\drivers\pccsmcfd.sys
    2009-01-19 21:39 . 2009-01-19 21:40 <KANSIO> d-------- c:\program files\PC Connectivity Solution
    2009-01-15 21:22 . 2009-01-15 21:22 <KANSIO> d-------- c:\users\Timo\Kesä 2008
    2009-01-14 21:15 . 2009-01-14 21:15 <KANSIO> d-------- c:\program files\Bonjour
    2009-01-14 21:14 . 2009-01-14 21:15 <KANSIO> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-01-14 21:14 . 2009-01-14 21:15 <KANSIO> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-01-14 21:14 . 2009-01-14 21:15 <KANSIO> d-------- c:\program files\iTunes
    2009-01-14 21:14 . 2009-01-14 21:14 <KANSIO> d-------- c:\program files\iPod
    2009-01-14 21:12 . 2009-01-14 21:12 <KANSIO> d-------- c:\program files\QuickTime
    2009-01-14 17:00 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
    2009-01-07 18:37 . 2009-01-07 18:37 40 --ah----- c:\windows\System32\ivireg.ivr
    2009-01-06 13:49 . 2009-01-06 13:50 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\Corel
    2009-01-06 13:49 . 2009-01-06 14:13 2,516 --ahs---- c:\users\All Users\KGyGaAvL.sys
    2009-01-06 13:49 . 2009-01-06 14:13 2,516 --ahs---- c:\programdata\KGyGaAvL.sys
    2009-01-06 13:49 . 2009-01-06 14:13 88 -r-hs---- c:\users\All Users\8A40BDA798.sys
    2009-01-06 13:49 . 2009-01-06 14:13 88 -r-hs---- c:\programdata\8A40BDA798.sys
    2009-01-05 11:58 . 2009-01-05 11:58 <KANSIO> d-------- c:\program files\AVG

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-03 16:31 --------- d-----w c:\users\Timo\AppData\Roaming\uTorrent
    2009-02-01 09:26 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 2
    2009-01-29 19:57 --------- d-----w c:\users\Timo\AppData\Roaming\vlc
    2009-01-22 17:43 --------- d-----w c:\users\Timo\AppData\Roaming\CyberLink
    2009-01-22 17:41 --------- d-----w c:\programdata\CyberLink
    2009-01-20 19:22 --------- d---a-w c:\programdata\TEMP
    2009-01-20 19:20 --------- d-----w c:\program files\SpywareBlaster
    2009-01-20 18:00 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-01-19 19:42 --------- d-----w c:\program files\Nokia
    2009-01-19 19:42 --------- d-----w c:\program files\Common Files\Nokia
    2009-01-19 19:38 --------- d-----w c:\programdata\Installations
    2009-01-15 10:05 911,872 ----a-w c:\windows\System32\wininet.dll
    2009-01-15 10:05 43,008 ----a-w c:\windows\System32\licmgr10.dll
    2009-01-15 10:04 18,944 ----a-w c:\windows\System32\corpol.dll
    2009-01-15 10:04 132,096 ----a-w c:\windows\System32\ieUnatt.exe
    2009-01-15 10:04 109,568 ----a-w c:\windows\System32\PDMSetup.exe
    2009-01-15 10:04 109,056 ----a-w c:\windows\System32\iesysprep.dll
    2009-01-15 10:04 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
    2009-01-15 10:04 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
    2009-01-15 10:04 103,936 ----a-w c:\windows\System32\SetDepNx.exe
    2009-01-15 10:03 72,704 ----a-w c:\windows\System32\admparse.dll
    2009-01-15 10:03 71,680 ----a-w c:\windows\System32\iesetup.dll
    2009-01-15 10:03 66,560 ----a-w c:\windows\System32\wextract.exe
    2009-01-15 10:03 420,352 ----a-w c:\windows\System32\vbscript.dll
    2009-01-15 10:02 169,472 ----a-w c:\windows\System32\iexpress.exe
    2009-01-15 10:01 34,304 ----a-w c:\windows\System32\imgutil.dll
    2009-01-15 10:00 48,128 ----a-w c:\windows\System32\mshtmler.dll
    2009-01-15 10:00 45,568 ----a-w c:\windows\System32\mshta.exe
    2009-01-15 09:50 156,160 ----a-w c:\windows\System32\msls31.dll
    2009-01-14 19:14 --------- d-----w c:\programdata\Apple Computer
    2009-01-14 19:14 --------- d-----w c:\program files\Common Files\Apple
    2009-01-14 19:07 --------- d-----w c:\program files\Safari
    2009-01-14 15:42 --------- d-----w c:\programdata\Microsoft Help
    2009-01-14 15:42 --------- d-----w c:\program files\Windows Mail
    2009-01-14 14:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-14 14:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-01-07 19:32 47,360 ----a-w c:\users\Timo\AppData\Roaming\pcouffin.sys
    2009-01-07 19:32 --------- d-----w c:\users\Timo\AppData\Roaming\Vso
    2009-01-06 11:44 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-28 12:26 --------- d-----w c:\programdata\SlySoft
    2008-12-28 12:26 --------- d-----w c:\program files\SlySoft
    2008-12-28 10:33 --------- d-----w c:\program files\Seagate
    2008-12-28 10:32 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2008-12-26 19:30 --------- d-----w c:\programdata\VistaCodecs
    2008-12-26 15:52 --------- d-----w c:\programdata\vsosdk
    2008-12-26 14:07 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
    2008-12-25 13:53 --------- d-----w c:\programdata\WindowsSearch
    2008-12-25 12:56 --------- d-----w c:\program files\CCleaner
    2008-12-25 12:46 --------- d-----w c:\programdata\DVD Shrink
    2008-12-22 14:07 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
    2008-12-22 13:36 --------- d-----w c:\programdata\Nokia
    2008-12-21 09:31 --------- d-----w c:\program files\IrfanView
    2008-12-20 11:59 --------- d-----w c:\program files\SystemRequirementsLab
    2008-12-20 11:58 --------- d-----w c:\users\Timo\AppData\Roaming\SystemRequirementsLab
    2008-12-20 11:02 --------- d-----w c:\program files\Java
    2008-12-15 17:55 --------- d-----w c:\program files\CyberLink
    2008-12-15 17:50 --------- d-----w c:\program files\Common Files\CyberLink
    2008-12-15 17:30 --------- d-----w c:\program files\Common Files\InstallShield
    2008-12-13 00:07 --------- d-----w c:\programdata\Nero
    2008-12-13 00:07 --------- d-----w c:\program files\Common Files\Nero
    2008-12-12 21:36 --------- d-----w c:\programdata\WinZip
    2008-12-12 21:32 --------- d-----w c:\users\Timo\AppData\Roaming\Uniblue
    2008-12-12 09:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
    2008-12-12 09:11 61,440 ----a-w c:\windows\System32\dnssd.dll
    2008-12-08 10:53 57,344 ----a-w c:\windows\System32\ff_vfw.dll
    2008-12-04 19:48 --------- d-----w c:\users\Timo\AppData\Roaming\Canneverbe_Limited
    2008-12-04 11:11 43,520 ----a-w c:\windows\system32\drivers\fetnd6v.sys
    2008-11-10 03:43 410,984 ----a-w c:\windows\System32\deploytk.dll
    2008-04-16 19:10 174 --sha-w c:\program files\desktop.ini
    .

    ((((((((((((((((((((((((((((( snapshot@2009-02-03_17.03.41,04 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-02-03 14:32:42 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-02-03 17:38:51 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-02-03 14:32:42 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-02-03 17:38:51 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-02-03 14:33:58 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2009-02-03 17:40:01 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2009-02-03 17:40:01 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2009-02-03 15:02:17 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2009-02-03 18:12:50 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2009-02-03 18:12:50 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2009-02-03 14:35:43 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-03 17:40:09 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-02-03 14:35:43 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-02-03 17:40:09 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-02-03 14:35:43 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-02-03 17:40:09 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-02-03 14:35:10 10,408 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-726910424-4287619793-38094487-1000_UserData.bin
    + 2009-02-03 17:41:09 10,408 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-726910424-4287619793-38094487-1000_UserData.bin
    - 2009-02-03 14:35:09 64,788 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-02-03 17:41:09 64,970 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2009-02-03 14:35:07 46,582 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-02-03 17:41:07 46,582 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-14 171448]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
    "P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
    "UpdatePDRShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-29 210216]
    "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
    "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
    "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-12-03 75048]
    "UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-10-09 90191]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-09 7741440]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-09 81920]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "SoundMan"="SOUNDMAN.EXE" [2008-09-10 c:\windows\SOUNDMAN.EXE]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-10 525664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= msaud32_divx.acm
    "msacm.l3codecp"= l3codecp.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{0A930A80-489C-4005-B55B-69FE54BFF007}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{A69319FB-6FB3-4879-8E80-1A48AA7EBAB7}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{18AF2190-AD75-47DA-BC01-3480DB0BECD3}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{1A8D8595-1E25-4B41-A578-B8B3C0510C26}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{91FA9597-81CD-4DC0-9825-9EB0D000A920}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "TCP Query User{3C354CFE-9834-44D1-8E13-6266FDF85FF1}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
    "UDP Query User{2FBACC84-C354-4E3E-B321-999217F26948}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
    "TCP Query User{8008D284-696A-4D98-8516-864C37F00CC4}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
    "UDP Query User{1D455224-FAE5-4F6D-8D00-BE2794C29209}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
    "TCP Query User{2750003C-945C-4A92-92F2-436BC4BC6FAF}c:\\users\\timo\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\timo\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
    "UDP Query User{A72FCBE3-94CD-4EDE-A143-D10CFDBC17FC}c:\\users\\timo\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\timo\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
    "TCP Query User{E6C95802-52DD-4D01-BECE-D90FF2123503}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
    "UDP Query User{0AD0F34E-C739-413D-A98F-6BBC43335719}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
    "{1BC54E8B-59B0-49D0-8F17-657DAB3128EB}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{57A1E5B2-31C6-42C3-8748-1F6F5906DC3E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "TCP Query User{F4800462-8B5E-4865-8B87-9FCD86A92952}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
    "UDP Query User{75904A3D-2CAC-48FB-8C10-96FBEA2FAFEE}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
    "TCP Query User{33DE5784-D683-4915-8E0D-7CF8F86A088B}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
    "UDP Query User{511EC3EE-4983-4217-BD09-DB67646F9B73}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
    "TCP Query User{CCEAA39B-AFC1-4B31-8272-4DED25649A03}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
    "UDP Query User{9B5798BB-BAD1-4E12-BE48-3A31CAFE9E85}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
    "TCP Query User{B26E4A4A-22E9-4CB6-ACE3-AAF8A973CA25}c:\\program files\\mozilla firefox 3 beta 2\\firefox.exe"= UDP:c:\program files\mozilla firefox 3 beta 2\firefox.exe:Firefox
    "UDP Query User{8280C7EC-70A7-4AFA-8D77-40F1ABA5701C}c:\\program files\\mozilla firefox 3 beta 2\\firefox.exe"= TCP:c:\program files\mozilla firefox 3 beta 2\firefox.exe:Firefox
    "TCP Query User{CBC98F0D-41D0-4EE6-8F34-70BCA7DAE018}c:\\program files\\nero\\nero 9\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero 9\nero showtime\showtime.exe:Nero ShowTime
    "UDP Query User{25E66763-0207-4F00-93DB-B321AF7EEA20}c:\\program files\\nero\\nero 9\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero 9\nero showtime\showtime.exe:Nero ShowTime
    "TCP Query User{85E218A7-221E-4803-AE27-501037EF8085}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
    "UDP Query User{8D363356-8058-4AA7-89E2-64EB9FA0CD88}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
    "{60ECAACB-2334-4B62-9920-B754840FFEAA}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "TCP Query User{0394EB07-2BD2-4573-A549-1A010C43C48E}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
    "UDP Query User{9B668597-BE27-42BD-A0D2-33A227E942B6}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
    "TCP Query User{785981E8-7D87-42A6-8B26-DC21BAAEA13D}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
    "UDP Query User{18721E67-5D0A-4D70-BD2A-32AA450CBACF}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
    "{2B8000E8-CC54-4EEB-987D-793FCF457620}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
    "{F63A325C-ACD7-41F0-A5BE-BDA9ED904A43}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{D0FF01FF-F192-4DFA-9EE9-E95621EA508A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{0D3F22C5-E33C-4113-90EC-62163FDE8339}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{A8980747-8B94-44E7-AA25-78747AA10376}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-04-05 111184]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-11-21 21:37:24 61424]
    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-04-05 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-02-03 51792]
    R3 BENDER;Pinnacle DV/AV Capture;c:\windows\System32\drivers\bender.sys [2006-11-21 203264]
    R3 ctxS51;Creatix V.9X DSP Data Fax Modem;c:\windows\System32\drivers\ctxS51.sys [2006-05-01 1903646]
    R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [2008-12-04 43520]
    S3 WEBNTACCESS;WEBNTACCESS;c:\windows\System32\Ntaccess.sys [2008-04-13 17920]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
    %SystemRoot%\system32\soundschemes.exe /AddRegistration

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
    %SystemRoot%\system32\soundschemes2.exe /AddRegistration
    .
    'Ajoitetut tehtävät'-kansion sisältö

    2009-02-03 c:\windows\Tasks\User_Feed_Synchronization-{6DDDB379-C441-4F13-A305-B41C202D29A1}.job
    - c:\windows\system32\msfeedssync.exe [2009-01-15 12:01]
    .
    .
    ------- Täydentävä tarkistus -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} - hxxp://www.cyberlink.com/prog/vista/prog/CLVistaGenie.cab
    FF - ProfilePath - c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\3tokuz8a.default\
    FF - plugin: c:\program files\Mozilla Firefox 3 Beta 2\plugins\np-mswmp.dll
    FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
    FF - plugin: c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\3tokuz8a.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-03 20:13:41
    Windows 6.0.6001 Service Pack 1 NTFS

    tarkistaa piilotettuja prosesseja ...

    tarkistaa piilotettuja käynnistysarvoja ...

    tarkistaa piilotettuja tiedostoja ...

    tarkistus on valmis
    piilotetut tiedostot: 0

    **************************************************************************
    .
    Valmistumisajankohta: 2009-02-03 20:16:21
    ComboFix-quarantined-files.txt 2009-02-03 18:16:14
    ComboFix2.txt 2009-02-03 15:05:21

    Ennen ajoa: 95 371 145 216 tavua vapaana
    Ajon jälkeen: 95,338,213,376 tavua vapaana

    278 --- E O F --- 2009-02-02 16:27:08
     
  17. Hujo

    Hujo Guest

    Kirjoita suorita luukkuun

    ComboFix /u

    Klikkaa OK

    ============

    Lataa OTMoveIt
    OTMoveIt ja tallenna se työpöydällesi.

    Tuplaklikkaa OTMoveIt.exe.
    Klikkaa CleanUp!.
    Valitse Yes kun kysytään "Begin cleanup Process?".
    Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

    HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.
     
  18. tju1

    tju1 Regular member

    Liittynyt:
    13.02.2006
    Viestejä:
    118
    Kiitokset:
    0
    Pisteet:
    26
    eipä näyttänyt lähtevän vieläkään.

    KASPERSKY ONLINE SCANNER 7 REPORT
    Wednesday, February 4, 2009
    Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Tuesday, February 03, 2009 19:47:19
    Records in database: 1741020


    Scan settings
    Scan using the following database extended
    Scan archives yes
    Scan mail databases yes

    Scan area My Computer
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\

    Scan statistics
    Files scanned 119741
    Threat name 1
    Infected objects 1
    Suspicious objects 0
    Duration of the scan 02:37:32

    File name Threat name Threats count
    C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BH23PKX9\ASENNA_NEWS_TO_SCREEN_(FM)[1].0XE Infected: Backdoor.Win32.Small.gii 1

    The selected area was scanned.
     

Jaa tämä sivu