?Kone täynnä viruksia yms.?

ComboFix 08-06-07.3 - Maarit 2008-06-08 12:30:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1521 [GMT 3:00]
Running from: C:\Documents and Settings\Maarit\Työpöytä\ComboFix.exe
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\setup.exe
C:\WINDOWS\BM2314a76b.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\service.exe
C:\WINDOWS\system32\aauettye.ini
C:\WINDOWS\system32\awtuuSLc.dll
C:\WINDOWS\system32\eakaqcys.dll
C:\WINDOWS\system32\FLSAdfhk.ini
C:\WINDOWS\system32\FLSAdfhk.ini2
C:\WINDOWS\system32\hrjwysfd.ini
C:\WINDOWS\system32\kxgagbca.ini
C:\WINDOWS\system32\tuvuRIxV.dll
C:\WINDOWS\system32\unmxtmdt.ini
C:\WINDOWS\system32\urqPgeEw.dll
C:\WINDOWS\system32\vtUKArOi.dll
C:\WINDOWS\ups.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-08 to 2008-06-08 )))))))))))))))))
.

2008-06-08 00:10 . 2008-06-08 00:15      d--------   C:\Program Files\Windows Live
2008-06-07 18:55 . 2008-06-07 18:59      d--------   C:\WINDOWS\.silabclient_store_32
2008-06-07 10:35 . 2008-06-07 10:35      d--------   C:\Documents and Settings\Maarit\Application Data\Uniblue
2008-06-07 10:29 . 2008-06-08 00:07      d--------   C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-06 20:39 . 2008-06-06 20:39   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-06-06 20:39 . 2008-06-06 20:39   1,409   --a------   C:\WINDOWS\QTFont.for
2008-06-06 15:03 . 2008-06-06 20:39   49,156   --a------   C:\Documents and Settings\Maarit\sz.exe
2008-06-06 14:58 . 2008-06-06 20:46   49,156   --a------   C:\sz.exe
2008-06-06 14:56 . 2008-06-06 14:56   2,232   --a------   C:\sex2.exe
2008-06-06 14:55 . 2008-06-06 14:55   2,232   --a------   C:\sex22.exe
2008-05-30 22:48 . 2008-05-30 22:48      d--------   C:\Program Files\Trend Micro
2008-05-30 22:12 . 2008-05-30 22:12   60,132   --a------   C:\dcsi.exe
2008-05-30 20:59 . 2008-05-30 22:48   60,132   --a------   C:\dci.exe
2008-05-30 18:12 . 2008-05-30 18:12      d--------   C:\Program Files\ZyDAS Technology Corporation
2008-05-30 18:12 . 2006-08-24 13:44   477,696   --a------   C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-05-30 18:12 . 2004-01-14 11:25   81,920   --a------   C:\WINDOWS\system32\ZDPN50.DLL
2008-05-30 18:12 . 2005-03-18 15:35   31,744   --a------   C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-05-30 18:12 . 2005-06-08 18:44   29,184   --a------   C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-05-30 18:12 . 2004-03-23 16:38   28,672   --a------   C:\WINDOWS\system32\InsDrvZD.dll
2008-05-30 18:12 . 2003-03-14 12:24   24,576   --a------   C:\WINDOWS\system32\ZyDelReg.exe
2008-05-30 18:12 . 2005-06-08 18:44   20,608   --a------   C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-05-30 18:12 . 2004-10-25 13:40   17,664   --a------   C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-05-30 18:12 . 2004-01-14 11:30   17,151   --a------   C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-05-30 18:12 . 2005-07-12 14:44   15,872   --a------   C:\WINDOWS\system32\InsDrvZD64.DLL
2008-05-29 22:48 . 2008-05-29 22:48      d--------   C:\Documents and Settings\Maarit\Application Data\FLV Extract
2008-05-09 13:30 . 2008-05-09 13:30      d--------   C:\Documents and Settings\Maarit\Application Data\Atari
2008-05-09 13:16 . 2008-05-09 13:16      d--------   C:\Program Files\Common Files\PocketSoft
2008-05-09 13:16 . 2008-05-09 13:16      d--------   C:\Documents and Settings\Maarit\Application Data\Leadertech
2008-05-09 13:16 . 2002-02-27 18:50   197,120   --a------   C:\WINDOWS\patchw32.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 09:20   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 21:10   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-07 08:47   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\uTorrent
2008-06-06 22:13   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\LimeWire
2008-06-06 13:36   ---------   d-----w   C:\Program Files\McAfee
2008-05-30 20:28   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\mIRC
2008-05-30 15:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-30 15:12   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-06 11:55   22,328   ----a-w   C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-01 21:34   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2008-04-29 20:19   ---------   d-----w   C:\Program Files\MSXML 6.0
2008-04-28 13:52   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Publish Providers
2008-04-28 13:51   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Sony
2008-04-28 13:41   ---------   d-----w   C:\Program Files\Sony
2008-04-28 13:37   ---------   d-----w   C:\Program Files\Vstplugins
2008-04-28 13:37   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Sony
2008-04-28 13:01   ---------   d-----w   C:\Program Files\MSBuild
2008-04-28 12:59   ---------   d-----w   C:\Program Files\Reference Assemblies
2008-04-28 12:52   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Sony Setup
2008-04-09 09:55   ---------   d-----w   C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-03-14 21:30   352,256   ----a-w   C:\WINDOWS\eSellerateEngine.dll
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 10:05 217088]
"Windows svchost"="ups.exe" [2004-09-14 17:12 18432 C:\WINDOWS\system32\ups.exe]
"BM2314a76b"="C:\WINDOWS\system32\hsyihyun.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"E:\\mIRC\\mirc.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\AoE2\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"23002:TCP"= 23002:TCP:BitComet 23002 TCP
"23002:UDP"= 23002:UDP:BitComet 23002 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"25054:TCP"= 25054:TCP:BitComet 25054 TCP
"25054:UDP"= 25054:UDP:BitComet 25054 UDP
"26941:TCP"= 26941:TCP:BitComet 26941 TCP
"26941:UDP"= 26941:UDP:BitComet 26941 UDP
"8116:TCP"= 8116:TCP:BitComet 8116 TCP
"8116:UDP"= 8116:UDP:BitComet 8116 UDP
"16695:TCP"= 16695:TCP:BitComet 16695 TCP
"16695:UDP"= 16695:UDP:BitComet 16695 UDP
"21915:TCP"= 21915:TCP:BitComet 21915 TCP
"21915:UDP"= 21915:UDP:BitComet 21915 UDP
"19569:TCP"= 19569:TCP:BitComet 19569 TCP
"19569:UDP"= 19569:UDP:BitComet 19569 UDP
"18330:TCP"= 18330:TCP:BitComet 18330 TCP
"18330:UDP"= 18330:UDP:BitComet 18330 UDP
"16413:TCP"= 16413:TCP:BitComet 16413 TCP
"16413:UDP"= 16413:UDP:BitComet 16413 UDP
"24682:TCP"= 24682:TCP:BitComet 24682 TCP
"24682:UDP"= 24682:UDP:BitComet 24682 UDP
"22552:TCP"= 22552:TCP:BitComet 22552 TCP
"22552:UDP"= 22552:UDP:BitComet 22552 UDP
"23893:TCP"= 23893:TCP:BitComet 23893 TCP
"23893:UDP"= 23893:UDP:BitComet 23893 UDP
"19507:TCP"= 19507:TCP:BitComet 19507 TCP
"19507:UDP"= 19507:UDP:BitComet 19507 UDP
"10568:TCP"= 10568:TCP:BitComet 10568 TCP
"10568:UDP"= 10568:UDP:BitComet 10568 UDP

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys []

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-03-02 12:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-02 12:30:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 12:33:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-06-08 12:36:15 - machine was rebooted [Maarit]
ComboFix-quarantined-files.txt 2008-06-08 09:36:11

Pre-Run: 144,333,975,552 tavua vapaana
Post-Run: 144,262,180,864 tavua vapaana

210   --- E O F ---   2008-05-30 15:44:33

joku kuka ei vaan osaa kirjoitti:

ComboFix 08-06-07.3 - Maarit 2008-06-08 12:30:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1521 [GMT 3:00]
Running from: C:\Documents and Settings\Maarit\Työpöytä\ComboFix.exe
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\setup.exe
C:\WINDOWS\BM2314a76b.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\service.exe
C:\WINDOWS\system32\aauettye.ini
C:\WINDOWS\system32\awtuuSLc.dll
C:\WINDOWS\system32\eakaqcys.dll
C:\WINDOWS\system32\FLSAdfhk.ini
C:\WINDOWS\system32\FLSAdfhk.ini2
C:\WINDOWS\system32\hrjwysfd.ini
C:\WINDOWS\system32\kxgagbca.ini
C:\WINDOWS\system32\tuvuRIxV.dll
C:\WINDOWS\system32\unmxtmdt.ini
C:\WINDOWS\system32\urqPgeEw.dll
C:\WINDOWS\system32\vtUKArOi.dll
C:\WINDOWS\ups.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-08 to 2008-06-08 )))))))))))))))))
.

2008-06-08 00:10 . 2008-06-08 00:15      d--------   C:\Program Files\Windows Live
2008-06-07 18:55 . 2008-06-07 18:59      d--------   C:\WINDOWS\.silabclient_store_32
2008-06-07 10:35 . 2008-06-07 10:35      d--------   C:\Documents and Settings\Maarit\Application Data\Uniblue
2008-06-07 10:29 . 2008-06-08 00:07      d--------   C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-06 20:39 . 2008-06-06 20:39   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-06-06 20:39 . 2008-06-06 20:39   1,409   --a------   C:\WINDOWS\QTFont.for
2008-06-06 15:03 . 2008-06-06 20:39   49,156   --a------   C:\Documents and Settings\Maarit\sz.exe
2008-06-06 14:58 . 2008-06-06 20:46   49,156   --a------   C:\sz.exe
2008-06-06 14:56 . 2008-06-06 14:56   2,232   --a------   C:\sex2.exe
2008-06-06 14:55 . 2008-06-06 14:55   2,232   --a------   C:\sex22.exe
2008-05-30 22:48 . 2008-05-30 22:48      d--------   C:\Program Files\Trend Micro
2008-05-30 22:12 . 2008-05-30 22:12   60,132   --a------   C:\dcsi.exe
2008-05-30 20:59 . 2008-05-30 22:48   60,132   --a------   C:\dci.exe
2008-05-30 18:12 . 2008-05-30 18:12      d--------   C:\Program Files\ZyDAS Technology Corporation
2008-05-30 18:12 . 2006-08-24 13:44   477,696   --a------   C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-05-30 18:12 . 2004-01-14 11:25   81,920   --a------   C:\WINDOWS\system32\ZDPN50.DLL
2008-05-30 18:12 . 2005-03-18 15:35   31,744   --a------   C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-05-30 18:12 . 2005-06-08 18:44   29,184   --a------   C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-05-30 18:12 . 2004-03-23 16:38   28,672   --a------   C:\WINDOWS\system32\InsDrvZD.dll
2008-05-30 18:12 . 2003-03-14 12:24   24,576   --a------   C:\WINDOWS\system32\ZyDelReg.exe
2008-05-30 18:12 . 2005-06-08 18:44   20,608   --a------   C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-05-30 18:12 . 2004-10-25 13:40   17,664   --a------   C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-05-30 18:12 . 2004-01-14 11:30   17,151   --a------   C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-05-30 18:12 . 2005-07-12 14:44   15,872   --a------   C:\WINDOWS\system32\InsDrvZD64.DLL
2008-05-29 22:48 . 2008-05-29 22:48      d--------   C:\Documents and Settings\Maarit\Application Data\FLV Extract
2008-05-09 13:30 . 2008-05-09 13:30      d--------   C:\Documents and Settings\Maarit\Application Data\Atari
2008-05-09 13:16 . 2008-05-09 13:16      d--------   C:\Program Files\Common Files\PocketSoft
2008-05-09 13:16 . 2008-05-09 13:16      d--------   C:\Documents and Settings\Maarit\Application Data\Leadertech
2008-05-09 13:16 . 2002-02-27 18:50   197,120   --a------   C:\WINDOWS\patchw32.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 09:20   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 21:10   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-07 08:47   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\uTorrent
2008-06-06 22:13   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\LimeWire
2008-06-06 13:36   ---------   d-----w   C:\Program Files\McAfee
2008-05-30 20:28   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\mIRC
2008-05-30 15:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-30 15:12   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-06 11:55   22,328   ----a-w   C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-01 21:34   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2008-04-29 20:19   ---------   d-----w   C:\Program Files\MSXML 6.0
2008-04-28 13:52   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Publish Providers
2008-04-28 13:51   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Sony
2008-04-28 13:41   ---------   d-----w   C:\Program Files\Sony
2008-04-28 13:37   ---------   d-----w   C:\Program Files\Vstplugins
2008-04-28 13:37   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Sony
2008-04-28 13:01   ---------   d-----w   C:\Program Files\MSBuild
2008-04-28 12:59   ---------   d-----w   C:\Program Files\Reference Assemblies
2008-04-28 12:52   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Sony Setup
2008-04-09 09:55   ---------   d-----w   C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-03-14 21:30   352,256   ----a-w   C:\WINDOWS\eSellerateEngine.dll
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 10:05 217088]
"Windows svchost"="ups.exe" [2004-09-14 17:12 18432 C:\WINDOWS\system32\ups.exe]
"BM2314a76b"="C:\WINDOWS\system32\hsyihyun.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"E:\\mIRC\\mirc.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\AoE2\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"23002:TCP"= 23002:TCP:BitComet 23002 TCP
"23002:UDP"= 23002:UDP:BitComet 23002 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"25054:TCP"= 25054:TCP:BitComet 25054 TCP
"25054:UDP"= 25054:UDP:BitComet 25054 UDP
"26941:TCP"= 26941:TCP:BitComet 26941 TCP
"26941:UDP"= 26941:UDP:BitComet 26941 UDP
"8116:TCP"= 8116:TCP:BitComet 8116 TCP
"8116:UDP"= 8116:UDP:BitComet 8116 UDP
"16695:TCP"= 16695:TCP:BitComet 16695 TCP
"16695:UDP"= 16695:UDP:BitComet 16695 UDP
"21915:TCP"= 21915:TCP:BitComet 21915 TCP
"21915:UDP"= 21915:UDP:BitComet 21915 UDP
"19569:TCP"= 19569:TCP:BitComet 19569 TCP
"19569:UDP"= 19569:UDP:BitComet 19569 UDP
"18330:TCP"= 18330:TCP:BitComet 18330 TCP
"18330:UDP"= 18330:UDP:BitComet 18330 UDP
"16413:TCP"= 16413:TCP:BitComet 16413 TCP
"16413:UDP"= 16413:UDP:BitComet 16413 UDP
"24682:TCP"= 24682:TCP:BitComet 24682 TCP
"24682:UDP"= 24682:UDP:BitComet 24682 UDP
"22552:TCP"= 22552:TCP:BitComet 22552 TCP
"22552:UDP"= 22552:UDP:BitComet 22552 UDP
"23893:TCP"= 23893:TCP:BitComet 23893 TCP
"23893:UDP"= 23893:UDP:BitComet 23893 UDP
"19507:TCP"= 19507:TCP:BitComet 19507 TCP
"19507:UDP"= 19507:UDP:BitComet 19507 UDP
"10568:TCP"= 10568:TCP:BitComet 10568 TCP
"10568:UDP"= 10568:UDP:BitComet 10568 UDP

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys []

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-03-02 12:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-02 12:30:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 12:33:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-06-08 12:36:15 - machine was rebooted [Maarit]
ComboFix-quarantined-files.txt 2008-06-08 09:36:11

Pre-Run: 144,333,975,552 tavua vapaana
Post-Run: 144,262,180,864 tavua vapaana

210   --- E O F ---   2008-05-30 15:44:33

Lue lisää

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

[quote]

File::
C:\sz.exe
C:\sex2.exe
C:\sex22.exe
C:\dcsi.exe
C:\dci.exe
C:\WINDOWS\system32\acbgagxk.dll
C:\WINDOWS\system32\hsyihyun.dll

Folder::
C:\Program Files\Macrogaming

[/quote]

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.
[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

*******

scannaa hjt:llä merkkaa paina Fix checked

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [202794f7] rundll32.exe "C:\WINDOWS\system32\acbgagxk.dll",b
O4 - HKLM\..\Run: [BM2314a76b] Rundll32.exe "C:\WINDOWS\system32\hsyihyun.dll",s
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

***********

FixFix kirjoitti:

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

[quote]

File::
C:\sz.exe
C:\sex2.exe
C:\sex22.exe
C:\dcsi.exe
C:\dci.exe
C:\WINDOWS\system32\acbgagxk.dll
C:\WINDOWS\system32\hsyihyun.dll

Folder::
C:\Program Files\Macrogaming

[/quote]

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.
[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

*******

scannaa hjt:llä merkkaa paina Fix checked

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [202794f7] rundll32.exe "C:\WINDOWS\system32\acbgagxk.dll",b
O4 - HKLM\..\Run: [BM2314a76b] Rundll32.exe "C:\WINDOWS\system32\hsyihyun.dll",s
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

***********

Lue lisää

ComboFix 08-06-07.3 - Maarit 2008-06-08 14:46:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1549 [GMT 3:00]
Running from: C:\Documents and Settings\Maarit\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maarit\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\dci.exe
C:\dcsi.exe
C:\sex2.exe
C:\sex22.exe
C:\sz.exe
C:\WINDOWS\system32\acbgagxk.dll
C:\WINDOWS\system32\hsyihyun.dll
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\dci.exe
C:\dcsi.exe
C:\sex2.exe
C:\sex22.exe
C:\sz.exe
C:\WINDOWS\system32\sysogg.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-08 to 2008-06-08 )))))))))))))))))
.

2008-06-08 00:10 . 2008-06-08 00:15      d--------   C:\Program Files\Windows Live
2008-06-07 18:55 . 2008-06-07 18:59      d--------   C:\WINDOWS\.silabclient_store_32
2008-06-07 10:35 . 2008-06-07 10:35      d--------   C:\Documents and Settings\Maarit\Application Data\Uniblue
2008-06-07 10:29 . 2008-06-08 00:07      d--------   C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-06 20:39 . 2008-06-06 20:39   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-06-06 20:39 . 2008-06-06 20:39   1,409   --a------   C:\WINDOWS\QTFont.for
2008-06-06 15:03 . 2008-06-06 20:39   49,156   --a------   C:\Documents and Settings\Maarit\sz.exe
2008-05-30 22:48 . 2008-05-30 22:48      d--------   C:\Program Files\Trend Micro
2008-05-30 18:12 . 2008-05-30 18:12      d--------   C:\Program Files\ZyDAS Technology Corporation
2008-05-30 18:12 . 2006-08-24 13:44   477,696   --a------   C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-05-30 18:12 . 2004-01-14 11:25   81,920   --a------   C:\WINDOWS\system32\ZDPN50.DLL
2008-05-30 18:12 . 2005-03-18 15:35   31,744   --a------   C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-05-30 18:12 . 2005-06-08 18:44   29,184   --a------   C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-05-30 18:12 . 2004-03-23 16:38   28,672   --a------   C:\WINDOWS\system32\InsDrvZD.dll
2008-05-30 18:12 . 2003-03-14 12:24   24,576   --a------   C:\WINDOWS\system32\ZyDelReg.exe
2008-05-30 18:12 . 2005-06-08 18:44   20,608   --a------   C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-05-30 18:12 . 2004-10-25 13:40   17,664   --a------   C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-05-30 18:12 . 2004-01-14 11:30   17,151   --a------   C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-05-30 18:12 . 2005-07-12 14:44   15,872   --a------   C:\WINDOWS\system32\InsDrvZD64.DLL
2008-05-29 22:48 . 2008-05-29 22:48      d--------   C:\Documents and Settings\Maarit\Application Data\FLV Extract
2008-05-09 13:30 . 2008-05-09 13:30      d--------   C:\Documents and Settings\Maarit\Application Data\Atari
2008-05-09 13:16 . 2008-05-09 13:16      d--------   C:\Program Files\Common Files\PocketSoft
2008-05-09 13:16 . 2008-05-09 13:16      d--------   C:\Documents and Settings\Maarit\Application Data\Leadertech
2008-05-09 13:16 . 2002-02-27 18:50   197,120   --a------   C:\WINDOWS\patchw32.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 09:20   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 21:10   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-07 08:47   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\uTorrent
2008-06-06 22:13   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\LimeWire
2008-06-06 13:36   ---------   d-----w   C:\Program Files\McAfee
2008-05-30 20:28   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\mIRC
2008-05-30 15:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-30 15:12   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-06 11:55   22,328   ----a-w   C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-06 11:54   107,832   ----a-w   C:\WINDOWS\system32\PnkBstrB.exe
2008-05-01 21:34   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2008-04-29 20:19   ---------   d-----w   C:\Program Files\MSXML 6.0
2008-04-28 13:52   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Publish Providers
2008-04-28 13:51   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Sony
2008-04-28 13:41   ---------   d-----w   C:\Program Files\Sony
2008-04-28 13:37   ---------   d-----w   C:\Program Files\Vstplugins
2008-04-28 13:37   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Sony
2008-04-28 13:01   ---------   d-----w   C:\Program Files\MSBuild
2008-04-28 12:59   ---------   d-----w   C:\Program Files\Reference Assemblies
2008-04-28 12:52   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Sony Setup
2008-04-09 09:55   ---------   d-----w   C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-04-03 16:48   66,872   ----a-w   C:\WINDOWS\system32\PnkBstrA.exe
2008-03-30 23:16   295,424   ----a-w   C:\WINDOWS\system32\bwmedia1.dll
2008-03-30 23:16   150,016   ----a-w   C:\WINDOWS\system32\bwmedia.dll
2008-03-25 04:51   621,344   ----a-w   C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51   166,688   ----a-w   C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09   1,845,504   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-03-19 13:25   1,984   ----a-w   C:\WINDOWS\system32\tmp.reg
2008-03-14 21:30   352,256   ----a-w   C:\WINDOWS\eSellerateEngine.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-08_12.35.59.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 09:32:44   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
2008-06-08 11:02:03   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
- 2008-06-08 06:12:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-06-08 11:42:24   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-08 06:12:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
2008-06-08 11:42:24   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 10:05 217088]
"Windows svchost"="ups.exe" [2004-09-14 17:12 18432 C:\WINDOWS\system32\ups.exe]
"BM2314a76b"="C:\WINDOWS\system32\hsyihyun.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-05-30 18:12:03 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"E:\\mIRC\\mirc.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\AoE2\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"23002:TCP"= 23002:TCP:BitComet 23002 TCP
"23002:UDP"= 23002:UDP:BitComet 23002 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"25054:TCP"= 25054:TCP:BitComet 25054 TCP
"25054:UDP"= 25054:UDP:BitComet 25054 UDP
"26941:TCP"= 26941:TCP:BitComet 26941 TCP
"26941:UDP"= 26941:UDP:BitComet 26941 UDP
"8116:TCP"= 8116:TCP:BitComet 8116 TCP
"8116:UDP"= 8116:UDP:BitComet 8116 UDP
"16695:TCP"= 16695:TCP:BitComet 16695 TCP
"16695:UDP"= 16695:UDP:BitComet 16695 UDP
"21915:TCP"= 21915:TCP:BitComet 21915 TCP
"21915:UDP"= 21915:UDP:BitComet 21915 UDP
"19569:TCP"= 19569:TCP:BitComet 19569 TCP
"19569:UDP"= 19569:UDP:BitComet 19569 UDP
"18330:TCP"= 18330:TCP:BitComet 18330 TCP
"18330:UDP"= 18330:UDP:BitComet 18330 UDP
"16413:TCP"= 16413:TCP:BitComet 16413 TCP
"16413:UDP"= 16413:UDP:BitComet 16413 UDP
"24682:TCP"= 24682:TCP:BitComet 24682 TCP
"24682:UDP"= 24682:UDP:BitComet 24682 UDP
"22552:TCP"= 22552:TCP:BitComet 22552 TCP
"22552:UDP"= 22552:UDP:BitComet 22552 UDP
"23893:TCP"= 23893:TCP:BitComet 23893 TCP
"23893:UDP"= 23893:UDP:BitComet 23893 UDP
"19507:TCP"= 19507:TCP:BitComet 19507 TCP
"19507:UDP"= 19507:UDP:BitComet 19507 UDP
"10568:TCP"= 10568:TCP:BitComet 10568 TCP
"10568:UDP"= 10568:UDP:BitComet 10568 UDP

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys []

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-02 12:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-02 12:30:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 14:47:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
Completion time: 2008-06-08 14:48:35
ComboFix-quarantined-files.txt 2008-06-08 11:48:31
ComboFix2.txt 2008-06-08 09:36:16

Pre-Run: 144,226,816,000 tavua vapaana
Post-Run: 144,217,296,896 tavua vapaana

204   --- E O F ---   2008-05-30 15:44:33

joku kuka ei vaan osaa kirjoitti:

ComboFix 08-06-07.3 - Maarit 2008-06-08 14:46:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1549 [GMT 3:00]
Running from: C:\Documents and Settings\Maarit\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maarit\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\dci.exe
C:\dcsi.exe
C:\sex2.exe
C:\sex22.exe
C:\sz.exe
C:\WINDOWS\system32\acbgagxk.dll
C:\WINDOWS\system32\hsyihyun.dll
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\dci.exe
C:\dcsi.exe
C:\sex2.exe
C:\sex22.exe
C:\sz.exe
C:\WINDOWS\system32\sysogg.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-08 to 2008-06-08 )))))))))))))))))
.

2008-06-08 00:10 . 2008-06-08 00:15      d--------   C:\Program Files\Windows Live
2008-06-07 18:55 . 2008-06-07 18:59      d--------   C:\WINDOWS\.silabclient_store_32
2008-06-07 10:35 . 2008-06-07 10:35      d--------   C:\Documents and Settings\Maarit\Application Data\Uniblue
2008-06-07 10:29 . 2008-06-08 00:07      d--------   C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-06 20:39 . 2008-06-06 20:39   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-06-06 20:39 . 2008-06-06 20:39   1,409   --a------   C:\WINDOWS\QTFont.for
2008-06-06 15:03 . 2008-06-06 20:39   49,156   --a------   C:\Documents and Settings\Maarit\sz.exe
2008-05-30 22:48 . 2008-05-30 22:48      d--------   C:\Program Files\Trend Micro
2008-05-30 18:12 . 2008-05-30 18:12      d--------   C:\Program Files\ZyDAS Technology Corporation
2008-05-30 18:12 . 2006-08-24 13:44   477,696   --a------   C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-05-30 18:12 . 2004-01-14 11:25   81,920   --a------   C:\WINDOWS\system32\ZDPN50.DLL
2008-05-30 18:12 . 2005-03-18 15:35   31,744   --a------   C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-05-30 18:12 . 2005-06-08 18:44   29,184   --a------   C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-05-30 18:12 . 2004-03-23 16:38   28,672   --a------   C:\WINDOWS\system32\InsDrvZD.dll
2008-05-30 18:12 . 2003-03-14 12:24   24,576   --a------   C:\WINDOWS\system32\ZyDelReg.exe
2008-05-30 18:12 . 2005-06-08 18:44   20,608   --a------   C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-05-30 18:12 . 2004-10-25 13:40   17,664   --a------   C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-05-30 18:12 . 2004-01-14 11:30   17,151   --a------   C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-05-30 18:12 . 2005-07-12 14:44   15,872   --a------   C:\WINDOWS\system32\InsDrvZD64.DLL
2008-05-29 22:48 . 2008-05-29 22:48      d--------   C:\Documents and Settings\Maarit\Application Data\FLV Extract
2008-05-09 13:30 . 2008-05-09 13:30      d--------   C:\Documents and Settings\Maarit\Application Data\Atari
2008-05-09 13:16 . 2008-05-09 13:16      d--------   C:\Program Files\Common Files\PocketSoft
2008-05-09 13:16 . 2008-05-09 13:16      d--------   C:\Documents and Settings\Maarit\Application Data\Leadertech
2008-05-09 13:16 . 2002-02-27 18:50   197,120   --a------   C:\WINDOWS\patchw32.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 09:20   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 21:10   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-07 08:47   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\uTorrent
2008-06-06 22:13   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\LimeWire
2008-06-06 13:36   ---------   d-----w   C:\Program Files\McAfee
2008-05-30 20:28   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\mIRC
2008-05-30 15:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-30 15:12   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-06 11:55   22,328   ----a-w   C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-06 11:54   107,832   ----a-w   C:\WINDOWS\system32\PnkBstrB.exe
2008-05-01 21:34   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2008-04-29 20:19   ---------   d-----w   C:\Program Files\MSXML 6.0
2008-04-28 13:52   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Publish Providers
2008-04-28 13:51   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Sony
2008-04-28 13:41   ---------   d-----w   C:\Program Files\Sony
2008-04-28 13:37   ---------   d-----w   C:\Program Files\Vstplugins
2008-04-28 13:37   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Sony
2008-04-28 13:01   ---------   d-----w   C:\Program Files\MSBuild
2008-04-28 12:59   ---------   d-----w   C:\Program Files\Reference Assemblies
2008-04-28 12:52   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Sony Setup
2008-04-09 09:55   ---------   d-----w   C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-04-03 16:48   66,872   ----a-w   C:\WINDOWS\system32\PnkBstrA.exe
2008-03-30 23:16   295,424   ----a-w   C:\WINDOWS\system32\bwmedia1.dll
2008-03-30 23:16   150,016   ----a-w   C:\WINDOWS\system32\bwmedia.dll
2008-03-25 04:51   621,344   ----a-w   C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51   166,688   ----a-w   C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09   1,845,504   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-03-19 13:25   1,984   ----a-w   C:\WINDOWS\system32\tmp.reg
2008-03-14 21:30   352,256   ----a-w   C:\WINDOWS\eSellerateEngine.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-08_12.35.59.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 09:32:44   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
2008-06-08 11:02:03   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
- 2008-06-08 06:12:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-06-08 11:42:24   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-08 06:12:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
2008-06-08 11:42:24   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 10:05 217088]
"Windows svchost"="ups.exe" [2004-09-14 17:12 18432 C:\WINDOWS\system32\ups.exe]
"BM2314a76b"="C:\WINDOWS\system32\hsyihyun.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-05-30 18:12:03 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"E:\\mIRC\\mirc.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\AoE2\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"23002:TCP"= 23002:TCP:BitComet 23002 TCP
"23002:UDP"= 23002:UDP:BitComet 23002 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"25054:TCP"= 25054:TCP:BitComet 25054 TCP
"25054:UDP"= 25054:UDP:BitComet 25054 UDP
"26941:TCP"= 26941:TCP:BitComet 26941 TCP
"26941:UDP"= 26941:UDP:BitComet 26941 UDP
"8116:TCP"= 8116:TCP:BitComet 8116 TCP
"8116:UDP"= 8116:UDP:BitComet 8116 UDP
"16695:TCP"= 16695:TCP:BitComet 16695 TCP
"16695:UDP"= 16695:UDP:BitComet 16695 UDP
"21915:TCP"= 21915:TCP:BitComet 21915 TCP
"21915:UDP"= 21915:UDP:BitComet 21915 UDP
"19569:TCP"= 19569:TCP:BitComet 19569 TCP
"19569:UDP"= 19569:UDP:BitComet 19569 UDP
"18330:TCP"= 18330:TCP:BitComet 18330 TCP
"18330:UDP"= 18330:UDP:BitComet 18330 UDP
"16413:TCP"= 16413:TCP:BitComet 16413 TCP
"16413:UDP"= 16413:UDP:BitComet 16413 UDP
"24682:TCP"= 24682:TCP:BitComet 24682 TCP
"24682:UDP"= 24682:UDP:BitComet 24682 UDP
"22552:TCP"= 22552:TCP:BitComet 22552 TCP
"22552:UDP"= 22552:UDP:BitComet 22552 UDP
"23893:TCP"= 23893:TCP:BitComet 23893 TCP
"23893:UDP"= 23893:UDP:BitComet 23893 UDP
"19507:TCP"= 19507:TCP:BitComet 19507 TCP
"19507:UDP"= 19507:UDP:BitComet 19507 UDP
"10568:TCP"= 10568:TCP:BitComet 10568 TCP
"10568:UDP"= 10568:UDP:BitComet 10568 UDP

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys []

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-02 12:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-02 12:30:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 14:47:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
Completion time: 2008-06-08 14:48:35
ComboFix-quarantined-files.txt 2008-06-08 11:48:31
ComboFix2.txt 2008-06-08 09:36:16

Pre-Run: 144,226,816,000 tavua vapaana
Post-Run: 144,217,296,896 tavua vapaana

204   --- E O F ---   2008-05-30 15:44:33

Lue lisää

Kun ottaa tekijät huomioon ;D

Lataa Malwarebytes' Anti-Malware työpöydällesi.
http://www.besttechie.net/tools/mbam-setup.exe
•   Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
•   Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
•   Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
•   Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
•   Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
•   Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
•   Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
•   Lähetä lokin sisältö seuraavassa viestissäsi.

FixFix kirjoitti:

Kun ottaa tekijät huomioon ;D

Lataa Malwarebytes' Anti-Malware työpöydällesi.
http://www.besttechie.net/tools/mbam-setup.exe
•   Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
•   Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
•   Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
•   Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
•   Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
•   Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
•   Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
•   Lähetä lokin sisältö seuraavassa viestissäsi.

Lue lisää

Malwarebytes' Anti-Malware 1.15
Tietokantaversio: 839

15:56:12 8.6.2008
mbam-log-6-8-2008 (15-56-12).txt

Tarkistustyyppi: Täysi tarkistus (C:\|E:\|)
Tarkistetut kohteet: 113857
Kulunut aika: 32 minute(s), 4 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 5
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 22

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\Typelib\{f9fa603d-697c-4900-a950-e54f08324a24} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nmwegbsf.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\QooBox\Quarantine\C\dci.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\dcsi.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\setup.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\service.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\awtuuSLc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvuRIxV.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\urqPgeEw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUKArOi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP129\A0030659.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP134\A0031855.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP134\A0031856.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033071.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033073.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033076.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033078.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033079.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033080.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033103.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP144\A0034101.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP144\A0034102.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
E:\XMoto\sqlite3.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.










PS. Kiitos avusta

joku kuka ei vaan osaa kirjoitti:

Malwarebytes' Anti-Malware 1.15
Tietokantaversio: 839

15:56:12 8.6.2008
mbam-log-6-8-2008 (15-56-12).txt

Tarkistustyyppi: Täysi tarkistus (C:\|E:\|)
Tarkistetut kohteet: 113857
Kulunut aika: 32 minute(s), 4 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 5
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 22

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\Typelib\{f9fa603d-697c-4900-a950-e54f08324a24} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nmwegbsf.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\QooBox\Quarantine\C\dci.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\dcsi.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\setup.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\service.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\awtuuSLc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvuRIxV.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\urqPgeEw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUKArOi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP129\A0030659.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP134\A0031855.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP134\A0031856.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033071.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033073.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033076.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033078.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033079.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033080.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033103.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP144\A0034101.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP144\A0034102.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
E:\XMoto\sqlite3.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.










PS. Kiitos avusta

Lue lisää

sontoo

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

*********

scannaa uusi combofix loki

FixFix kirjoitti:

sontoo

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

*********

scannaa uusi combofix loki

Lue lisää

ComboFix 08-06-07.3 - Maarit 2008-06-08 17:02:00.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.358.1035.18.1537 [GMT 3:00]
Running from: C:\Documents and Settings\Maarit\Työpöytä\ComboFix.exe
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-08 to 2008-06-08 )))))))))))))))))
.

2008-06-08 00:10 . 2008-06-08 00:15      d--------   C:\Program Files\Windows Live
2008-06-07 18:55 . 2008-06-07 18:59      d--------   C:\WINDOWS\.silabclient_store_32
2008-06-07 10:35 . 2008-06-07 10:35      d--------   C:\Documents and Settings\Maarit\Application Data\Uniblue
2008-06-07 10:29 . 2008-06-08 00:07      d--------   C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-06 20:39 . 2008-06-06 20:39   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-06-06 20:39 . 2008-06-06 20:39   1,409   --a------   C:\WINDOWS\QTFont.for
2008-06-06 15:03 . 2008-06-06 20:39   49,156   --a------   C:\Documents and Settings\Maarit\sz.exe
2008-05-30 22:48 . 2008-05-30 22:48      d--------   C:\Program Files\Trend Micro
2008-05-30 18:12 . 2008-05-30 18:12      d--------   C:\Program Files\ZyDAS Technology Corporation
2008-05-30 18:12 . 2006-08-24 13:44   477,696   --a------   C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-05-30 18:12 . 2004-01-14 11:25   81,920   --a------   C:\WINDOWS\system32\ZDPN50.DLL
2008-05-30 18:12 . 2005-03-18 15:35   31,744   --a------   C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-05-30 18:12 . 2005-06-08 18:44   29,184   --a------   C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-05-30 18:12 . 2004-03-23 16:38   28,672   --a------   C:\WINDOWS\system32\InsDrvZD.dll
2008-05-30 18:12 . 2003-03-14 12:24   24,576   --a------   C:\WINDOWS\system32\ZyDelReg.exe
2008-05-30 18:12 . 2005-06-08 18:44   20,608   --a------   C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-05-30 18:12 . 2004-10-25 13:40   17,664   --a------   C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-05-30 18:12 . 2004-01-14 11:30   17,151   --a------   C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-05-30 18:12 . 2005-07-12 14:44   15,872   --a------   C:\WINDOWS\system32\InsDrvZD64.DLL
2008-05-29 22:48 . 2008-05-29 22:48      d--------   C:\Documents and Settings\Maarit\Application Data\FLV Extract
2008-05-09 13:30 . 2008-05-09 13:30      d--------   C:\Documents and Settings\Maarit\Application Data\Atari
2008-05-09 13:16 . 2008-05-09 13:16      d--------   C:\Program Files\Common Files\PocketSoft
2008-05-09 13:16 . 2008-05-09 13:16      d--------   C:\Documents and Settings\Maarit\Application Data\Leadertech
2008-05-09 13:16 . 2002-02-27 18:50   197,120   --a------   C:\WINDOWS\patchw32.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 09:20   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 21:10   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-07 08:47   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\uTorrent
2008-06-06 22:13   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\LimeWire
2008-06-06 13:36   ---------   d-----w   C:\Program Files\McAfee
2008-05-30 20:28   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\mIRC
2008-05-30 15:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-30 15:12   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-06 11:55   22,328   ----a-w   C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-06 11:54   107,832   ----a-w   C:\WINDOWS\system32\PnkBstrB.exe
2008-05-01 21:34   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2008-04-29 20:19   ---------   d-----w   C:\Program Files\MSXML 6.0
2008-04-28 13:52   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Publish Providers
2008-04-28 13:51   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Sony
2008-04-28 13:41   ---------   d-----w   C:\Program Files\Sony
2008-04-28 13:37   ---------   d-----w   C:\Program Files\Vstplugins
2008-04-28 13:37   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Sony
2008-04-28 13:01   ---------   d-----w   C:\Program Files\MSBuild
2008-04-28 12:59   ---------   d-----w   C:\Program Files\Reference Assemblies
2008-04-28 12:52   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Sony Setup
2008-04-09 09:55   ---------   d-----w   C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-04-03 16:48   66,872   ----a-w   C:\WINDOWS\system32\PnkBstrA.exe
2008-03-30 23:16   295,424   ----a-w   C:\WINDOWS\system32\bwmedia1.dll
2008-03-30 23:16   150,016   ----a-w   C:\WINDOWS\system32\bwmedia.dll
2008-03-25 04:51   621,344   ----a-w   C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51   166,688   ----a-w   C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09   1,845,504   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-03-19 13:25   1,984   ----a-w   C:\WINDOWS\system32\tmp.reg
2008-03-14 21:30   352,256   ----a-w   C:\WINDOWS\eSellerateEngine.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-08_12.35.59.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 09:32:44   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
2008-06-08 13:58:57   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
- 2008-06-08 06:12:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-06-08 11:42:24   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-08 06:12:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
2008-06-08 11:42:24   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 10:05 217088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-05-30 18:12:03 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"E:\\mIRC\\mirc.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\AoE2\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"23002:TCP"= 23002:TCP:BitComet 23002 TCP
"23002:UDP"= 23002:UDP:BitComet 23002 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"25054:TCP"= 25054:TCP:BitComet 25054 TCP
"25054:UDP"= 25054:UDP:BitComet 25054 UDP
"26941:TCP"= 26941:TCP:BitComet 26941 TCP
"26941:UDP"= 26941:UDP:BitComet 26941 UDP
"8116:TCP"= 8116:TCP:BitComet 8116 TCP
"8116:UDP"= 8116:UDP:BitComet 8116 UDP
"16695:TCP"= 16695:TCP:BitComet 16695 TCP
"16695:UDP"= 16695:UDP:BitComet 16695 UDP
"21915:TCP"= 21915:TCP:BitComet 21915 TCP
"21915:UDP"= 21915:UDP:BitComet 21915 UDP
"19569:TCP"= 19569:TCP:BitComet 19569 TCP
"19569:UDP"= 19569:UDP:BitComet 19569 UDP
"18330:TCP"= 18330:TCP:BitComet 18330 TCP
"18330:UDP"= 18330:UDP:BitComet 18330 UDP
"16413:TCP"= 16413:TCP:BitComet 16413 TCP
"16413:UDP"= 16413:UDP:BitComet 16413 UDP
"24682:TCP"= 24682:TCP:BitComet 24682 TCP
"24682:UDP"= 24682:UDP:BitComet 24682 UDP
"22552:TCP"= 22552:TCP:BitComet 22552 TCP
"22552:UDP"= 22552:UDP:BitComet 22552 UDP
"23893:TCP"= 23893:TCP:BitComet 23893 TCP
"23893:UDP"= 23893:UDP:BitComet 23893 UDP
"19507:TCP"= 19507:TCP:BitComet 19507 TCP
"19507:UDP"= 19507:UDP:BitComet 19507 UDP
"10568:TCP"= 10568:TCP:BitComet 10568 TCP
"10568:UDP"= 10568:UDP:BitComet 10568 UDP

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys []

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-02 12:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-02 12:30:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 17:03:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
Completion time: 2008-06-08 17:04:16
ComboFix-quarantined-files.txt 2008-06-08 14:04:11
ComboFix2.txt 2008-06-08 11:48:36
ComboFix3.txt 2008-06-08 09:36:16

Pre-Run: 144,691,019,776 tavua vapaana
Post-Run: 144,684,883,968 tavua vapaana

185   --- E O F ---   2008-05-30 15:44:33

joku kuka ei vaan osaa kirjoitti:

ComboFix 08-06-07.3 - Maarit 2008-06-08 17:02:00.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.358.1035.18.1537 [GMT 3:00]
Running from: C:\Documents and Settings\Maarit\Työpöytä\ComboFix.exe
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-08 to 2008-06-08 )))))))))))))))))
.

2008-06-08 00:10 . 2008-06-08 00:15      d--------   C:\Program Files\Windows Live
2008-06-07 18:55 . 2008-06-07 18:59      d--------   C:\WINDOWS\.silabclient_store_32
2008-06-07 10:35 . 2008-06-07 10:35      d--------   C:\Documents and Settings\Maarit\Application Data\Uniblue
2008-06-07 10:29 . 2008-06-08 00:07      d--------   C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-06 20:39 . 2008-06-06 20:39   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-06-06 20:39 . 2008-06-06 20:39   1,409   --a------   C:\WINDOWS\QTFont.for
2008-06-06 15:03 . 2008-06-06 20:39   49,156   --a------   C:\Documents and Settings\Maarit\sz.exe
2008-05-30 22:48 . 2008-05-30 22:48      d--------   C:\Program Files\Trend Micro
2008-05-30 18:12 . 2008-05-30 18:12      d--------   C:\Program Files\ZyDAS Technology Corporation
2008-05-30 18:12 . 2006-08-24 13:44   477,696   --a------   C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-05-30 18:12 . 2004-01-14 11:25   81,920   --a------   C:\WINDOWS\system32\ZDPN50.DLL
2008-05-30 18:12 . 2005-03-18 15:35   31,744   --a------   C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-05-30 18:12 . 2005-06-08 18:44   29,184   --a------   C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-05-30 18:12 . 2004-03-23 16:38   28,672   --a------   C:\WINDOWS\system32\InsDrvZD.dll
2008-05-30 18:12 . 2003-03-14 12:24   24,576   --a------   C:\WINDOWS\system32\ZyDelReg.exe
2008-05-30 18:12 . 2005-06-08 18:44   20,608   --a------   C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-05-30 18:12 . 2004-10-25 13:40   17,664   --a------   C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-05-30 18:12 . 2004-01-14 11:30   17,151   --a------   C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-05-30 18:12 . 2005-07-12 14:44   15,872   --a------   C:\WINDOWS\system32\InsDrvZD64.DLL
2008-05-29 22:48 . 2008-05-29 22:48      d--------   C:\Documents and Settings\Maarit\Application Data\FLV Extract
2008-05-09 13:30 . 2008-05-09 13:30      d--------   C:\Documents and Settings\Maarit\Application Data\Atari
2008-05-09 13:16 . 2008-05-09 13:16      d--------   C:\Program Files\Common Files\PocketSoft
2008-05-09 13:16 . 2008-05-09 13:16      d--------   C:\Documents and Settings\Maarit\Application Data\Leadertech
2008-05-09 13:16 . 2002-02-27 18:50   197,120   --a------   C:\WINDOWS\patchw32.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 09:20   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 21:10   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-07 08:47   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\uTorrent
2008-06-06 22:13   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\LimeWire
2008-06-06 13:36   ---------   d-----w   C:\Program Files\McAfee
2008-05-30 20:28   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\mIRC
2008-05-30 15:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-30 15:12   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-06 11:55   22,328   ----a-w   C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-06 11:54   107,832   ----a-w   C:\WINDOWS\system32\PnkBstrB.exe
2008-05-01 21:34   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2008-04-29 20:19   ---------   d-----w   C:\Program Files\MSXML 6.0
2008-04-28 13:52   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Publish Providers
2008-04-28 13:51   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Sony
2008-04-28 13:41   ---------   d-----w   C:\Program Files\Sony
2008-04-28 13:37   ---------   d-----w   C:\Program Files\Vstplugins
2008-04-28 13:37   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Sony
2008-04-28 13:01   ---------   d-----w   C:\Program Files\MSBuild
2008-04-28 12:59   ---------   d-----w   C:\Program Files\Reference Assemblies
2008-04-28 12:52   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Sony Setup
2008-04-09 09:55   ---------   d-----w   C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-04-03 16:48   66,872   ----a-w   C:\WINDOWS\system32\PnkBstrA.exe
2008-03-30 23:16   295,424   ----a-w   C:\WINDOWS\system32\bwmedia1.dll
2008-03-30 23:16   150,016   ----a-w   C:\WINDOWS\system32\bwmedia.dll
2008-03-25 04:51   621,344   ----a-w   C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51   166,688   ----a-w   C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09   1,845,504   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-03-19 13:25   1,984   ----a-w   C:\WINDOWS\system32\tmp.reg
2008-03-14 21:30   352,256   ----a-w   C:\WINDOWS\eSellerateEngine.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-08_12.35.59.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 09:32:44   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
2008-06-08 13:58:57   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
- 2008-06-08 06:12:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-06-08 11:42:24   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-08 06:12:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
2008-06-08 11:42:24   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 10:05 217088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-05-30 18:12:03 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"E:\\mIRC\\mirc.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\AoE2\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"23002:TCP"= 23002:TCP:BitComet 23002 TCP
"23002:UDP"= 23002:UDP:BitComet 23002 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"25054:TCP"= 25054:TCP:BitComet 25054 TCP
"25054:UDP"= 25054:UDP:BitComet 25054 UDP
"26941:TCP"= 26941:TCP:BitComet 26941 TCP
"26941:UDP"= 26941:UDP:BitComet 26941 UDP
"8116:TCP"= 8116:TCP:BitComet 8116 TCP
"8116:UDP"= 8116:UDP:BitComet 8116 UDP
"16695:TCP"= 16695:TCP:BitComet 16695 TCP
"16695:UDP"= 16695:UDP:BitComet 16695 UDP
"21915:TCP"= 21915:TCP:BitComet 21915 TCP
"21915:UDP"= 21915:UDP:BitComet 21915 UDP
"19569:TCP"= 19569:TCP:BitComet 19569 TCP
"19569:UDP"= 19569:UDP:BitComet 19569 UDP
"18330:TCP"= 18330:TCP:BitComet 18330 TCP
"18330:UDP"= 18330:UDP:BitComet 18330 UDP
"16413:TCP"= 16413:TCP:BitComet 16413 TCP
"16413:UDP"= 16413:UDP:BitComet 16413 UDP
"24682:TCP"= 24682:TCP:BitComet 24682 TCP
"24682:UDP"= 24682:UDP:BitComet 24682 UDP
"22552:TCP"= 22552:TCP:BitComet 22552 TCP
"22552:UDP"= 22552:UDP:BitComet 22552 UDP
"23893:TCP"= 23893:TCP:BitComet 23893 TCP
"23893:UDP"= 23893:UDP:BitComet 23893 UDP
"19507:TCP"= 19507:TCP:BitComet 19507 TCP
"19507:UDP"= 19507:UDP:BitComet 19507 UDP
"10568:TCP"= 10568:TCP:BitComet 10568 TCP
"10568:UDP"= 10568:UDP:BitComet 10568 UDP

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys []

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-02 12:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-02 12:30:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 17:03:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
Completion time: 2008-06-08 17:04:16
ComboFix-quarantined-files.txt 2008-06-08 14:04:11
ComboFix2.txt 2008-06-08 11:48:36
ComboFix3.txt 2008-06-08 09:36:16

Pre-Run: 144,691,019,776 tavua vapaana
Post-Run: 144,684,883,968 tavua vapaana

185   --- E O F ---   2008-05-30 15:44:33

Lue lisää

jokos se kuoli

scannaa uusi hjt.n loki

FixFix kirjoitti:

jokos se kuoli

scannaa uusi hjt.n loki

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:16, on 8.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204442726923
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 7282 bytes

joku kuka ei vaan osaa kirjoitti:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:16, on 8.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204442726923
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 7282 bytes

Lue lisää

lokista puhas

Lataa Malwarebytes' Anti-Malware työpöydällesi.
http://www.besttechie.net/tools/mbam-setup.exe
•   Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
•   Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
•   Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
•   Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
•   Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
•   Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
•   Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
•   Lähetä lokin sisältö seuraavassa viestissäsi.

FixFix kirjoitti:

lokista puhas

Lataa Malwarebytes' Anti-Malware työpöydällesi.
http://www.besttechie.net/tools/mbam-setup.exe
•   Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
•   Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
•   Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
•   Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
•   Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
•   Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
•   Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
•   Lähetä lokin sisältö seuraavassa viestissäsi.

Lue lisää

Malwarebytes' Anti-Malware 1.15
Tietokantaversio: 841

0:48:00 9.6.2008
mbam-log-6-9-2008 (00-48-00).txt

Tarkistustyyppi: Täysi tarkistus (C:\|E:\|)
Tarkistetut kohteet: 113359
Kulunut aika: 30 minute(s), 0 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 2
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\Typelib\{f9fa603d-697c-4900-a950-e54f08324a24} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nmwegbsf.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

joku kuka ei vaan osaa kirjoitti:

Malwarebytes' Anti-Malware 1.15
Tietokantaversio: 841

0:48:00 9.6.2008
mbam-log-6-9-2008 (00-48-00).txt

Tarkistustyyppi: Täysi tarkistus (C:\|E:\|)
Tarkistetut kohteet: 113359
Kulunut aika: 30 minute(s), 0 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 2
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\Typelib\{f9fa603d-697c-4900-a950-e54f08324a24} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nmwegbsf.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

Lue lisää

loki

FixFix kirjoitti:

loki

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:25:11, on 9.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204442726923
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 7228 bytes














ComboFix 08-06-07.3 - Maarit 2008-06-09 13:27:59.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1486 [GMT 3:00]
Running from: C:\Documents and Settings\Maarit\Työpöytä\ComboFix.exe
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-09 to 2008-06-09 )))))))))))))))))
.

2008-06-09 13:25 . 2008-06-09 13:25      d--------   C:\Program Files\Trend Micro
2008-06-09 00:15 . 2008-06-09 13:23      d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 22:43 . 2008-06-08 22:43      d--h-----   C:\WINDOWS\PIF
2008-06-08 00:10 . 2008-06-08 00:15      d--------   C:\Program Files\Windows Live
2008-06-07 18:55 . 2008-06-07 18:59      d--------   C:\WINDOWS\.silabclient_store_32
2008-06-07 10:35 . 2008-06-07 10:35      d--------   C:\Documents and Settings\Maarit\Application Data\Uniblue
2008-06-07 10:29 . 2008-06-08 00:07      d--------   C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-06 20:39 . 2008-06-08 22:37   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-06-06 20:39 . 2008-06-06 20:39   1,409   --a------   C:\WINDOWS\QTFont.for
2008-06-06 15:03 . 2008-06-06 20:39   49,156   --a------   C:\Documents and Settings\Maarit\sz.exe
2008-05-30 18:12 . 2008-05-30 18:12      d--------   C:\Program Files\ZyDAS Technology Corporation
2008-05-30 18:12 . 2006-08-24 13:44   477,696   --a------   C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-05-30 18:12 . 2004-01-14 11:25   81,920   --a------   C:\WINDOWS\system32\ZDPN50.DLL
2008-05-30 18:12 . 2005-03-18 15:35   31,744   --a------   C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-05-30 18:12 . 2005-06-08 18:44   29,184   --a------   C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-05-30 18:12 . 2004-03-23 16:38   28,672   --a------   C:\WINDOWS\system32\InsDrvZD.dll
2008-05-30 18:12 . 2003-03-14 12:24   24,576   --a------   C:\WINDOWS\system32\ZyDelReg.exe
2008-05-30 18:12 . 2005-06-08 18:44   20,608   --a------   C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-05-30 18:12 . 2004-10-25 13:40   17,664   --a------   C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-05-30 18:12 . 2004-01-14 11:30   17,151   --a------   C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-05-30 18:12 . 2005-07-12 14:44   15,872   --a------   C:\WINDOWS\system32\InsDrvZD64.DLL
2008-05-29 22:48 . 2008-05-29 22:48      d--------   C:\Documents and Settings\Maarit\Application Data\FLV Extract
2008-05-09 13:30 . 2008-05-09 13:30      d--------   C:\Documents and Settings\Maarit\Application Data\Atari
2008-05-09 13:16 . 2008-05-09 13:16      d--------   C:\Program Files\Common Files\PocketSoft
2008-05-09 13:16 . 2008-05-09 13:16      d--------   C:\Documents and Settings\Maarit\Application Data\Leadertech
2008-05-09 13:16 . 2002-02-27 18:50   197,120   --a------   C:\WINDOWS\patchw32.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 10:29   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\uTorrent
2008-06-08 09:20   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 21:10   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 22:13   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\LimeWire
2008-06-06 13:36   ---------   d-----w   C:\Program Files\McAfee
2008-05-30 20:28   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\mIRC
2008-05-30 15:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-30 15:12   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-06 11:55   22,328   ----a-w   C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-06 11:54   107,832   ----a-w   C:\WINDOWS\system32\PnkBstrB.exe
2008-05-01 21:34   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2008-04-29 20:19   ---------   d-----w   C:\Program Files\MSXML 6.0
2008-04-28 13:52   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Publish Providers
2008-04-28 13:51   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Sony
2008-04-28 13:41   ---------   d-----w   C:\Program Files\Sony
2008-04-28 13:37   ---------   d-----w   C:\Program Files\Vstplugins
2008-04-28 13:37   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Sony
2008-04-28 13:01   ---------   d-----w   C:\Program Files\MSBuild
2008-04-28 12:59   ---------   d-----w   C:\Program Files\Reference Assemblies
2008-04-28 12:52   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Sony Setup
2008-04-09 09:55   ---------   d-----w   C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-04-03 16:48   66,872   ----a-w   C:\WINDOWS\system32\PnkBstrA.exe
2008-03-30 23:16   295,424   ----a-w   C:\WINDOWS\system32\bwmedia1.dll
2008-03-30 23:16   150,016   ----a-w   C:\WINDOWS\system32\bwmedia.dll
2008-03-25 04:51   621,344   ----a-w   C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51   166,688   ----a-w   C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09   1,845,504   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-03-19 13:25   1,984   ----a-w   C:\WINDOWS\system32\tmp.reg
2008-03-14 21:30   352,256   ----a-w   C:\WINDOWS\eSellerateEngine.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-08_12.35.59.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-07 15:56:15   201,323   ----a-w   C:\WINDOWS\.silabclient_store_32\code.dat
2008-06-09 07:21:10   202,262   ----a-w   C:\WINDOWS\.silabclient_store_32\code.dat
- 2008-06-08 09:32:44   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
2008-06-09 07:19:33   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
- 2008-06-08 06:12:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-06-09 07:25:16   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-08 06:12:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
2008-06-09 07:25:16   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 10:05 217088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-05-30 18:12:03 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"E:\\mIRC\\mirc.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\AoE2\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"23002:TCP"= 23002:TCP:BitComet 23002 TCP
"23002:UDP"= 23002:UDP:BitComet 23002 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"25054:TCP"= 25054:TCP:BitComet 25054 TCP
"25054:UDP"= 25054:UDP:BitComet 25054 UDP
"26941:TCP"= 26941:TCP:BitComet 26941 TCP
"26941:UDP"= 26941:UDP:BitComet 26941 UDP
"8116:TCP"= 8116:TCP:BitComet 8116 TCP
"8116:UDP"= 8116:UDP:BitComet 8116 UDP
"16695:TCP"= 16695:TCP:BitComet 16695 TCP
"16695:UDP"= 16695:UDP:BitComet 16695 UDP
"21915:TCP"= 21915:TCP:BitComet 21915 TCP
"21915:UDP"= 21915:UDP:BitComet 21915 UDP
"19569:TCP"= 19569:TCP:BitComet 19569 TCP
"19569:UDP"= 19569:UDP:BitComet 19569 UDP
"18330:TCP"= 18330:TCP:BitComet 18330 TCP
"18330:UDP"= 18330:UDP:BitComet 18330 UDP
"16413:TCP"= 16413:TCP:BitComet 16413 TCP
"16413:UDP"= 16413:UDP:BitComet 16413 UDP
"24682:TCP"= 24682:TCP:BitComet 24682 TCP
"24682:UDP"= 24682:UDP:BitComet 24682 UDP
"22552:TCP"= 22552:TCP:BitComet 22552 TCP
"22552:UDP"= 22552:UDP:BitComet 22552 UDP
"23893:TCP"= 23893:TCP:BitComet 23893 TCP
"23893:UDP"= 23893:UDP:BitComet 23893 UDP
"19507:TCP"= 19507:TCP:BitComet 19507 TCP
"19507:UDP"= 19507:UDP:BitComet 19507 UDP
"10568:TCP"= 10568:TCP:BitComet 10568 TCP
"10568:UDP"= 10568:UDP:BitComet 10568 UDP

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys []

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-02 12:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-02 12:30:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 13:29:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
Completion time: 2008-06-09 13:30:20
ComboFix-quarantined-files.txt 2008-06-09 10:30:17
ComboFix2.txt 2008-06-08 11:48:36
ComboFix3.txt 2008-06-08 09:36:16

Pre-Run: 144,630,288,384 tavua vapaana
Post-Run: 144,646,443,008 tavua vapaana

189   --- E O F ---   2008-05-30 15:44:33

joku kuka ei vaan osaa kirjoitti:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:25:11, on 9.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204442726923
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 7228 bytes














ComboFix 08-06-07.3 - Maarit 2008-06-09 13:27:59.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1486 [GMT 3:00]
Running from: C:\Documents and Settings\Maarit\Työpöytä\ComboFix.exe
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-09 to 2008-06-09 )))))))))))))))))
.

2008-06-09 13:25 . 2008-06-09 13:25      d--------   C:\Program Files\Trend Micro
2008-06-09 00:15 . 2008-06-09 13:23      d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 22:43 . 2008-06-08 22:43      d--h-----   C:\WINDOWS\PIF
2008-06-08 00:10 . 2008-06-08 00:15      d--------   C:\Program Files\Windows Live
2008-06-07 18:55 . 2008-06-07 18:59      d--------   C:\WINDOWS\.silabclient_store_32
2008-06-07 10:35 . 2008-06-07 10:35      d--------   C:\Documents and Settings\Maarit\Application Data\Uniblue
2008-06-07 10:29 . 2008-06-08 00:07      d--------   C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-06 20:39 . 2008-06-08 22:37   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-06-06 20:39 . 2008-06-06 20:39   1,409   --a------   C:\WINDOWS\QTFont.for
2008-06-06 15:03 . 2008-06-06 20:39   49,156   --a------   C:\Documents and Settings\Maarit\sz.exe
2008-05-30 18:12 . 2008-05-30 18:12      d--------   C:\Program Files\ZyDAS Technology Corporation
2008-05-30 18:12 . 2006-08-24 13:44   477,696   --a------   C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-05-30 18:12 . 2004-01-14 11:25   81,920   --a------   C:\WINDOWS\system32\ZDPN50.DLL
2008-05-30 18:12 . 2005-03-18 15:35   31,744   --a------   C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-05-30 18:12 . 2005-06-08 18:44   29,184   --a------   C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-05-30 18:12 . 2004-03-23 16:38   28,672   --a------   C:\WINDOWS\system32\InsDrvZD.dll
2008-05-30 18:12 . 2003-03-14 12:24   24,576   --a------   C:\WINDOWS\system32\ZyDelReg.exe
2008-05-30 18:12 . 2005-06-08 18:44   20,608   --a------   C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-05-30 18:12 . 2004-10-25 13:40   17,664   --a------   C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-05-30 18:12 . 2004-01-14 11:30   17,151   --a------   C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-05-30 18:12 . 2005-07-12 14:44   15,872   --a------   C:\WINDOWS\system32\InsDrvZD64.DLL
2008-05-29 22:48 . 2008-05-29 22:48      d--------   C:\Documents and Settings\Maarit\Application Data\FLV Extract
2008-05-09 13:30 . 2008-05-09 13:30      d--------   C:\Documents and Settings\Maarit\Application Data\Atari
2008-05-09 13:16 . 2008-05-09 13:16      d--------   C:\Program Files\Common Files\PocketSoft
2008-05-09 13:16 . 2008-05-09 13:16      d--------   C:\Documents and Settings\Maarit\Application Data\Leadertech
2008-05-09 13:16 . 2002-02-27 18:50   197,120   --a------   C:\WINDOWS\patchw32.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 10:29   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\uTorrent
2008-06-08 09:20   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 21:10   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 22:13   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\LimeWire
2008-06-06 13:36   ---------   d-----w   C:\Program Files\McAfee
2008-05-30 20:28   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\mIRC
2008-05-30 15:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-30 15:12   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-06 11:55   22,328   ----a-w   C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-06 11:54   107,832   ----a-w   C:\WINDOWS\system32\PnkBstrB.exe
2008-05-01 21:34   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2008-04-29 20:19   ---------   d-----w   C:\Program Files\MSXML 6.0
2008-04-28 13:52   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Publish Providers
2008-04-28 13:51   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Sony
2008-04-28 13:41   ---------   d-----w   C:\Program Files\Sony
2008-04-28 13:37   ---------   d-----w   C:\Program Files\Vstplugins
2008-04-28 13:37   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Sony
2008-04-28 13:01   ---------   d-----w   C:\Program Files\MSBuild
2008-04-28 12:59   ---------   d-----w   C:\Program Files\Reference Assemblies
2008-04-28 12:52   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Sony Setup
2008-04-09 09:55   ---------   d-----w   C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-04-03 16:48   66,872   ----a-w   C:\WINDOWS\system32\PnkBstrA.exe
2008-03-30 23:16   295,424   ----a-w   C:\WINDOWS\system32\bwmedia1.dll
2008-03-30 23:16   150,016   ----a-w   C:\WINDOWS\system32\bwmedia.dll
2008-03-25 04:51   621,344   ----a-w   C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51   166,688   ----a-w   C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09   1,845,504   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-03-19 13:25   1,984   ----a-w   C:\WINDOWS\system32\tmp.reg
2008-03-14 21:30   352,256   ----a-w   C:\WINDOWS\eSellerateEngine.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-08_12.35.59.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-07 15:56:15   201,323   ----a-w   C:\WINDOWS\.silabclient_store_32\code.dat
2008-06-09 07:21:10   202,262   ----a-w   C:\WINDOWS\.silabclient_store_32\code.dat
- 2008-06-08 09:32:44   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
2008-06-09 07:19:33   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
- 2008-06-08 06:12:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-06-09 07:25:16   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-08 06:12:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
2008-06-09 07:25:16   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 10:05 217088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-05-30 18:12:03 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"E:\\mIRC\\mirc.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\AoE2\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"23002:TCP"= 23002:TCP:BitComet 23002 TCP
"23002:UDP"= 23002:UDP:BitComet 23002 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"25054:TCP"= 25054:TCP:BitComet 25054 TCP
"25054:UDP"= 25054:UDP:BitComet 25054 UDP
"26941:TCP"= 26941:TCP:BitComet 26941 TCP
"26941:UDP"= 26941:UDP:BitComet 26941 UDP
"8116:TCP"= 8116:TCP:BitComet 8116 TCP
"8116:UDP"= 8116:UDP:BitComet 8116 UDP
"16695:TCP"= 16695:TCP:BitComet 16695 TCP
"16695:UDP"= 16695:UDP:BitComet 16695 UDP
"21915:TCP"= 21915:TCP:BitComet 21915 TCP
"21915:UDP"= 21915:UDP:BitComet 21915 UDP
"19569:TCP"= 19569:TCP:BitComet 19569 TCP
"19569:UDP"= 19569:UDP:BitComet 19569 UDP
"18330:TCP"= 18330:TCP:BitComet 18330 TCP
"18330:UDP"= 18330:UDP:BitComet 18330 UDP
"16413:TCP"= 16413:TCP:BitComet 16413 TCP
"16413:UDP"= 16413:UDP:BitComet 16413 UDP
"24682:TCP"= 24682:TCP:BitComet 24682 TCP
"24682:UDP"= 24682:UDP:BitComet 24682 UDP
"22552:TCP"= 22552:TCP:BitComet 22552 TCP
"22552:UDP"= 22552:UDP:BitComet 22552 UDP
"23893:TCP"= 23893:TCP:BitComet 23893 TCP
"23893:UDP"= 23893:UDP:BitComet 23893 UDP
"19507:TCP"= 19507:TCP:BitComet 19507 TCP
"19507:UDP"= 19507:UDP:BitComet 19507 UDP
"10568:TCP"= 10568:TCP:BitComet 10568 TCP
"10568:UDP"= 10568:UDP:BitComet 10568 UDP

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys []

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-02 12:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-02 12:30:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 13:29:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
Completion time: 2008-06-09 13:30:20
ComboFix-quarantined-files.txt 2008-06-09 10:30:17
ComboFix2.txt 2008-06-08 11:48:36
ComboFix3.txt 2008-06-08 09:36:16

Pre-Run: 144,630,288,384 tavua vapaana
Post-Run: 144,646,443,008 tavua vapaana

189   --- E O F ---   2008-05-30 15:44:33

Lue lisää

jos jotain olis piilossa...

Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.

FixFix kirjoitti:

jos jotain olis piilossa...

Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.

Lue lisää

SmitFraudFix v2.323

Scan done at 13:38:44,48, ma 09.06.2008
Run from C:\Documents and Settings\Maarit\Työpöytä\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Maarit


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Maarit\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Maarit\Suosikit


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: (ZD1211B)IEEE 802.11 b g USB Adapter - Paketinajoituksen miniportti
DNS Server Search Order: 192.168.0.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{603E5175-41B7-4818-A359-E339F98D531B}: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{603E5175-41B7-4818-A359-E339F98D531B}: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

joku kuka ei vaan osaa kirjoitti:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:25:11, on 9.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204442726923
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 7228 bytes














ComboFix 08-06-07.3 - Maarit 2008-06-09 13:27:59.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1486 [GMT 3:00]
Running from: C:\Documents and Settings\Maarit\Työpöytä\ComboFix.exe
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-09 to 2008-06-09 )))))))))))))))))
.

2008-06-09 13:25 . 2008-06-09 13:25      d--------   C:\Program Files\Trend Micro
2008-06-09 00:15 . 2008-06-09 13:23      d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 22:43 . 2008-06-08 22:43      d--h-----   C:\WINDOWS\PIF
2008-06-08 00:10 . 2008-06-08 00:15      d--------   C:\Program Files\Windows Live
2008-06-07 18:55 . 2008-06-07 18:59      d--------   C:\WINDOWS\.silabclient_store_32
2008-06-07 10:35 . 2008-06-07 10:35      d--------   C:\Documents and Settings\Maarit\Application Data\Uniblue
2008-06-07 10:29 . 2008-06-08 00:07      d--------   C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-06 20:39 . 2008-06-08 22:37   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-06-06 20:39 . 2008-06-06 20:39   1,409   --a------   C:\WINDOWS\QTFont.for
2008-06-06 15:03 . 2008-06-06 20:39   49,156   --a------   C:\Documents and Settings\Maarit\sz.exe
2008-05-30 18:12 . 2008-05-30 18:12      d--------   C:\Program Files\ZyDAS Technology Corporation
2008-05-30 18:12 . 2006-08-24 13:44   477,696   --a------   C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-05-30 18:12 . 2004-01-14 11:25   81,920   --a------   C:\WINDOWS\system32\ZDPN50.DLL
2008-05-30 18:12 . 2005-03-18 15:35   31,744   --a------   C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-05-30 18:12 . 2005-06-08 18:44   29,184   --a------   C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-05-30 18:12 . 2004-03-23 16:38   28,672   --a------   C:\WINDOWS\system32\InsDrvZD.dll
2008-05-30 18:12 . 2003-03-14 12:24   24,576   --a------   C:\WINDOWS\system32\ZyDelReg.exe
2008-05-30 18:12 . 2005-06-08 18:44   20,608   --a------   C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-05-30 18:12 . 2004-10-25 13:40   17,664   --a------   C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-05-30 18:12 . 2004-01-14 11:30   17,151   --a------   C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-05-30 18:12 . 2005-07-12 14:44   15,872   --a------   C:\WINDOWS\system32\InsDrvZD64.DLL
2008-05-29 22:48 . 2008-05-29 22:48      d--------   C:\Documents and Settings\Maarit\Application Data\FLV Extract
2008-05-09 13:30 . 2008-05-09 13:30      d--------   C:\Documents and Settings\Maarit\Application Data\Atari
2008-05-09 13:16 . 2008-05-09 13:16      d--------   C:\Program Files\Common Files\PocketSoft
2008-05-09 13:16 . 2008-05-09 13:16      d--------   C:\Documents and Settings\Maarit\Application Data\Leadertech
2008-05-09 13:16 . 2002-02-27 18:50   197,120   --a------   C:\WINDOWS\patchw32.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 10:29   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\uTorrent
2008-06-08 09:20   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 21:10   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 22:13   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\LimeWire
2008-06-06 13:36   ---------   d-----w   C:\Program Files\McAfee
2008-05-30 20:28   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\mIRC
2008-05-30 15:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-30 15:12   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-06 11:55   22,328   ----a-w   C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-06 11:54   107,832   ----a-w   C:\WINDOWS\system32\PnkBstrB.exe
2008-05-01 21:34   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2008-04-29 20:19   ---------   d-----w   C:\Program Files\MSXML 6.0
2008-04-28 13:52   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Publish Providers
2008-04-28 13:51   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Sony
2008-04-28 13:41   ---------   d-----w   C:\Program Files\Sony
2008-04-28 13:37   ---------   d-----w   C:\Program Files\Vstplugins
2008-04-28 13:37   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Sony
2008-04-28 13:01   ---------   d-----w   C:\Program Files\MSBuild
2008-04-28 12:59   ---------   d-----w   C:\Program Files\Reference Assemblies
2008-04-28 12:52   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Sony Setup
2008-04-09 09:55   ---------   d-----w   C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-04-03 16:48   66,872   ----a-w   C:\WINDOWS\system32\PnkBstrA.exe
2008-03-30 23:16   295,424   ----a-w   C:\WINDOWS\system32\bwmedia1.dll
2008-03-30 23:16   150,016   ----a-w   C:\WINDOWS\system32\bwmedia.dll
2008-03-25 04:51   621,344   ----a-w   C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51   166,688   ----a-w   C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09   1,845,504   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-03-19 13:25   1,984   ----a-w   C:\WINDOWS\system32\tmp.reg
2008-03-14 21:30   352,256   ----a-w   C:\WINDOWS\eSellerateEngine.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-08_12.35.59.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-07 15:56:15   201,323   ----a-w   C:\WINDOWS\.silabclient_store_32\code.dat
2008-06-09 07:21:10   202,262   ----a-w   C:\WINDOWS\.silabclient_store_32\code.dat
- 2008-06-08 09:32:44   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
2008-06-09 07:19:33   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
- 2008-06-08 06:12:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-06-09 07:25:16   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-08 06:12:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
2008-06-09 07:25:16   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 10:05 217088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-05-30 18:12:03 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"E:\\mIRC\\mirc.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\AoE2\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"23002:TCP"= 23002:TCP:BitComet 23002 TCP
"23002:UDP"= 23002:UDP:BitComet 23002 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"25054:TCP"= 25054:TCP:BitComet 25054 TCP
"25054:UDP"= 25054:UDP:BitComet 25054 UDP
"26941:TCP"= 26941:TCP:BitComet 26941 TCP
"26941:UDP"= 26941:UDP:BitComet 26941 UDP
"8116:TCP"= 8116:TCP:BitComet 8116 TCP
"8116:UDP"= 8116:UDP:BitComet 8116 UDP
"16695:TCP"= 16695:TCP:BitComet 16695 TCP
"16695:UDP"= 16695:UDP:BitComet 16695 UDP
"21915:TCP"= 21915:TCP:BitComet 21915 TCP
"21915:UDP"= 21915:UDP:BitComet 21915 UDP
"19569:TCP"= 19569:TCP:BitComet 19569 TCP
"19569:UDP"= 19569:UDP:BitComet 19569 UDP
"18330:TCP"= 18330:TCP:BitComet 18330 TCP
"18330:UDP"= 18330:UDP:BitComet 18330 UDP
"16413:TCP"= 16413:TCP:BitComet 16413 TCP
"16413:UDP"= 16413:UDP:BitComet 16413 UDP
"24682:TCP"= 24682:TCP:BitComet 24682 TCP
"24682:UDP"= 24682:UDP:BitComet 24682 UDP
"22552:TCP"= 22552:TCP:BitComet 22552 TCP
"22552:UDP"= 22552:UDP:BitComet 22552 UDP
"23893:TCP"= 23893:TCP:BitComet 23893 TCP
"23893:UDP"= 23893:UDP:BitComet 23893 UDP
"19507:TCP"= 19507:TCP:BitComet 19507 TCP
"19507:UDP"= 19507:UDP:BitComet 19507 UDP
"10568:TCP"= 10568:TCP:BitComet 10568 TCP
"10568:UDP"= 10568:UDP:BitComet 10568 UDP

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys []

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-02 12:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-02 12:30:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 13:29:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
Completion time: 2008-06-09 13:30:20
ComboFix-quarantined-files.txt 2008-06-09 10:30:17
ComboFix2.txt 2008-06-08 11:48:36
ComboFix3.txt 2008-06-08 09:36:16

Pre-Run: 144,630,288,384 tavua vapaana
Post-Run: 144,646,443,008 tavua vapaana

189   --- E O F ---   2008-05-30 15:44:33

Lue lisää

kanssa

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

[quote]

File::
C:\Documents and Settings\Maarit\sz.exe

[/quote]

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.
[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

FixFix kirjoitti:

kanssa

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

[quote]

File::
C:\Documents and Settings\Maarit\sz.exe

[/quote]

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.
[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

Lue lisää

ComboFix 08-06-07.3 - Maarit 2008-06-09 13:47:45.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1474 [GMT 3:00]
Running from: C:\Documents and Settings\Maarit\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maarit\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\Documents and Settings\Maarit\sz.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Maarit\sz.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-09 to 2008-06-09 )))))))))))))))))
.

2008-06-09 13:25 . 2008-06-09 13:25      d--------   C:\Program Files\Trend Micro
2008-06-09 00:15 . 2008-06-09 13:23      d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 22:43 . 2008-06-08 22:43      d--h-----   C:\WINDOWS\PIF
2008-06-08 00:10 . 2008-06-08 00:15      d--------   C:\Program Files\Windows Live
2008-06-07 18:55 . 2008-06-07 18:59      d--------   C:\WINDOWS\.silabclient_store_32
2008-06-07 10:35 . 2008-06-07 10:35      d--------   C:\Documents and Settings\Maarit\Application Data\Uniblue
2008-06-07 10:29 . 2008-06-08 00:07      d--------   C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-06 20:39 . 2008-06-08 22:37   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-06-06 20:39 . 2008-06-06 20:39   1,409   --a------   C:\WINDOWS\QTFont.for
2008-05-30 18:12 . 2008-05-30 18:12      d--------   C:\Program Files\ZyDAS Technology Corporation
2008-05-30 18:12 . 2006-08-24 13:44   477,696   --a------   C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-05-30 18:12 . 2004-01-14 11:25   81,920   --a------   C:\WINDOWS\system32\ZDPN50.DLL
2008-05-30 18:12 . 2005-03-18 15:35   31,744   --a------   C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-05-30 18:12 . 2005-06-08 18:44   29,184   --a------   C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-05-30 18:12 . 2004-03-23 16:38   28,672   --a------   C:\WINDOWS\system32\InsDrvZD.dll
2008-05-30 18:12 . 2003-03-14 12:24   24,576   --a------   C:\WINDOWS\system32\ZyDelReg.exe
2008-05-30 18:12 . 2005-06-08 18:44   20,608   --a------   C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-05-30 18:12 . 2004-10-25 13:40   17,664   --a------   C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-05-30 18:12 . 2004-01-14 11:30   17,151   --a------   C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-05-30 18:12 . 2005-07-12 14:44   15,872   --a------   C:\WINDOWS\system32\InsDrvZD64.DLL
2008-05-29 22:48 . 2008-05-29 22:48      d--------   C:\Documents and Settings\Maarit\Application Data\FLV Extract
2008-05-09 13:30 . 2008-05-09 13:30      d--------   C:\Documents and Settings\Maarit\Application Data\Atari
2008-05-09 13:16 . 2008-05-09 13:16      d--------   C:\Program Files\Common Files\PocketSoft
2008-05-09 13:16 . 2008-05-09 13:16      d--------   C:\Documents and Settings\Maarit\Application Data\Leadertech
2008-05-09 13:16 . 2002-02-27 18:50   197,120   --a------   C:\WINDOWS\patchw32.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 10:48   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\uTorrent
2008-06-09 10:38   1,852   ----a-w   C:\WINDOWS\system32\tmp.reg
2008-06-08 09:20   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 21:10   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 22:13   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\LimeWire
2008-06-06 13:36   ---------   d-----w   C:\Program Files\McAfee
2008-05-30 20:28   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\mIRC
2008-05-30 15:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-30 15:12   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-06 11:55   22,328   ----a-w   C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-06 11:54   107,832   ----a-w   C:\WINDOWS\system32\PnkBstrB.exe
2008-05-01 21:34   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2008-04-29 20:19   ---------   d-----w   C:\Program Files\MSXML 6.0
2008-04-28 13:52   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Publish Providers
2008-04-28 13:51   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Sony
2008-04-28 13:41   ---------   d-----w   C:\Program Files\Sony
2008-04-28 13:37   ---------   d-----w   C:\Program Files\Vstplugins
2008-04-28 13:37   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Sony
2008-04-28 13:01   ---------   d-----w   C:\Program Files\MSBuild
2008-04-28 12:59   ---------   d-----w   C:\Program Files\Reference Assemblies
2008-04-28 12:52   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Sony Setup
2008-04-09 09:55   ---------   d-----w   C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-04-03 16:48   66,872   ----a-w   C:\WINDOWS\system32\PnkBstrA.exe
2008-03-30 23:16   295,424   ----a-w   C:\WINDOWS\system32\bwmedia1.dll
2008-03-30 23:16   150,016   ----a-w   C:\WINDOWS\system32\bwmedia.dll
2008-03-25 04:51   621,344   ----a-w   C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51   166,688   ----a-w   C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09   1,845,504   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-03-14 21:30   352,256   ----a-w   C:\WINDOWS\eSellerateEngine.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-08_12.35.59.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-07 15:56:15   201,323   ----a-w   C:\WINDOWS\.silabclient_store_32\code.dat
2008-06-09 07:21:10   202,262   ----a-w   C:\WINDOWS\.silabclient_store_32\code.dat
- 2008-06-08 09:32:44   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
2008-06-09 07:19:33   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
- 2008-06-08 06:12:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-06-09 07:25:16   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-08 06:12:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
2008-06-09 07:25:16   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 10:05 217088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-05-30 18:12:03 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"E:\\mIRC\\mirc.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\AoE2\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"23002:TCP"= 23002:TCP:BitComet 23002 TCP
"23002:UDP"= 23002:UDP:BitComet 23002 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"25054:TCP"= 25054:TCP:BitComet 25054 TCP
"25054:UDP"= 25054:UDP:BitComet 25054 UDP
"26941:TCP"= 26941:TCP:BitComet 26941 TCP
"26941:UDP"= 26941:UDP:BitComet 26941 UDP
"8116:TCP"= 8116:TCP:BitComet 8116 TCP
"8116:UDP"= 8116:UDP:BitComet 8116 UDP
"16695:TCP"= 16695:TCP:BitComet 16695 TCP
"16695:UDP"= 16695:UDP:BitComet 16695 UDP
"21915:TCP"= 21915:TCP:BitComet 21915 TCP
"21915:UDP"= 21915:UDP:BitComet 21915 UDP
"19569:TCP"= 19569:TCP:BitComet 19569 TCP
"19569:UDP"= 19569:UDP:BitComet 19569 UDP
"18330:TCP"= 18330:TCP:BitComet 18330 TCP
"18330:UDP"= 18330:UDP:BitComet 18330 UDP
"16413:TCP"= 16413:TCP:BitComet 16413 TCP
"16413:UDP"= 16413:UDP:BitComet 16413 UDP
"24682:TCP"= 24682:TCP:BitComet 24682 TCP
"24682:UDP"= 24682:UDP:BitComet 24682 UDP
"22552:TCP"= 22552:TCP:BitComet 22552 TCP
"22552:UDP"= 22552:UDP:BitComet 22552 UDP
"23893:TCP"= 23893:TCP:BitComet 23893 TCP
"23893:UDP"= 23893:UDP:BitComet 23893 UDP
"19507:TCP"= 19507:TCP:BitComet 19507 TCP
"19507:UDP"= 19507:UDP:BitComet 19507 UDP
"10568:TCP"= 10568:TCP:BitComet 10568 TCP
"10568:UDP"= 10568:UDP:BitComet 10568 UDP

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys []

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-02 12:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-02 12:30:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 13:48:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
Completion time: 2008-06-09 13:49:27
ComboFix-quarantined-files.txt 2008-06-09 10:49:10
ComboFix2.txt 2008-06-09 10:30:21
ComboFix3.txt 2008-06-08 11:48:36
ComboFix4.txt 2008-06-08 09:36:16

Pre-Run: 144,624,619,520 tavua vapaana
Post-Run: 144,615,800,832 tavua vapaana

195   --- E O F ---   2008-05-30 15:44:33

joku kuka ei vaan osaa kirjoitti:

SmitFraudFix v2.323

Scan done at 13:38:44,48, ma 09.06.2008
Run from C:\Documents and Settings\Maarit\Työpöytä\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Maarit


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Maarit\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Maarit\Suosikit


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: (ZD1211B)IEEE 802.11 b g USB Adapter - Paketinajoituksen miniportti
DNS Server Search Order: 192.168.0.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{603E5175-41B7-4818-A359-E339F98D531B}: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{603E5175-41B7-4818-A359-E339F98D531B}: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Lue lisää

mites kone toimii

FixFix kirjoitti:

mites kone toimii

ei hidastele ja ei käynnistäessä herjaa enää mitää, hyvin. kiitos avusta