Winspyware pois?

Mitenkä saisin tuon winspywaren pois? Muutenkin voisi koneen kuntoa tarkistella. Kiitos!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:35:25, on 13.7.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\Adsl Software Ltd\WinSpywareProtect\Winspywareprotect.exe
C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D46BEAA4-A304-40B3-A9DA-EC7F7F501F25} - C:\Program Files\Web Technologies\iebt.dll (file missing)
O2 - BHO: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Internet Service - {65742936-8079-408B-9F3C-874B78030A72} - C:\Program Files\Web Technologies\iebr.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Tomppa\AppData\Local\Temp\mlJBUNEW.dll,#1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WinSpywareProtect] "C:\ProgramData\Adsl Software Ltd\WinSpywareProtect\Winspywareprotect.exe" /autorun
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Web Technologies\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Web Technologies\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolsite.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolsite.com/redirect.php (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 10739 bytes

 

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:57, on 15.7.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 8280 bytes

 

ComboFix 08-07-14.2 - Tomppa 2008-07-15 22:25:00.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.388 [GMT 3:00]
Running from: C:\Users\Tomppa\Desktop\ComboFix\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-06-15 to 2008-07-15 )))))))))))))))))))))))))))))))
.

2008-07-15 15:56 . 2008-07-15 15:56 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-07-15 15:56 . 2008-07-15 15:56 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-07-15 15:56 . 2008-07-15 15:56 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-15 15:56 . 2008-07-07 17:35 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-07-15 15:56 . 2008-07-07 17:35 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-13 15:39 . 2008-07-13 15:50 <KANSIO> d-------- C:\Users\All Users\Lavasoft
2008-07-13 15:39 . 2008-07-13 15:50 <KANSIO> d-------- C:\ProgramData\Lavasoft
2008-07-13 15:39 . 2008-07-13 15:39 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-07-13 15:38 . 2008-07-13 15:38 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-13 14:34 . 2008-07-13 14:34 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-07-12 11:39 . 2008-07-13 16:03 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-12 11:39 . 2008-07-13 16:03 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-12 11:39 . 2008-07-13 16:58 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-09 09:56 . 2008-04-26 11:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-09 09:56 . 2008-04-26 11:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-09 09:56 . 2008-04-26 11:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-07-09 09:56 . 2008-04-12 06:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-07-09 09:56 . 2008-05-10 06:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll
2008-07-09 09:56 . 2008-04-05 04:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-07-09 09:56 . 2008-04-05 06:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-07-09 09:53 . 2008-05-09 00:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-07-09 09:53 . 2008-05-09 00:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-07-09 09:53 . 2008-05-09 00:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-07-09 09:53 . 2008-05-09 00:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-07-09 09:53 . 2008-05-09 00:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-07-09 09:53 . 2008-05-09 00:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-07-09 09:53 . 2008-05-09 00:59 90,112 --a------ C:\Windows\System32\wshext.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 22:14 --------- d-----w C:\Program Files\Windows Mail
2008-07-11 17:07 --------- d-----w C:\Program Files\DC++
2008-06-08 07:19 --------- d-----w C:\Program Files\Yahoo!
2008-06-06 08:27 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-01 11:47 174 --sha-w C:\Program Files\desktop.ini
2008-06-01 11:35 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-01 11:35 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-01 11:35 --------- d-----w C:\Program Files\Windows Journal
2008-06-01 11:35 --------- d-----w C:\Program Files\Windows Defender
2008-06-01 11:35 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-01 11:35 --------- d-----w C:\Program Files\Windows Calendar
2008-06-01 10:56 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-01 10:56 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-25 14:31 --------- d-----w C:\ProgramData\Chat Republic Games
2008-05-23 17:19 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-05-23 17:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-23 17:18 --------- d-----w C:\Program Files\ArcSoft
2008-05-22 19:29 --------- d-----w C:\Program Files\Supaplex 3000
2008-05-19 15:28 --------- d-----w C:\ProgramData\SweetIM
2008-05-19 15:28 --------- d-----w C:\Program Files\SweetIM
2008-05-16 08:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-05-10 08:36 1,409 ----a-w C:\Windows\Fonts\MPRR____.FOT
2008-05-10 08:36 1,409 ----a-w C:\Windows\Fonts\MPLV____.FOT
2008-05-10 08:36 1,409 ----a-w C:\Windows\Fonts\MPLST___.FOT
2008-05-10 08:36 1,409 ----a-w C:\Windows\Fonts\MPLEV___.FOT
2008-05-10 08:36 1,409 ----a-w C:\Windows\Fonts\MPLED___.FOT
2008-05-10 08:36 1,409 ----a-w C:\Windows\Fonts\MPLC____.FOT
2008-05-10 08:35 1,409 ----a-w C:\Windows\Fonts\MPC_____.FOT
2008-05-10 08:35 1,409 ----a-w C:\Windows\Fonts\MPAJ____.FOT
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-03-15 10:47 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-15 10:47 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-15 10:47 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 10:33 1233920]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 17:16 171464]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-01-31 10:54 219952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-10-03 23:53 294136]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-25 23:42 171448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 10:33 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 10:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-16 07:56 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-11-28 07:34 134808]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 18:12 107112]
"SoundMan"="SOUNDMAN.EXE" [2007-03-09 17:28 598016 C:\Windows\SOUNDMAN.EXE]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe [2008-05-23 20:18:53 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7409501C-2A90-4CDC-918A-D0CEB32438D5}"= UDP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{192F9387-409A-45D0-88C0-7D70109F5909}"= TCP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{F3191FA2-6982-4EF8-B2C6-F78E3509DBC8}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{5BA01D08-829E-406F-99F4-7C919C6EB9D4}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"TCP Query User{804FEB13-C5F2-435A-A912-1D023C87DC10}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{72D066ED-4BC0-400F-BA93-8BFFAF254E7B}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{FEC84DB6-B3DF-47D3-A770-3EEE6516338A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{6367B73F-006F-46A1-8E59-8A374D535EF3}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exeCPlusPlus
"UDP Query User{0B147EA0-C5A4-42A6-BF20-10DB5EDA9F53}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exeCPlusPlus
"TCP Query User{1A68D1CE-3E38-4087-8D81-AE8842F262B4}C:\\program files\\b2bpoker\\pokerihuone\\jre\\bin\\javaw.exe"= UDP:C:\program files\b2bpoker\pokerihuone\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{6424CACF-B430-4659-A97C-DBC76A4A2A07}C:\\program files\\b2bpoker\\pokerihuone\\jre\\bin\\javaw.exe"= TCP:C:\program files\b2bpoker\pokerihuone\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"{85B466A8-6613-4783-9CF8-7A2AE567EBEF}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{F0BF7412-8A93-4899-B8AD-9F6D3558E4B8}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{9A53FD5A-842F-4691-AFE0-D3A593A5A0C2}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{E818D222-2BF0-4AB0-A545-D6E24E3231EB}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{8F5E1968-8657-44C7-B07D-12CBAF9B3973}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{1F6B8CE8-53BA-4D03-A8D0-184C499A28A4}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{BB136868-34A7-4185-8320-9D032D359F72}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{460A8F87-65E4-43CF-B06B-9D8039DCCF80}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{6B651DDD-9375-42C1-877E-55D11A21ADBE}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{11654D53-D0A3-4FC3-9D77-99CEBECFF329}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{1C10EBE0-C0DA-4AB0-B760-2CB86AB0EC87}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{F0408B6B-6B01-436E-A2BE-C4AD364A2E15}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{33C6EA68-2915-4714-8128-1BC2A766A484}C:\\program files\\dcplusplus\\dcplusplus.exe"= UDP:C:\program files\dcplusplus\dcplusplus.exeC++
"UDP Query User{BC46CD77-C440-47A2-9A60-D394DA3930FF}C:\\program files\\dcplusplus\\dcplusplus.exe"= TCP:C:\program files\dcplusplus\dcplusplus.exeC++
"TCP Query User{09131726-9ED5-4B4D-B8BA-66EB23568301}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{20AD51FF-15A4-4B93-B36E-1746C8BFFFDA}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{A70CFF1F-FD95-4A63-8601-25A75DA5A854}C:\\program files\\dcplusplus\\dcplusplus.exe"= UDP:C:\program files\dcplusplus\dcplusplus.exeC++
"UDP Query User{17D2E9C1-34D6-4EC3-95FB-AE572D8FA23B}C:\\program files\\dcplusplus\\dcplusplus.exe"= TCP:C:\program files\dcplusplus\dcplusplus.exeC++
"TCP Query User{A892193F-464A-46E8-99D4-3A5EF6F52B23}C:\\program files\\dcplusplus\\dc++\\dcplusplus.exe"= UDP:C:\program files\dcplusplus\dc++\dcplusplus.exeC++
"UDP Query User{33A87587-AF1C-49B1-8FB0-F213E949FE9B}C:\\program files\\dcplusplus\\dc++\\dcplusplus.exe"= TCP:C:\program files\dcplusplus\dc++\dcplusplus.exeC++
"TCP Query User{718716A1-FC6A-4965-9089-C850E387A7CF}C:\\program files\\dcplusplus\\dc++\\dcplusplus.exe"= UDP:C:\program files\dcplusplus\dc++\dcplusplus.exeC++
"UDP Query User{F42F1392-398B-4639-B12A-83132D544FE9}C:\\program files\\dcplusplus\\dc++\\dcplusplus.exe"= TCP:C:\program files\dcplusplus\dc++\dcplusplus.exeC++
"TCP Query User{C5037D87-A569-4266-912B-00FA42648951}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{77AE9082-1304-4B0E-9066-676678FF3A65}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{7D4E2E39-77CC-47CB-9676-B55A66FCD514}"= UDP:C:\Program Files\ArcSoft\TotalMedia 3\TotalMedia.exe:ArcSoft TotalMedia 3
"{BEDED642-D57D-4B29-84C6-0200A4B8D807}"= TCP:C:\Program Files\ArcSoft\TotalMedia 3\TotalMedia.exe:ArcSoft TotalMedia 3
"TCP Query User{3D882BCE-8B5C-4D9B-9711-34D2D915F664}C:\\programdata\\chat republic games\\chatrepublicplayer.exe"= UDP:C:\programdata\chat republic games\chatrepublicplayer.exe:Executable Install, Update, Uninstall
"UDP Query User{E952A5AF-5345-4204-A0BD-38E5099FEB0F}C:\\programdata\\chat republic games\\chatrepublicplayer.exe"= TCP:C:\programdata\chat republic games\chatrepublicplayer.exe:Executable Install, Update, Uninstall

R1 ATMhelpr;ATMhelpr;C:\Windows\system32\drivers\ATMhelpr.sys [1997-06-17 04:00]
R3 ip100Avista;IC Plus IP100A 10/100 Fast Ethernet Adapter NT Driver;C:\Windows\system32\DRIVERS\ipfnd51.sys [2007-09-04 10:24]
R3 WLIU2KG125S;BUFFALO WLI-U2-KG125S Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\usb8023.sys [2008-01-19 08:56]
S3 AF15BDA;AF9015 BDA Filter;C:\Windows\system32\DRIVERS\AF15BDA.sys [2008-04-10 17:17]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 10:30]
S3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;C:\Windows\system32\DRIVERS\ipfnd51.sys [2007-09-04 10:24]
S3 rt70x86;BUFFALO RT2500 USB Wireless Driver;C:\Windows\system32\DRIVERS\netr70.sys [2006-12-27 11:41]
S3 ULI526X;ULi M526X 10/100 Ethernet Controller Driver;C:\Windows\system32\DRIVERS\ULILAN32.SYS [2006-11-02 10:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c354de0-8f64-11dc-be01-806e6f6e6963}]
\shell\AutoRun\command - F:\setup.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 22:27:00
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\Tomppa\AppData\Local\Microsoft\Messenger\tuomovarpenius@hotmail.com\SharingMetadata\Working\database_1000_C427_C4_161E\$db_clean$ 0 bytes


**************************************************************************
.
Completion time: 2008-07-15 22:29:24
ComboFix-quarantined-files.txt 2008-07-15 19:28:16

Pre-Run: 57,260,773,376 tavua vapaana
Post-Run: 57,228,181,504 tavua vapaana

168 --- E O F --- 2008-07-11 22:15:13

 

Malwarebytesin logi vielä

 

Malwarebytes' Anti-Malware 1.20
Tietokantaversio: 951
Windows 6.0.6001 Service Pack 1

17:22:48 15.7.2008
mbam-log-7-15-2008 (17-22-47).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|)
Tarkistetut kohteet: 129923
Kulunut aika: 43 minute(s), 55 second(s)

Saastuneita muistiprosesseja: 1
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 10
Saastuneita rekisteriarvoja: 6
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 8
Saastuneita tiedostoja: 32

Saastuneita muistiprosesseja:
C:\ProgramData\Adsl Software Ltd\WinSpywareProtect\Winspywareprotect.exe (Rogue.Installer) -> Unloaded process successfully.

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{65742936-8079-408b-9f3c-874b78030a72} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d46beaa4-a304-40b3-a9da-ec7f7f501f25} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d46beaa4-a304-40b3-a9da-ec7f7f501f25} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Adsl Software Ltd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winspywareprotect (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{65742936-8079-408b-9f3c-874b78030a72} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{65742936-8079-408b-9f3c-874b78030a72} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
C:\Program Files\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\AAV (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
C:\ProgramData\Adsl Software Ltd\WinSpywareProtect\Winspywareprotect.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Tomppa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GF5PFSCE\setup_225_509_[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Tomppa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YNGLVH93\Install_225_509_[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Tomppa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YNGLVH93\setup_225_509_[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Tomppa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\II6HTEXR\setup_225_509_[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Tomppa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VYU0PNIL\setup_225_509_[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{4F0C15E4-7DC2-410C-BF9D-1A68FFF9EE53}\RP90\A0018066.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AAV\aav.cpl (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\AAV\aav.exe (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\AAV\aav.ooo (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\AAV\aav0.dat (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\AAV\aav1.dat (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080712113001795.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080712120303344.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080712161159117.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080713101348147.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080713142008708.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080713173126818.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080713195218092.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080714143750632.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080714205456748.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080714210355062.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080714210952275.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080714212012199.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080714212703340.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080715110054997.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080715143803157.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080715155150498.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Tomppa\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Tomppa\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Tomppa\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Tomppa\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.

 

Miltäs nyt kone tuntuu?

 

Kyllä se nyt toimii.. olihan tuolla tavaraa Kiitoksia!!