Kaverin koneessa viruksia? virheitä herjaa ja nettii pääsee enää vikasietotilassa. HJT loki on

Elisan tietoturva kummittelee jostain syystä vielä koneella. Virheitä tulee: FSAV, FSAV handler, FSM32.exe osaa ei löydy uudelleen asennus voi korjata virheen.News service virhe, F-secure PEX start-up wizard. Kehoittaa sulkemaan edellä mainitut. Vikasietotilassa vain pääsy nettiin.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:07, on 13.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Toimittaja Elisa Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\mwsoemon.exe.vir (User 'SYSTEM')
O4 - .DEFAULT Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\mwsoemon.exe.vir (User 'Default user')
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\mwsoemon.exe.vir
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZC
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Palvelut - {0E0F61E2-11DB-48E3-AF6C-F6A37682D507} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {840ADF52-05A0-47DE-84ED-0B3421AB0DA7} - http://tuki.elisa.net/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {C57C6B5C-FA3A-4000-B359-D3010C65F64D} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8418 bytes

 

Oho näyttää siellä muutakin olevan

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - S-1-5-18 Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\mwsoemon.exe.vir (User 'SYSTEM')
O4 - .DEFAULT Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\mwsoemon.exe.vir (User 'Default user')
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\mwsoemon.exe.vir
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZC
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE


Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
työpöydällesi.

@echo off
sc stop FSMA
sc delete FSMA
sc stop FSDFWD
sc delete FSDFWD
sc stop ”F-Secure Gatekeeper Handler Starter”
sc delete ”F-Secure Gatekeeper Handler Starter”

Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.

===========

Poista lisää poista sovelutuksesta

MyWebSearch

===========

Poista vikasiedossa kansio

C:\Program Files\Elisa Tietoturvapalvelu
C:\Program Files\MyWebSearch

==============

• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta postiisi

 

Ei anna poistaa vikasiedossa tuota elisan tietoturva kansiota. Ilmoittaa: Fpshx.dll:käyttö estetty

Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9 - Suomi
Agere Systems AC'97 Modem
avast! Antivirus
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix-korjauspäivitys Windows Media Player 11:lle (KB939683)
Hotfix-päivitys Windows Internet Explorer 7:lle (KB947864)
Hotfix-päivitys Windows XP:lle (KB914440)
HP Accessories Product Tour
HP BIOS Configuration for ProtectTools 1.00 C1
HP Deskjet 3900 series
HP Extended Capabilities 5.0
HP Help and Support
HP Image Zone Express
HP Imaging Device Functions 5.0
HP Photo Printing Software
HP ProtectTools Security Manager 1.00 C3
HP Share-to-Web
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
HP User Guides 0004
HP Wireless Assistant
Intel(R) Graphics Media Accelerator Driver for Mobile
MediaTickets by OIN
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Finnish Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mobile Partner
Päivitys Windows XP:lle (KB894391)
Päivitys Windows XP:lle (KB896727)
Päivitys Windows XP:lle (KB898461)
Päivitys Windows XP:lle (KB900485)
Päivitys Windows XP:lle (KB904942)
Päivitys Windows XP:lle (KB910437)
Päivitys Windows XP:lle (KB916595)
Päivitys Windows XP:lle (KB920872)
Päivitys Windows XP:lle (KB922582)
Päivitys Windows XP:lle (KB927891)
Päivitys Windows XP:lle (KB929338)
Päivitys Windows XP:lle (KB930916)
Päivitys Windows XP:lle (KB931836)
Päivitys Windows XP:lle (KB933360)
Päivitys Windows XP:lle (KB936357)
Päivitys Windows XP:lle (KB938828)
Päivitys Windows XP:lle (KB942763)
Quick Launch Buttons 5.10 A2
QuickTime 3.0
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Suojauspäivitys ohjelmistolle Windows XP (KB923689)
Suojauspäivitys ohjelmistolle Windows XP (KB941569)
Suojauspäivitys Windows Internet Explorer 7:lle (KB931768)
Suojauspäivitys Windows Internet Explorer 7:lle (KB933566)
Suojauspäivitys Windows Internet Explorer 7:lle (KB937143)
Suojauspäivitys Windows Internet Explorer 7:lle (KB938127)
Suojauspäivitys Windows Internet Explorer 7:lle (KB939653)
Suojauspäivitys Windows Internet Explorer 7:lle (KB942615)
Suojauspäivitys Windows Media Player 10:lle (KB911565)
Suojauspäivitys Windows Media Player 10:lle (KB917734)
Suojauspäivitys Windows Media Player 11:lle (KB936782)
Suojauspäivitys Windows Media Player 6.4:lle (KB925398)
Suojauspäivitys Windows Media Playerille (KB911564)
Suojauspäivitys Windows XP:lle (KB890046)
Suojauspäivitys Windows XP:lle (KB893066)
Suojauspäivitys Windows XP:lle (KB893756)
Suojauspäivitys Windows XP:lle (KB896358)
Suojauspäivitys Windows XP:lle (KB896422)
Suojauspäivitys Windows XP:lle (KB896423)
Suojauspäivitys Windows XP:lle (KB896424)
Suojauspäivitys Windows XP:lle (KB896428)
Suojauspäivitys Windows XP:lle (KB896688)
Suojauspäivitys Windows XP:lle (KB899587)
Suojauspäivitys Windows XP:lle (KB899588)
Suojauspäivitys Windows XP:lle (KB899591)
Suojauspäivitys Windows XP:lle (KB900725)
Suojauspäivitys Windows XP:lle (KB901017)
Suojauspäivitys Windows XP:lle (KB901214)
Suojauspäivitys Windows XP:lle (KB902400)
Suojauspäivitys Windows XP:lle (KB904706)
Suojauspäivitys Windows XP:lle (KB905414)
Suojauspäivitys Windows XP:lle (KB905749)
Suojauspäivitys Windows XP:lle (KB905915)
Suojauspäivitys Windows XP:lle (KB908519)
Suojauspäivitys Windows XP:lle (KB908531)
Suojauspäivitys Windows XP:lle (KB911280)
Suojauspäivitys Windows XP:lle (KB911562)
Suojauspäivitys Windows XP:lle (KB911567)
Suojauspäivitys Windows XP:lle (KB911927)
Suojauspäivitys Windows XP:lle (KB912812)
Suojauspäivitys Windows XP:lle (KB912919)
Suojauspäivitys Windows XP:lle (KB913446)
Suojauspäivitys Windows XP:lle (KB913580)
Suojauspäivitys Windows XP:lle (KB914388)
Suojauspäivitys Windows XP:lle (KB914389)
Suojauspäivitys Windows XP:lle (KB916281)
Suojauspäivitys Windows XP:lle (KB917159)
Suojauspäivitys Windows XP:lle (KB917344)
Suojauspäivitys Windows XP:lle (KB917422)
Suojauspäivitys Windows XP:lle (KB917953)
Suojauspäivitys Windows XP:lle (KB918118)
Suojauspäivitys Windows XP:lle (KB918439)
Suojauspäivitys Windows XP:lle (KB918899)
Suojauspäivitys Windows XP:lle (KB919007)
Suojauspäivitys Windows XP:lle (KB920213)
Suojauspäivitys Windows XP:lle (KB920214)
Suojauspäivitys Windows XP:lle (KB920670)
Suojauspäivitys Windows XP:lle (KB920683)
Suojauspäivitys Windows XP:lle (KB920685)
Suojauspäivitys Windows XP:lle (KB921398)
Suojauspäivitys Windows XP:lle (KB921503)
Suojauspäivitys Windows XP:lle (KB921883)
Suojauspäivitys Windows XP:lle (KB922616)
Suojauspäivitys Windows XP:lle (KB922760)
Suojauspäivitys Windows XP:lle (KB922819)
Suojauspäivitys Windows XP:lle (KB923191)
Suojauspäivitys Windows XP:lle (KB923414)
Suojauspäivitys Windows XP:lle (KB923694)
Suojauspäivitys Windows XP:lle (KB923980)
Suojauspäivitys Windows XP:lle (KB924191)
Suojauspäivitys Windows XP:lle (KB924270)
Suojauspäivitys Windows XP:lle (KB924496)
Suojauspäivitys Windows XP:lle (KB924667)
Suojauspäivitys Windows XP:lle (KB925454)
Suojauspäivitys Windows XP:lle (KB925486)
Suojauspäivitys Windows XP:lle (KB925902)
Suojauspäivitys Windows XP:lle (KB926255)
Suojauspäivitys Windows XP:lle (KB926436)
Suojauspäivitys Windows XP:lle (KB927779)
Suojauspäivitys Windows XP:lle (KB927802)
Suojauspäivitys Windows XP:lle (KB928090)
Suojauspäivitys Windows XP:lle (KB928255)
Suojauspäivitys Windows XP:lle (KB928843)
Suojauspäivitys Windows XP:lle (KB929123)
Suojauspäivitys Windows XP:lle (KB930178)
Suojauspäivitys Windows XP:lle (KB931261)
Suojauspäivitys Windows XP:lle (KB931768)
Suojauspäivitys Windows XP:lle (KB931784)
Suojauspäivitys Windows XP:lle (KB932168)
Suojauspäivitys Windows XP:lle (KB933729)
Suojauspäivitys Windows XP:lle (KB935839)
Suojauspäivitys Windows XP:lle (KB935840)
Suojauspäivitys Windows XP:lle (KB936021)
Suojauspäivitys Windows XP:lle (KB938829)
Suojauspäivitys Windows XP:lle (KB941202)
Suojauspäivitys Windows XP:lle (KB941568)
Suojauspäivitys Windows XP:lle (KB941644)
Suojauspäivitys Windows XP:lle (KB941693)
Suojauspäivitys Windows XP:lle (KB943055)
Suojauspäivitys Windows XP:lle (KB943460)
Suojauspäivitys Windows XP:lle (KB943485)
Suojauspäivitys Windows XP:lle (KB944653)
Suojauspäivitys Windows XP:lle (KB945553)
Suojauspäivitys Windows XP:lle (KB946026)
Suojauspäivitys Windows XP:lle (KB948590)
Suojauspäivitys Windows XP:lle (KB948881)
Sygate Personal Firewall
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Windows XP Hotfix - KB893086


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:46, on 14.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Toimittaja Elisa Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-21-3260327334-3533951850-3105525023-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Järjestelmänvalvoja')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Palvelut - {0E0F61E2-11DB-48E3-AF6C-F6A37682D507} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {840ADF52-05A0-47DE-84ED-0B3421AB0DA7} - http://tuki.elisa.net/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {C57C6B5C-FA3A-4000-B359-D3010C65F64D} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7090 bytes

 

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

==============

otas normaalissa tilassa uusi hjt:n loki

 

Löytyykö noista syytä miksi en pääse nettiin?


Malwarebytes' Anti-Malware 1.11
Tietokantaversio: 599

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 105412
Kulunut aika: 28 minute(s), 45 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:00, on 14.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Toimittaja Elisa Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Palvelut - {0E0F61E2-11DB-48E3-AF6C-F6A37682D507} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {840ADF52-05A0-47DE-84ED-0B3421AB0DA7} - http://tuki.elisa.net/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {C57C6B5C-FA3A-4000-B359-D3010C65F64D} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8119 bytes

 

niin eikö sillä pääse nettiin

Lataa Winsockfix
työpöydällesi
pura zip, Avaa Winsockfix paina Fix

===============

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

==============

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

==============

sammuta ja käynnistä anna mennä normaalille puolelle.

===============

sitten se voi olla että oot sygaten palomuurilla estänyt

 

voiko noi edellisessä viestissä mainitut tehdä vikasietotilassa? palomuurista olen selaimen hyväksynyt.

 

tee normaalissa tilassa tuo
Winsockfix

tää lähtee SDFix by AndyManchesta vikasiedosta ja sitten tulee
normalin tilaan

combofixn voi pyöräyttää vikasiedossa.

 

ComboFix 08-04-13.3 - Tuula 2008-04-14 12:30:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.67 [GMT 3:00]
Running from: C:\Documents and Settings\Tuula\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-03-14 to 2008-04-14 )))))))))))))))))
.

2008-04-14 10:57 . 2008-04-14 10:57 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-14 10:57 . 2008-04-14 10:57 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-14 08:16 . 2008-04-14 08:16 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Share-to-Web Upload Folder
2008-04-13 23:20 . 2008-04-13 23:20 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-04-13 21:26 . 2008-04-14 08:18 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-04-13 21:26 . 2008-04-14 08:18 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Symantec
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Sonic
2008-04-13 21:26 . 2008-04-13 21:26 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja
2008-04-13 20:10 . 2008-04-13 20:10 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-04-13 20:09 . 2008-04-13 20:09 <KANSIO> d-------- C:\Documents and Settings\Tuula\backups
2008-04-13 20:09 . 2008-04-13 20:09 <KANSIO> d-------- C:\Documents and Settings\Tuula\backupreg
2008-04-13 20:09 . 2004-09-15 11:00 146,944 --a------ C:\Documents and Settings\Tuula\regedit.exe
2008-04-13 20:09 . 2004-09-15 11:00 28,160 --a------ C:\Documents and Settings\Tuula\findstr.exe
2008-04-13 20:09 . 2004-09-15 11:00 11,264 --a------ C:\Documents and Settings\Tuula\attrib.exe
2008-04-13 20:09 . 2004-09-15 11:00 9,216 --a------ C:\Documents and Settings\Tuula\find.exe
2008-04-13 19:27 . 2008-04-13 19:27 <KANSIO> d-------- C:\Program Files\Sygate
2008-04-13 19:27 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-04-13 19:27 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-04-13 19:27 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-04-13 19:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-04-13 19:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-04-13 19:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-04-13 19:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-04-13 19:26 . 2008-04-13 19:26 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-13 19:25 . 2008-03-29 20:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-04-13 19:25 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-04-13 19:25 . 2008-03-29 20:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-04-13 19:25 . 2008-03-29 20:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-13 19:25 . 2008-01-17 18:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-13 19:25 . 2008-03-29 20:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-13 19:25 . 2008-03-29 20:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-13 19:25 . 2008-03-29 20:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-13 19:25 . 2008-03-29 20:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-13 19:25 . 2008-03-29 20:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-13 19:24 . 2008-04-13 19:24 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-04-13 00:17 . 2008-04-13 00:17 <KANSIO> d-------- C:\Documents and Settings\Tuula\Application Data\Malwarebytes
2008-04-13 00:03 . 2004-09-14 16:07 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-13 00:03 . 2004-09-14 16:07 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-04-12 23:56 . 2008-04-13 16:59 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-12 23:54 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-04-12 23:54 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-04-12 23:54 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-04-12 23:54 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-04-12 23:54 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-04-12 21:53 . 2004-09-14 16:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-12 21:53 . 2004-09-14 16:11 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 16:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-13 16:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,504 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-05 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-03-01 15:31 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:56 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:38 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:38 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-06-05 11:36 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2005-12-14 09:57 17,144 -c--a-w C:\Documents and Settings\Tuula\Application Data\GDIPFONTCACHEV1.DAT
2004-09-15 08:00 94,800 -csh--w C:\WINDOWS\twain.dll
2004-09-15 08:00 50,688 -csh--w C:\WINDOWS\twain_32.dll
2004-09-15 08:00 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-09-15 08:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-09-15 08:00 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-09-15 08:00 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2007-12-04 18:41 550,912 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-09-15 08:00 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-09-15 08:00 12,288 --sh--w C:\WINDOWS\system32\regsvr32.exe
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 11:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:40 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-21 15:16 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-21 15:11 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 14:20 88363 C:\WINDOWS\AGRSMMSG.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-04-27 05:33 122941]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 14:50 729178]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-09-07 16:28 213054]
"hpWirelessAssistant"="C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 17:23 790528]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [ ]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 10:11 57344]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 20:37 79224]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 11:00 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 12:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
--a------ 2005-10-26 04:51 122929 C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]
--a------ 2005-09-21 17:56 372736 C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
--a------ 2005-07-18 17:51 700416 C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
--a------ 2005-05-31 15:45 356352 C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 18:04]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 20:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20:35]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 18:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSgk.sys [2007-05-31 17:21]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSrec.sys [2004-06-01 12:03]
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 19:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d5d9a74-c296-11dc-91e6-001438174389}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2759e66-8b91-11dc-91b4-001438174389}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2759e69-8b91-11dc-91b4-001438174389}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2759e6a-8b91-11dc-91b4-001438174389}]
\Shell\AutoRun\command - E:\AutoRun.exe

.
'Ajoitetut tehtävät'-kansion sisältö
"2007-11-05 10:54:12 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ELISAT~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ELISAT~1\ANTI-V~1\report.txt
"2008-04-13 16:26:36 C:\WINDOWS\Tasks\WebReg Deskjet 3900 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 12:34:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????9?5?1?8??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-04-14 12:36:47
ComboFix-quarantined-files.txt 2008-04-14 09:36:37

Pre-Run: 26,697,449,472 tavua vapaana
Post-Run: 26,688,360,448 tavua vapaana
.
2008-04-12 14:07:29 --- E O F ---



SDFix: Version 1.170
Run by Tuula on ma 14.04.2008 at 12:44

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\Tuula\TYPYT~1\SDFix\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 12:54:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\DOCUME~1\Tuula\TYPYT~1\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 15 Sep 2004 94,800 ..SH. --- "C:\WINDOWS\twain.dll"
Wed 15 Sep 2004 50,688 ..SH. --- "C:\WINDOWS\twain_32.dll"
Wed 15 Sep 2004 1,028,096 ..SH. --- "C:\WINDOWS\system32\mfc42.dll"
Wed 15 Sep 2004 54,784 ..SH. --- "C:\WINDOWS\system32\msvcirt.dll"
Wed 15 Sep 2004 413,696 ..SH. --- "C:\WINDOWS\system32\msvcp60.dll"
Wed 15 Sep 2004 343,040 ..SH. --- "C:\WINDOWS\system32\msvcrt.dll"
Tue 4 Dec 2007 550,912 ..SH. --- "C:\WINDOWS\system32\oleaut32.dll"
Wed 15 Sep 2004 83,456 ..SH. --- "C:\WINDOWS\system32\olepro32.dll"
Wed 15 Sep 2004 12,288 ..SH. --- "C:\WINDOWS\system32\regsvr32.exe"
Fri 17 Feb 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 29 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 12 Apr 2008 8,161,400 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\65c2e436f9d7efd0bb1d2fcc20c6d135\BIT3E.tmp"
Tue 4 Mar 2008 868,472 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9b1c0bb0cb3f202b7cd363de766ff4cf\BIT32.tmp"
Fri 17 Feb 2006 4,348 ...H. --- "C:\Documents and Settings\Tuula\Omat tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv1key.bak"
Fri 17 Feb 2006 20 A..H. --- "C:\Documents and Settings\Tuula\Omat tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv1lic.bak"
Fri 17 Feb 2006 312 A.SH. --- "C:\Documents and Settings\Tuula\Omat tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv2key.bak"
Sat 5 Apr 2008 1,857,830 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ca09a40446bfa4820f9618454c85bbf1\download\BIT3E.tmp"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:01:14, on 14.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Palvelut - {0E0F61E2-11DB-48E3-AF6C-F6A37682D507} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {840ADF52-05A0-47DE-84ED-0B3421AB0DA7} - http://tuki.elisa.net/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {C57C6B5C-FA3A-4000-B359-D3010C65F64D} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8031 bytes

 

siis nettiin ei pääse IE:llä eikä Firefoxilla, mutta messenger kirjautuu kyllä. Sygatesta katselin mutta siellä selaimet pitäis mennä suoraan ja mesen yheydelle kysy luvan. Vikasietotilasta kyllä aukeaa netti.

 

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

 

kopioi/liitä quoteboxin sisältö sinne

Mistä löydän ton quoteboxin?

 

se on tuon lainauksen sisällä oleva

Poista lisää poista sovelutuksesta

MediaTickets by OIN

 

ComboFix 08-04-13.3 - Tuula 2008-04-14 14:22:12.2 - NTFSx86
Running from: C:\Documents and Settings\Tuula\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tuula\Ty”p”yt„\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-03-14 to 2008-04-14 )))))))))))))))))
.

2008-04-14 13:53 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-14 13:52 . 2008-04-14 13:53 <KANSIO> d-------- C:\Program Files\Java
2008-04-14 13:52 . 2008-04-14 13:52 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-04-14 13:35 . 2008-04-14 13:35 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Talkback
2008-04-14 10:57 . 2008-04-14 10:57 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-14 10:57 . 2008-04-14 10:57 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-14 08:16 . 2008-04-14 08:16 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Share-to-Web Upload Folder
2008-04-13 23:20 . 2008-04-13 23:20 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-04-13 21:26 . 2008-04-14 08:18 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-04-13 21:26 . 2008-04-14 08:18 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Symantec
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Sonic
2008-04-13 21:26 . 2008-04-13 21:26 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja
2008-04-13 20:10 . 2008-04-13 20:10 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-04-13 20:09 . 2008-04-13 20:09 <KANSIO> d-------- C:\Documents and Settings\Tuula\backups
2008-04-13 20:09 . 2008-04-13 20:09 <KANSIO> d-------- C:\Documents and Settings\Tuula\backupreg
2008-04-13 20:09 . 2004-09-15 11:00 146,944 --a------ C:\Documents and Settings\Tuula\regedit.exe
2008-04-13 20:09 . 2004-09-15 11:00 28,160 --a------ C:\Documents and Settings\Tuula\findstr.exe
2008-04-13 20:09 . 2004-09-15 11:00 11,264 --a------ C:\Documents and Settings\Tuula\attrib.exe
2008-04-13 20:09 . 2004-09-15 11:00 9,216 --a------ C:\Documents and Settings\Tuula\find.exe
2008-04-13 19:27 . 2008-04-13 19:27 <KANSIO> d-------- C:\Program Files\Sygate
2008-04-13 19:27 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-04-13 19:27 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-04-13 19:27 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-04-13 19:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-04-13 19:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-04-13 19:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-04-13 19:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-04-13 19:26 . 2008-04-13 19:26 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-13 19:25 . 2008-03-29 20:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-04-13 19:25 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-04-13 19:25 . 2008-03-29 20:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-04-13 19:25 . 2008-03-29 20:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-13 19:25 . 2008-01-17 18:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-13 19:25 . 2008-03-29 20:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-13 19:25 . 2008-03-29 20:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-13 19:25 . 2008-03-29 20:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-13 19:25 . 2008-03-29 20:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-13 19:25 . 2008-03-29 20:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-13 19:24 . 2008-04-13 19:24 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-04-13 00:17 . 2008-04-13 00:17 <KANSIO> d-------- C:\Documents and Settings\Tuula\Application Data\Malwarebytes
2008-04-13 00:03 . 2004-09-14 16:07 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-13 00:03 . 2004-09-14 16:07 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-04-12 23:56 . 2008-04-13 16:59 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-12 23:54 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-04-12 23:54 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-04-12 23:54 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-04-12 23:54 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-04-12 23:54 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-04-12 21:53 . 2004-09-14 16:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-12 21:53 . 2004-09-14 16:11 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 16:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-13 16:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-05 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2006-06-05 11:36 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2005-12-14 09:57 17,144 -c--a-w C:\Documents and Settings\Tuula\Application Data\GDIPFONTCACHEV1.DAT
2004-09-15 08:00 94,800 -csh--w C:\WINDOWS\twain.dll
2004-09-15 08:00 50,688 -csh--w C:\WINDOWS\twain_32.dll
2004-09-15 08:00 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-09-15 08:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-09-15 08:00 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-09-15 08:00 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2007-12-04 18:41 550,912 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-09-15 08:00 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-09-15 08:00 12,288 --sh--w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-14_12.36.22,42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 09:26:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 09:50:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-13 17:52:19 3,104,768 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-04-14 09:42:19 3,121,152 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-04-13 17:52:20 143,360 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-14 09:42:19 143,360 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-14 10:35:25 1,762 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\pluginreg.dat
+ 2008-04-14 10:35:23 151,712 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\akhifxst.default\compreg.dat
+ 2008-04-14 10:35:22 95,324 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\akhifxst.default\xpti.dat
- 2006-01-29 15:33:33 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-14 10:35:23 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-14 10:18:46 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2008-04-14 10:18:47 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- 2006-01-29 15:33:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
+ 2008-04-14 10:35:23 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
+ 2008-04-14 10:12:11 78,924 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
- 2006-01-29 15:33:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-14 10:35:23 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-21 22:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-21 22:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-21 23:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-04-14 09:51:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4c8.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 11:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:40 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-21 15:16 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-21 15:11 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 14:20 88363 C:\WINDOWS\AGRSMMSG.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-04-27 05:33 122941]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 14:50 729178]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-09-07 16:28 213054]
"hpWirelessAssistant"="C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 17:23 790528]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [ ]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 10:11 57344]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 20:37 79224]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 11:00 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 12:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
--a------ 2005-10-26 04:51 122929 C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]
--a------ 2005-09-21 17:56 372736 C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
--a------ 2005-07-18 17:51 700416 C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
--a------ 2005-05-31 15:45 356352 C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 18:04]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 20:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20:35]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 18:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSgk.sys [2007-05-31 17:21]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSrec.sys [2004-06-01 12:03]
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 19:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d5d9a74-c296-11dc-91e6-001438174389}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2759e66-8b91-11dc-91b4-001438174389}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2759e69-8b91-11dc-91b4-001438174389}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2759e6a-8b91-11dc-91b4-001438174389}]
\Shell\AutoRun\command - E:\AutoRun.exe

.
'Ajoitetut tehtävät'-kansion sisältö
"2007-11-05 10:54:12 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ELISAT~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ELISAT~1\ANTI-V~1\report.txt
"2008-04-13 16:26:36 C:\WINDOWS\Tasks\WebReg Deskjet 3900 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 14:25:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????9?5?1?8??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-04-14 14:27:06
ComboFix-quarantined-files.txt 2008-04-14 11:26:58
ComboFix2.txt 2008-04-14 09:36:48

Pre-Run: 26,587,054,080 tavua vapaana
Post-Run: 26,589,462,528 tavua vapaana
.
2008-04-12 14:07:29 --- E O F ---

 

Poista tuo lisää poista sovelutuksesta

MediaTickets By OIN

ajas kaksi ohjelmaa

tuossa eka

Nortonin poistotyökalu

Toinen

F-securen tuoteen poistaminen

 

tein edellisten ohjeiden mukaan ja nyt pääsee selaimellakin nettiin. Tarkistetaanko vielä jotain?

 

ota ja scannaa uusi combofix

 

Tässä uusi combofix. Mitä tarkoittaa toi punainen teksti? WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!




ComboFix 08-04-13.3 - Tuula 2008-04-14 15:07:43.3 - NTFSx86
Running from: C:\Documents and Settings\Tuula\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-03-14 to 2008-04-14 )))))))))))))))))
.

2008-04-14 13:53 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-14 13:52 . 2008-04-14 13:53 <KANSIO> d-------- C:\Program Files\Java
2008-04-14 13:52 . 2008-04-14 13:52 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-04-14 13:35 . 2008-04-14 13:35 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Talkback
2008-04-14 10:57 . 2008-04-14 10:57 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-14 10:57 . 2008-04-14 10:57 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-14 08:16 . 2008-04-14 08:16 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Share-to-Web Upload Folder
2008-04-13 23:20 . 2008-04-13 23:20 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-04-13 21:26 . 2008-04-14 08:18 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-04-13 21:26 . 2008-04-14 08:18 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Symantec
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Sonic
2008-04-13 21:26 . 2008-04-13 21:26 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja
2008-04-13 20:10 . 2008-04-13 20:10 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-04-13 20:09 . 2008-04-13 20:09 <KANSIO> d-------- C:\Documents and Settings\Tuula\backups
2008-04-13 20:09 . 2008-04-13 20:09 <KANSIO> d-------- C:\Documents and Settings\Tuula\backupreg
2008-04-13 20:09 . 2004-09-15 11:00 146,944 --a------ C:\Documents and Settings\Tuula\regedit.exe
2008-04-13 20:09 . 2004-09-15 11:00 28,160 --a------ C:\Documents and Settings\Tuula\findstr.exe
2008-04-13 20:09 . 2004-09-15 11:00 11,264 --a------ C:\Documents and Settings\Tuula\attrib.exe
2008-04-13 20:09 . 2004-09-15 11:00 9,216 --a------ C:\Documents and Settings\Tuula\find.exe
2008-04-13 19:27 . 2008-04-13 19:27 <KANSIO> d-------- C:\Program Files\Sygate
2008-04-13 19:27 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-04-13 19:27 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-04-13 19:27 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-04-13 19:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-04-13 19:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-04-13 19:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-04-13 19:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-04-13 19:26 . 2008-04-13 19:26 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-13 19:25 . 2008-03-29 20:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-04-13 19:25 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-04-13 19:25 . 2008-03-29 20:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-04-13 19:25 . 2008-03-29 20:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-13 19:25 . 2008-01-17 18:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-13 19:25 . 2008-03-29 20:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-13 19:25 . 2008-03-29 20:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-13 19:25 . 2008-03-29 20:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-13 19:25 . 2008-03-29 20:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-13 19:25 . 2008-03-29 20:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-13 19:24 . 2008-04-13 19:24 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-04-13 00:17 . 2008-04-13 00:17 <KANSIO> d-------- C:\Documents and Settings\Tuula\Application Data\Malwarebytes
2008-04-13 00:03 . 2004-09-14 16:07 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-13 00:03 . 2004-09-14 16:07 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-04-12 23:56 . 2008-04-13 16:59 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-12 23:54 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-04-12 23:54 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-04-12 23:54 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-04-12 23:54 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-04-12 23:54 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-04-12 21:53 . 2004-09-14 16:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-12 21:53 . 2004-09-14 16:11 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 16:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,504 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-05 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-03-01 15:31 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:56 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:38 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:38 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-06-05 11:36 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2005-12-14 09:57 17,144 -c--a-w C:\Documents and Settings\Tuula\Application Data\GDIPFONTCACHEV1.DAT
2004-09-15 08:00 94,800 -csh--w C:\WINDOWS\twain.dll
2004-09-15 08:00 50,688 -csh--w C:\WINDOWS\twain_32.dll
2004-09-15 08:00 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-09-15 08:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-09-15 08:00 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-09-15 08:00 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2007-12-04 18:41 550,912 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-09-15 08:00 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-09-15 08:00 12,288 --sh--w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-14_12.36.22,42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 09:26:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 11:48:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-13 17:52:19 3,104,768 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-04-14 09:42:19 3,121,152 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-04-13 17:52:20 143,360 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-14 09:42:19 143,360 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-14 10:35:25 1,762 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\pluginreg.dat
+ 2008-04-14 10:35:23 151,712 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\akhifxst.default\compreg.dat
+ 2008-04-14 10:35:22 95,324 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\akhifxst.default\xpti.dat
- 2006-01-29 15:33:33 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-14 10:35:23 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-14 10:18:46 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2008-04-14 10:18:47 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- 2006-01-29 15:33:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
+ 2008-04-14 10:35:23 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
+ 2008-04-14 10:12:11 78,924 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
- 2006-01-29 15:33:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-14 10:35:23 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-21 22:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-21 22:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-21 23:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-04-14 11:48:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_690.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 11:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:40 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-21 15:16 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-21 15:11 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 14:20 88363 C:\WINDOWS\AGRSMMSG.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-04-27 05:33 122941]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 14:50 729178]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-09-07 16:28 213054]
"hpWirelessAssistant"="C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 17:23 790528]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [ ]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 10:11 57344]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 20:37 79224]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 11:00 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 12:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 20:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20:35]
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 19:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d5d9a74-c296-11dc-91e6-001438174389}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2759e66-8b91-11dc-91b4-001438174389}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2759e69-8b91-11dc-91b4-001438174389}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2759e6a-8b91-11dc-91b4-001438174389}]
\Shell\AutoRun\command - E:\AutoRun.exe

.
'Ajoitetut tehtävät'-kansion sisältö
"2007-11-05 10:54:12 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ELISAT~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ELISAT~1\ANTI-V~1\report.txt
"2008-04-13 16:26:36 C:\WINDOWS\Tasks\WebReg Deskjet 3900 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 15:11:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe??????????b????|?????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-04-14 15:13:01
ComboFix-quarantined-files.txt 2008-04-14 12:12:50
ComboFix2.txt 2008-04-14 11:27:07
ComboFix3.txt 2008-04-14 09:36:48

Pre-Run: 26,840,735,744 tavua vapaana
Post-Run: 26,833,448,960 tavua vapaana
.
2008-04-12 14:07:29 --- E O F ---

 

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

 

ComboFix 08-04-13.3 - Tuula 2008-04-14 19:47:21.4 - NTFSx86
Running from: C:\Documents and Settings\Tuula\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tuula\Ty”p”yt„\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-03-14 to 2008-04-14 )))))))))))))))))
.

2008-04-14 13:53 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-14 13:52 . 2008-04-14 13:53 <KANSIO> d-------- C:\Program Files\Java
2008-04-14 13:52 . 2008-04-14 13:52 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-04-14 13:35 . 2008-04-14 13:35 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Talkback
2008-04-14 10:57 . 2008-04-14 10:57 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-14 10:57 . 2008-04-14 10:57 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-14 08:16 . 2008-04-14 08:16 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Share-to-Web Upload Folder
2008-04-13 23:20 . 2008-04-13 23:20 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-04-13 21:26 . 2008-04-14 08:18 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-04-13 21:26 . 2008-04-14 08:18 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Symantec
2008-04-13 21:26 . 2005-10-01 00:40 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Sonic
2008-04-13 21:26 . 2008-04-13 21:26 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja
2008-04-13 20:10 . 2008-04-13 20:10 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-04-13 20:09 . 2008-04-13 20:09 <KANSIO> d-------- C:\Documents and Settings\Tuula\backups
2008-04-13 20:09 . 2008-04-13 20:09 <KANSIO> d-------- C:\Documents and Settings\Tuula\backupreg
2008-04-13 20:09 . 2004-09-15 11:00 146,944 --a------ C:\Documents and Settings\Tuula\regedit.exe
2008-04-13 20:09 . 2004-09-15 11:00 28,160 --a------ C:\Documents and Settings\Tuula\findstr.exe
2008-04-13 20:09 . 2004-09-15 11:00 11,264 --a------ C:\Documents and Settings\Tuula\attrib.exe
2008-04-13 20:09 . 2004-09-15 11:00 9,216 --a------ C:\Documents and Settings\Tuula\find.exe
2008-04-13 19:27 . 2008-04-13 19:27 <KANSIO> d-------- C:\Program Files\Sygate
2008-04-13 19:27 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-04-13 19:27 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-04-13 19:27 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-04-13 19:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-04-13 19:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-04-13 19:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-04-13 19:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-04-13 19:26 . 2008-04-13 19:26 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-13 19:25 . 2008-03-29 20:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-04-13 19:25 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-04-13 19:25 . 2008-03-29 20:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-04-13 19:25 . 2008-03-29 20:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-13 19:25 . 2008-01-17 18:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-13 19:25 . 2008-03-29 20:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-13 19:25 . 2008-03-29 20:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-13 19:25 . 2008-03-29 20:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-13 19:25 . 2008-03-29 20:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-13 19:25 . 2008-03-29 20:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-13 19:24 . 2008-04-13 19:24 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-04-13 00:17 . 2008-04-13 00:17 <KANSIO> d-------- C:\Documents and Settings\Tuula\Application Data\Malwarebytes
2008-04-13 00:03 . 2004-09-14 16:07 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-13 00:03 . 2004-09-14 16:07 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-04-12 23:56 . 2008-04-13 16:59 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-12 23:54 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-04-12 23:54 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-04-12 23:54 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-04-12 23:54 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-04-12 23:54 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-04-12 21:53 . 2004-09-14 16:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-12 21:53 . 2004-09-14 16:11 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 16:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,504 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-05 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-03-01 15:31 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:56 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:38 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:38 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-06-05 11:36 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2005-12-14 09:57 17,144 -c--a-w C:\Documents and Settings\Tuula\Application Data\GDIPFONTCACHEV1.DAT
2004-09-15 08:00 94,800 -csh--w C:\WINDOWS\twain.dll
2004-09-15 08:00 50,688 -csh--w C:\WINDOWS\twain_32.dll
2004-09-15 08:00 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-09-15 08:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-09-15 08:00 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-09-15 08:00 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2007-12-04 18:41 550,912 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-09-15 08:00 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-09-15 08:00 12,288 --sh--w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-14_12.36.22,42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 09:26:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 16:39:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-13 17:52:19 3,104,768 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-04-14 09:42:19 3,121,152 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-04-13 17:52:20 143,360 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-14 09:42:19 143,360 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-14 10:35:25 1,762 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\pluginreg.dat
+ 2008-04-14 10:35:23 151,712 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\akhifxst.default\compreg.dat
+ 2008-04-14 10:35:22 95,324 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\akhifxst.default\xpti.dat
- 2006-01-29 15:33:33 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-14 10:35:23 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-14 10:18:46 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2008-04-14 10:18:47 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- 2006-01-29 15:33:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
+ 2008-04-14 10:35:23 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
+ 2008-04-14 10:12:11 78,924 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
- 2006-01-29 15:33:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-14 10:35:23 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-21 22:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-21 22:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-21 23:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-04-14 16:39:16 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_650.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 11:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:40 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-21 15:16 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-21 15:11 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 14:20 88363 C:\WINDOWS\AGRSMMSG.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-04-27 05:33 122941]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 14:50 729178]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-09-07 16:28 213054]
"hpWirelessAssistant"="C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 17:23 790528]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [ ]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 10:11 57344]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 20:37 79224]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 11:00 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 12:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 20:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20:35]
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 19:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d5d9a74-c296-11dc-91e6-001438174389}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2759e66-8b91-11dc-91b4-001438174389}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2759e69-8b91-11dc-91b4-001438174389}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2759e6a-8b91-11dc-91b4-001438174389}]
\Shell\AutoRun\command - E:\AutoRun.exe

.
'Ajoitetut tehtävät'-kansion sisältö
"2007-11-05 10:54:12 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ELISAT~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ELISAT~1\ANTI-V~1\report.txt
"2008-04-13 16:26:36 C:\WINDOWS\Tasks\WebReg Deskjet 3900 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 19:50:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???????????????|?`???? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-04-14 19:51:42
ComboFix-quarantined-files.txt 2008-04-14 16:51:34
ComboFix2.txt 2008-04-14 12:13:02
ComboFix3.txt 2008-04-14 11:27:07
ComboFix4.txt 2008-04-14 09:36:48

Pre-Run: 26,822,643,712 tavua vapaana
Post-Run: 26,824,994,816 tavua vapaana
.
2008-04-12 14:07:29 --- E O F ---