Jos joku vaan viittis auttaa,oon ikuisesti kiitollinen!Afterdawn,virustorjunta.net,google eikä paljo mikään muukaan toimi netissä,eli ei linkkejä niihin...Koneista tajua mitään,mutta helpatkaapas fiksummat :)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:40:28, on 17.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\servicean.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\wmplayer.exe
C:\WINDOWS\winudpmgrs.exe
C:\Windows\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Daemon\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1C5F6AF4-F34D-45A0-BEC4-A0483B8CFAA0} - C:\WINDOWS\system32\qoMgeFUk.dll (file missing)
O2 - BHO: {9aacb063-328a-b5aa-7674-f6b02a694514} - {415496a2-0b6f-4767-aa5b-a823360bcaa9} - C:\WINDOWS\system32\vcwebwtf.dll
O2 - BHO: (no name) - {5F10F876-F702-433E-85A2-C6B297B0719B} - C:\WINDOWS\system32\qoMcdddB.dll (file missing)
O2 - BHO: (no name) - {5F11D5D5-3FB2-4ADD-84AD-D69BC9A5D312} - C:\WINDOWS\system32\byXNgdbB.dll
O2 - BHO: (no name) - {70DC0931-1F14-4CE1-8BC8-CC92C48014EC} - C:\WINDOWS\system32\wvUnLBTj.dll
O2 - BHO: (no name) - {74673317-2CC8-4C96-944D-B2356AFAF1C7} - C:\WINDOWS\system32\byXRkLeC.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C108AE59-C97F-4517-8B74-5590BE3C2A82} - C:\WINDOWS\system32\ddcbXOif.dll (file missing)
O2 - BHO: Data Tracker - {EADA1EAF-22C3-D5AF-E6DF-F66433041251} - C:\WINDOWS\system32\gnwtae32.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Perheturva\fssui.exe" -autorun
O4 - HKLM\..\Run: [Windows svchost] servicean.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Media Player] wmplayer.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgrs.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\msnmsgr.exe
O4 - HKLM\..\Run: [90484cae] rundll32.exe "C:\WINDOWS\system32\xwbaxuia.dll",b
O4 - HKLM\..\Run: [BM937b7f32] Rundll32.exe "C:\WINDOWS\system32\qmsjymfl.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Arto\Application Data\Microsoft\dtsc\10929.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Daemon\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O20 - Winlogon Notify: byXNgdbB - C:\WINDOWS\SYSTEM32\byXNgdbB.dll
O20 - Winlogon Notify: ddcbXOif - ddcbXOif.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Smart (clr_optimization_v2.0.50727_32 Smart) - Unknown owner - C:\WINDOWS\system32\acelpdecy.exe
O23 - Service: Windows Live OneCare – perheturva (fsssvc) - Unknown owner - C:\Program Files\Windows Live\Perheturva\fsssvc.exe (file missing)
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu ImapiServicelanmanworkstation (ImapiServicelanmanworkstation) - Unknown owner - C:\WINDOWS\system32\accwizh.exe
O23 - Service: Remote Access Auto Connection -hallinta RasAutoHidServ (RasAutoHidServ) - Unknown owner - C:\WINDOWS\system32\actmoviei.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Telnet TlntSvrsrservice (TlntSvrsrservice) - Unknown owner - C:\WINDOWS\system32\ahuid.exe
O23 - Service: Tietoturvakeskus wscsvcWmdmPmSN (wscsvcWmdmPmSN) - Unknown owner - C:\WINDOWS\system32\1037h.exe
O23 - Service: Automaattiset päivitykset wuauservAlerter (wuauservAlerter) - Unknown owner - C:\WINDOWS\system32\advpack.dlll.exe
--
End of file - 10613 bytes
Apuaaa,tässä loki ja mitäs sitten??
33
2573
Vastaukset
- Fix.Fix
1.Lataa combofix.exe työpöydällesi yhdestä, kahdesta klinkistä:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
*******
Avaa Muistio ja kopioi/liitä viivojen välistä sisältö sinne:
___________
File::
C:\WINDOWS\servicean.exe
C:\WINDOWS\wmplayer.exe
C:\WINDOWS\winudpmgrs.exe
C:\Windows\msnmsgr.exe
C:\WINDOWS\system32\xwbaxuia.dll
C:\WINDOWS\system32\qmsjymfl.dll
C:\WINDOWS\system32\qoMgeFUk.dll
C:\WINDOWS\system32\vcwebwtf.dll
C:\WINDOWS\system32\qoMcdddB.dll
C:\WINDOWS\system32\byXNgdbB.dll
C:\WINDOWS\system32\wvUnLBTj.dll
C:\WINDOWS\system32\byXRkLeC.dll
C:\WINDOWS\system32\ddcbXOif.dll
C:\WINDOWS\system32\gnwtae32.dll
__________
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
***********
scannaa hjt:llä merkkaa paina Fix checked
O2 - BHO: (no name) - {1C5F6AF4-F34D-45A0-BEC4-A0483B8CFAA0} - C:\WINDOWS\system32\qoMgeFUk.dll (file missing)
O2 - BHO: {9aacb063-328a-b5aa-7674-f6b02a694514} - {415496a2-0b6f-4767-aa5b-a823360bcaa9} - C:\WINDOWS\system32\vcwebwtf.dll
O2 - BHO: (no name) - {5F10F876-F702-433E-85A2-C6B297B0719B} - C:\WINDOWS\system32\qoMcdddB.dll (file missing)
O2 - BHO: (no name) - {5F11D5D5-3FB2-4ADD-84AD-D69BC9A5D312} - C:\WINDOWS\system32\byXNgdbB.dll
O2 - BHO: (no name) - {70DC0931-1F14-4CE1-8BC8-CC92C48014EC} - C:\WINDOWS\system32\wvUnLBTj.dll
O2 - BHO: (no name) - {74673317-2CC8-4C96-944D-B2356AFAF1C7} - C:\WINDOWS\system32\byXRkLeC.dll (file missing)
O2 - BHO: (no name) - {C108AE59-C97F-4517-8B74-5590BE3C2A82} - C:\WINDOWS\system32\ddcbXOif.dll (file missing)
O2 - BHO: Data Tracker - {EADA1EAF-22C3-D5AF-E6DF-F66433041251} - C:\WINDOWS\system32\gnwtae32.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows svchost] servicean.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Media Player] wmplayer.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgrs.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\msnmsgr.exe
O4 - HKLM\..\Run: [90484cae] rundll32.exe "C:\WINDOWS\system32\xwbaxuia.dll",b
O4 - HKLM\..\Run: [BM937b7f32] Rundll32.exe "C:\WINDOWS\system32\qmsjymfl.dll",s
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Arto\Application Data\Microsoft\dtsc\10929.exe
O20 - Winlogon Notify: byXNgdbB - C:\WINDOWS\SYSTEM32\byXNgdbB.dll
O20 - Winlogon Notify: ddcbXOif - ddcbXOif.dll (file missing)
**********
Lataa Malwarebytes' Anti-Malware työpöydällesi.
http://www.besttechie.net/tools/mbam-setup.exe
" Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
" Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
" Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
" Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
" Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
" Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
" Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
" Lähetä lokin sisältö seuraavassa viestissäsi.- En ehkä ammukkaan
Eli tässä sitten se combofixin loki,kiitoksia neuvoista tähän mennessä!
ComboFix 08-06-16.2 - Arto 2008-06-17 13:50:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.583 [GMT 3:00]
Running from: C:\Documents and Settings\Arto\Työpöytä\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Arto\Application Data\Microsoft\dtsc
C:\Documents and Settings\Arto\Application Data\Microsoft\dtsc\10929.exe
C:\Documents and Settings\Arto\Application Data\Microsoft\dtsc\3037.dll
C:\Documents and Settings\Arto\Application Data\Microsoft\dtsc\7050.dll
C:\Documents and Settings\Arto\Application Data\Microsoft\dtsc\id
C:\Documents and Settings\NetworkService\Application Data\wsnpoem
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll
C:\WINDOWS\BM937b7f32.xml
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\msacm32.drv
C:\WINDOWS\msnmsgr.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aiuxabwx.ini
C:\WINDOWS\system32\BdddcMoq.ini
C:\WINDOWS\system32\BdddcMoq.ini2
C:\WINDOWS\system32\byXNgdbB.dll
C:\WINDOWS\system32\cbXQjiiI.dll
C:\WINDOWS\system32\CeLkRXyb.ini
C:\WINDOWS\system32\CeLkRXyb.ini2
C:\WINDOWS\system32\ddcBSIyX.dll
C:\WINDOWS\system32\efcYspNe.dll
C:\WINDOWS\system32\elqtfqwh.ini
C:\WINDOWS\system32\faktryio.ini
C:\WINDOWS\system32\fccdCroL.dll
C:\WINDOWS\system32\hgGaxwuv.dll
C:\WINDOWS\system32\htidwkat.dll
C:\WINDOWS\system32\iiffEtus.dll
C:\WINDOWS\system32\jTBLnUvw.ini
C:\WINDOWS\system32\jTBLnUvw.ini2
C:\WINDOWS\system32\kaqfgfcr.ini
C:\WINDOWS\system32\khfcAQjI.dll
C:\WINDOWS\system32\khfDuRig.dll
C:\WINDOWS\system32\kUFegMoq.ini
C:\WINDOWS\system32\kUFegMoq.ini2
C:\WINDOWS\system32\ljJYPhHy.dll
C:\WINDOWS\system32\lrbabnkh.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\opnnkhIY.dll
C:\WINDOWS\system32\peabeouu.ini
C:\WINDOWS\system32\pmnlMedC.dll
C:\WINDOWS\system32\qmsjymfl.dll
C:\WINDOWS\system32\qnrvqsfm.dll
C:\WINDOWS\system32\qoMgFvUK.dll
C:\WINDOWS\system32\ssqNFWpq.dll
C:\WINDOWS\system32\tuvWnMDV.dll
C:\WINDOWS\system32\urqNHWqn.dll
C:\WINDOWS\system32\urqOGAqQ.dll
C:\WINDOWS\system32\urqPiggH.dll
C:\WINDOWS\system32\urqRiged.dll
C:\WINDOWS\system32\vcwebwtf.dll
C:\WINDOWS\system32\vietidoi.ini
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\system32\vtUlIcab.dll
C:\WINDOWS\system32\wvUlkIyX.dll
C:\WINDOWS\system32\wvUnLBTj.dll
C:\WINDOWS\system32\xwbaxuia.dll
C:\WINDOWS\system32\yayvVLDv.dll
C:\WINDOWS\ups.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSUPDATE
-------\Service_narqwe
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-17 to 2008-06-17 )))))))))))))))))
.
2008-06-17 13:39 . 2008-06-17 13:39 d-------- C:\Program Files\Trend Micro
2008-06-17 12:41 . 2008-06-17 12:41 2,231 --a------ C:\iss.exe
2008-06-17 11:30 . 2008-06-17 11:30 41,984 -r-hs---- C:\WINDOWS\system32\ahuid.exe
2008-06-17 11:09 . 2008-06-17 11:09 41,984 -r-hs---- C:\WINDOWS\system32\actmoviei.exe
2008-06-17 11:02 . 2008-06-17 11:02 41,984 -r-hs---- C:\WINDOWS\system32\1037h.exe
2008-06-17 10:56 . 2008-06-17 10:56 41,984 -r-hs---- C:\WINDOWS\system32\advpack.dlll.exe
2008-06-17 10:55 . 2008-06-17 10:55 36 --a------ C:\WINDOWS\rasqervy.dll
2008-06-17 10:55 . 2008-06-17 10:55 8 --a------ C:\WINDOWS\sdfinacs.dll
2008-06-17 10:54 . 2008-06-17 13:50 5 --a------ C:\WINDOWS\sdfixwcs.dll
2008-06-17 02:57 . 2008-06-17 11:30 176 --a------ C:\WINDOWS\wuasirvy.dll
2008-06-17 00:30 . 2008-06-17 00:30 48,585 --a------ C:\WINDOWS\system32\acelpdecyr.sys
2008-06-17 00:30 . 2008-06-17 00:30 23,040 --ahs---- C:\WINDOWS\system32\1033y.dll
2008-06-17 00:29 . 2008-06-17 00:28 41,984 -r-hs---- C:\WINDOWS\system32\acelpdecy.exe
2008-06-17 00:27 . 2008-06-17 10:54 170 --a-s---- C:\WINDOWS\system32\1991136218.dat
2008-06-17 00:26 . 2008-06-17 00:26 41,984 -r-hs---- C:\WINDOWS\system32\accwizh.exe
2008-06-16 20:51 . 2008-06-16 20:51 37,001 -r-hs---- C:\WINDOWS\servicean.exe
2008-06-16 20:51 . 2008-06-16 20:51 37,001 --a------ C:\Documents and Settings\Arto\aaaa.exe
2008-06-16 20:51 . 2008-06-16 20:51 36,465 --a------ C:\Documents and Settings\Arto\p.exe
2008-06-16 20:46 . 2008-06-16 20:46 389,120 --a------ C:\Documents and Settings\Arto\a.com
2008-06-16 20:00 . 2008-06-16 20:00 36,465 -r-hs---- C:\WINDOWS\winudpmgrs.exe
2008-06-15 21:34 . 2008-06-15 21:34 36,983 -r-hs---- C:\WINDOWS\winedit.exe
2008-06-15 21:34 . 2008-06-15 21:34 36,983 --a------ C:\Documents and Settings\Arto\sbot.exe
2008-06-15 18:54 . 2008-06-15 18:54 36,517 -r-hs---- C:\WINDOWS\wmplayer.exe
2008-06-15 18:39 . 2008-06-15 18:39 d-------- C:\Documents and Settings\Arto\Application Data\Apple Computer
2008-06-15 18:37 . 2008-06-15 18:38 d-------- C:\Program Files\QuickTime
2008-06-15 18:37 . 2008-06-15 18:37 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Program Files\Apple Software Update
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-13 21:04 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 15:52 . 2008-06-05 00:44 d-------- C:\Documents and Settings\Arto\Application Data\.purple
2008-06-03 21:14 . 2008-06-04 13:46 3,419 --a------ C:\WINDOWS\is154890.exe
2008-05-30 16:55 . 2008-06-04 16:03 3,424 --a------ C:\Documents and Settings\Arto\setup.exe
2008-05-29 21:18 . 2008-05-29 21:18 244 --ah----- C:\sqmnoopt01.sqm
2008-05-29 21:18 . 2008-05-29 21:18 232 --ah----- C:\sqmdata01.sqm
2008-05-27 22:03 . 2008-05-27 22:03 56,832 -r-hs---- C:\WINDOWS\winudspm.exe
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-05-22 22:06 . 2008-06-15 13:10 d-------- C:\Program Files\PartyGaming
2008-05-22 19:35 . 2008-05-22 19:35 d-------- C:\Documents and Settings\Arto\Application Data\Sports Interactive
2008-05-22 19:31 . 2008-05-22 19:31 d-------- C:\Program Files\Sports Interactive
2008-05-22 17:45 . 2008-05-22 17:45 d-------- C:\Program Files\Alwil Software
2008-05-22 15:15 . 2008-06-17 13:58 d-------- C:\Documents and Settings\Arto\Application Data\uTorrent
2008-05-21 16:17 . 2008-05-21 16:17 59 --a------ C:\WINDOWS\pp.enc
2008-05-19 23:21 . 2008-05-19 23:55 d-------- C:\Program Files\MagicISO
2008-05-19 22:40 . 2008-05-19 22:40 d-------- C:\Documents and Settings\Arto\Application Data\WhenU
2008-05-19 22:20 . 2008-05-19 22:20 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-19 22:13 . 2008-05-19 22:13 dr-h----- C:\Documents and Settings\Arto\Application Data\SecuROM
2008-05-19 22:13 . 2008-05-19 22:13 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Program Files\Zero G Registry
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Documents and Settings\Arto\InstallAnywhere
2008-05-19 00:11 . 2008-05-22 18:04 d-------- C:\Program Files\uTorrent
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 00:29 --------- d-----w C:\Program Files\Windows Live
2008-06-17 00:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-17 00:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 10:36 --------- d-----w C:\Documents and Settings\Arto\Application Data\Microgaming
2008-05-27 20:58 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-22 14:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\Arto\Application Data\Lavasoft
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-21 12:30 --------- d-----w C:\Program Files\Symantec
2008-05-21 12:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-21 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\Arto\Application Data\TVU Networks
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-04-23 18:55 --------- d-----w C:\Documents and Settings\Arto\Application Data\ppStream
2008-04-23 18:50 --------- d-----w C:\Program Files\Common Files\Synacast
2008-04-23 18:50 --------- d-----w C:\Documents and Settings\Arto\Application Data\PPMate
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.
------- Sigcheck -------
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\system32\svchost.exe
2007-03-08 18:50 578560 90f1d04938bae133e2f4d8f7f0fa4fa0 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 21:18 577536 aeefa9d983c986e7a8d6d80ca165b93f C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-09-14 16:12 577536 44c02bc54d56ed3a685302e91396720a C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\dllcache\user32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\system32\ws2_32.dll
2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-04-20 14:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\system32\winlogon.exe
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2006-12-19 21:45 2061696 8f3bbe9045dfe4d89b24552fcba0e8b2 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 19:08 2061696 8bacc2a67078823acab7c8306f394918 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2005-03-02 21:08 2059136 1c09a92e5a1c21ca1ad367f13f9b5a9d C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 21:22 2059904 09e0237ef89c06c44b8433733060573f C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-09-14 16:08 2059136 e6cbe47b5ea01ce981e4663900f04a15 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2006-12-19 21:45 2184320 8f8898bc0cb9fd8c6b0a575367a977bd C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 19:08 2184448 7ff07a634379ee2fd2b097fd76c49bfc C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2005-03-02 21:08 2181632 ae8d156d1028fba3939609f4c39eb1f1 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 21:22 2182656 22a830ae087de7e3d72c4b1d9611bf6e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-09-14 16:08 2183296 2a8e38e78177bf83c73897511a4eecd0 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\system32\dllcache\explorer.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\system32\services.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\system32\lsass.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\system32\ctfmon.exe
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C5F6AF4-F34D-45A0-BEC4-A0483B8CFAA0}]
C:\WINDOWS\system32\qoMgeFUk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F10F876-F702-433E-85A2-C6B297B0719B}]
C:\WINDOWS\system32\qoMcdddB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74673317-2CC8-4C96-944D-B2356AFAF1C7}]
C:\WINDOWS\system32\byXRkLeC.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C108AE59-C97F-4517-8B74-5590BE3C2A82}]
C:\WINDOWS\system32\ddcbXOif.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EADA1EAF-22C3-D5AF-E6DF-F66433041251}]
C:\WINDOWS\system32\gnwtae32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"DAEMON Tools"="D:\Daemon\DAEMON Tools\daemon.exe" [2007-04-04 01:29 165784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:40 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-14 16:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 12:46 46592 C:\WINDOWS\SOUNDMAN.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07 617984]
"EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.exe" [2003-11-25 04:00 99840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10 49263]
"fssui"="C:\Program Files\Windows Live\Perheturva\fssui.exe" [ ]
"Windows svchost"="servicean.exe" [2008-06-16 20:51 37001 C:\WINDOWS\servicean.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C108AE59-C97F-4517-8B74-5590BE3C2A82}"= C:\WINDOWS\system32\ddcbXOif.dll [ ]
"{A6F5090F-D9EC-4263-9D7D-2968C5179291}"= C:\WINDOWS\system32\iifebCSk.dll [2008-06-17 14:03 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbXOif]
ddcbXOif.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifebCSk]
iifebCSk.dll 2008-06-17 14:03 24576 C:\WINDOWS\system32\iifebCSk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21936:TCP"= 21936:TCP:*:Disabled:BitComet 21936 TCP
"21936:UDP"= 21936:UDP:*:Disabled:BitComet 21936 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S2 clr_optimization_v2.0.50727_32 Smart;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Smart;C:\WINDOWS\system32\acelpdecy.exe [2008-06-17 00:28]
S2 fsssvc;Windows Live OneCare – perheturva;"C:\Program Files\Windows Live\Perheturva\fsssvc.exe" []
S2 ImapiServicelanmanworkstation;CD-levyjen kirjoittamisen IMAPI COM -palvelu ImapiServicelanmanworkstation;C:\WINDOWS\system32\accwizh.exe [2008-06-17 00:26]
S2 qandr;qandr;C:\WINDOWS\system32\drivers\qandr.sys []
S2 RasAutoHidServ;Remote Access Auto Connection -hallinta RasAutoHidServ;C:\WINDOWS\system32\actmoviei.exe [2008-06-17 11:09]
S2 TlntSvrsrservice;Telnet TlntSvrsrservice;C:\WINDOWS\system32\ahuid.exe [2008-06-17 11:30]
S2 wscsvcWmdmPmSN;Tietoturvakeskus wscsvcWmdmPmSN;C:\WINDOWS\system32\1037h.exe [2008-06-17 11:02]
S2 wuauservAlerter;Automaattiset päivitykset wuauservAlerter;C:\WINDOWS\system32\advpack.dlll.exe [2008-06-17 10:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b80-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b81-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105e-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105f-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-06-16 09:06:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-08-17 18:20:03 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 14:00:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\iifebCSk.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-06-17 14:07:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-17 11:07:07
Pre-Run: 65,591,799,808 tavua vapaana
Post-Run: 66,389,581,824 tavua vapaana
319 --- E O F --- 2008-06-14 08:03:37 - Ampuja
En ehkä ammukkaan kirjoitti:
Eli tässä sitten se combofixin loki,kiitoksia neuvoista tähän mennessä!
ComboFix 08-06-16.2 - Arto 2008-06-17 13:50:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.583 [GMT 3:00]
Running from: C:\Documents and Settings\Arto\Työpöytä\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Arto\Application Data\Microsoft\dtsc
C:\Documents and Settings\Arto\Application Data\Microsoft\dtsc\10929.exe
C:\Documents and Settings\Arto\Application Data\Microsoft\dtsc\3037.dll
C:\Documents and Settings\Arto\Application Data\Microsoft\dtsc\7050.dll
C:\Documents and Settings\Arto\Application Data\Microsoft\dtsc\id
C:\Documents and Settings\NetworkService\Application Data\wsnpoem
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll
C:\WINDOWS\BM937b7f32.xml
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\msacm32.drv
C:\WINDOWS\msnmsgr.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aiuxabwx.ini
C:\WINDOWS\system32\BdddcMoq.ini
C:\WINDOWS\system32\BdddcMoq.ini2
C:\WINDOWS\system32\byXNgdbB.dll
C:\WINDOWS\system32\cbXQjiiI.dll
C:\WINDOWS\system32\CeLkRXyb.ini
C:\WINDOWS\system32\CeLkRXyb.ini2
C:\WINDOWS\system32\ddcBSIyX.dll
C:\WINDOWS\system32\efcYspNe.dll
C:\WINDOWS\system32\elqtfqwh.ini
C:\WINDOWS\system32\faktryio.ini
C:\WINDOWS\system32\fccdCroL.dll
C:\WINDOWS\system32\hgGaxwuv.dll
C:\WINDOWS\system32\htidwkat.dll
C:\WINDOWS\system32\iiffEtus.dll
C:\WINDOWS\system32\jTBLnUvw.ini
C:\WINDOWS\system32\jTBLnUvw.ini2
C:\WINDOWS\system32\kaqfgfcr.ini
C:\WINDOWS\system32\khfcAQjI.dll
C:\WINDOWS\system32\khfDuRig.dll
C:\WINDOWS\system32\kUFegMoq.ini
C:\WINDOWS\system32\kUFegMoq.ini2
C:\WINDOWS\system32\ljJYPhHy.dll
C:\WINDOWS\system32\lrbabnkh.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\opnnkhIY.dll
C:\WINDOWS\system32\peabeouu.ini
C:\WINDOWS\system32\pmnlMedC.dll
C:\WINDOWS\system32\qmsjymfl.dll
C:\WINDOWS\system32\qnrvqsfm.dll
C:\WINDOWS\system32\qoMgFvUK.dll
C:\WINDOWS\system32\ssqNFWpq.dll
C:\WINDOWS\system32\tuvWnMDV.dll
C:\WINDOWS\system32\urqNHWqn.dll
C:\WINDOWS\system32\urqOGAqQ.dll
C:\WINDOWS\system32\urqPiggH.dll
C:\WINDOWS\system32\urqRiged.dll
C:\WINDOWS\system32\vcwebwtf.dll
C:\WINDOWS\system32\vietidoi.ini
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\system32\vtUlIcab.dll
C:\WINDOWS\system32\wvUlkIyX.dll
C:\WINDOWS\system32\wvUnLBTj.dll
C:\WINDOWS\system32\xwbaxuia.dll
C:\WINDOWS\system32\yayvVLDv.dll
C:\WINDOWS\ups.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSUPDATE
-------\Service_narqwe
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-17 to 2008-06-17 )))))))))))))))))
.
2008-06-17 13:39 . 2008-06-17 13:39 d-------- C:\Program Files\Trend Micro
2008-06-17 12:41 . 2008-06-17 12:41 2,231 --a------ C:\iss.exe
2008-06-17 11:30 . 2008-06-17 11:30 41,984 -r-hs---- C:\WINDOWS\system32\ahuid.exe
2008-06-17 11:09 . 2008-06-17 11:09 41,984 -r-hs---- C:\WINDOWS\system32\actmoviei.exe
2008-06-17 11:02 . 2008-06-17 11:02 41,984 -r-hs---- C:\WINDOWS\system32\1037h.exe
2008-06-17 10:56 . 2008-06-17 10:56 41,984 -r-hs---- C:\WINDOWS\system32\advpack.dlll.exe
2008-06-17 10:55 . 2008-06-17 10:55 36 --a------ C:\WINDOWS\rasqervy.dll
2008-06-17 10:55 . 2008-06-17 10:55 8 --a------ C:\WINDOWS\sdfinacs.dll
2008-06-17 10:54 . 2008-06-17 13:50 5 --a------ C:\WINDOWS\sdfixwcs.dll
2008-06-17 02:57 . 2008-06-17 11:30 176 --a------ C:\WINDOWS\wuasirvy.dll
2008-06-17 00:30 . 2008-06-17 00:30 48,585 --a------ C:\WINDOWS\system32\acelpdecyr.sys
2008-06-17 00:30 . 2008-06-17 00:30 23,040 --ahs---- C:\WINDOWS\system32\1033y.dll
2008-06-17 00:29 . 2008-06-17 00:28 41,984 -r-hs---- C:\WINDOWS\system32\acelpdecy.exe
2008-06-17 00:27 . 2008-06-17 10:54 170 --a-s---- C:\WINDOWS\system32\1991136218.dat
2008-06-17 00:26 . 2008-06-17 00:26 41,984 -r-hs---- C:\WINDOWS\system32\accwizh.exe
2008-06-16 20:51 . 2008-06-16 20:51 37,001 -r-hs---- C:\WINDOWS\servicean.exe
2008-06-16 20:51 . 2008-06-16 20:51 37,001 --a------ C:\Documents and Settings\Arto\aaaa.exe
2008-06-16 20:51 . 2008-06-16 20:51 36,465 --a------ C:\Documents and Settings\Arto\p.exe
2008-06-16 20:46 . 2008-06-16 20:46 389,120 --a------ C:\Documents and Settings\Arto\a.com
2008-06-16 20:00 . 2008-06-16 20:00 36,465 -r-hs---- C:\WINDOWS\winudpmgrs.exe
2008-06-15 21:34 . 2008-06-15 21:34 36,983 -r-hs---- C:\WINDOWS\winedit.exe
2008-06-15 21:34 . 2008-06-15 21:34 36,983 --a------ C:\Documents and Settings\Arto\sbot.exe
2008-06-15 18:54 . 2008-06-15 18:54 36,517 -r-hs---- C:\WINDOWS\wmplayer.exe
2008-06-15 18:39 . 2008-06-15 18:39 d-------- C:\Documents and Settings\Arto\Application Data\Apple Computer
2008-06-15 18:37 . 2008-06-15 18:38 d-------- C:\Program Files\QuickTime
2008-06-15 18:37 . 2008-06-15 18:37 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Program Files\Apple Software Update
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-13 21:04 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 15:52 . 2008-06-05 00:44 d-------- C:\Documents and Settings\Arto\Application Data\.purple
2008-06-03 21:14 . 2008-06-04 13:46 3,419 --a------ C:\WINDOWS\is154890.exe
2008-05-30 16:55 . 2008-06-04 16:03 3,424 --a------ C:\Documents and Settings\Arto\setup.exe
2008-05-29 21:18 . 2008-05-29 21:18 244 --ah----- C:\sqmnoopt01.sqm
2008-05-29 21:18 . 2008-05-29 21:18 232 --ah----- C:\sqmdata01.sqm
2008-05-27 22:03 . 2008-05-27 22:03 56,832 -r-hs---- C:\WINDOWS\winudspm.exe
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-05-22 22:06 . 2008-06-15 13:10 d-------- C:\Program Files\PartyGaming
2008-05-22 19:35 . 2008-05-22 19:35 d-------- C:\Documents and Settings\Arto\Application Data\Sports Interactive
2008-05-22 19:31 . 2008-05-22 19:31 d-------- C:\Program Files\Sports Interactive
2008-05-22 17:45 . 2008-05-22 17:45 d-------- C:\Program Files\Alwil Software
2008-05-22 15:15 . 2008-06-17 13:58 d-------- C:\Documents and Settings\Arto\Application Data\uTorrent
2008-05-21 16:17 . 2008-05-21 16:17 59 --a------ C:\WINDOWS\pp.enc
2008-05-19 23:21 . 2008-05-19 23:55 d-------- C:\Program Files\MagicISO
2008-05-19 22:40 . 2008-05-19 22:40 d-------- C:\Documents and Settings\Arto\Application Data\WhenU
2008-05-19 22:20 . 2008-05-19 22:20 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-19 22:13 . 2008-05-19 22:13 dr-h----- C:\Documents and Settings\Arto\Application Data\SecuROM
2008-05-19 22:13 . 2008-05-19 22:13 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Program Files\Zero G Registry
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Documents and Settings\Arto\InstallAnywhere
2008-05-19 00:11 . 2008-05-22 18:04 d-------- C:\Program Files\uTorrent
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 00:29 --------- d-----w C:\Program Files\Windows Live
2008-06-17 00:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-17 00:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 10:36 --------- d-----w C:\Documents and Settings\Arto\Application Data\Microgaming
2008-05-27 20:58 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-22 14:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\Arto\Application Data\Lavasoft
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-21 12:30 --------- d-----w C:\Program Files\Symantec
2008-05-21 12:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-21 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\Arto\Application Data\TVU Networks
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-04-23 18:55 --------- d-----w C:\Documents and Settings\Arto\Application Data\ppStream
2008-04-23 18:50 --------- d-----w C:\Program Files\Common Files\Synacast
2008-04-23 18:50 --------- d-----w C:\Documents and Settings\Arto\Application Data\PPMate
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.
------- Sigcheck -------
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\system32\svchost.exe
2007-03-08 18:50 578560 90f1d04938bae133e2f4d8f7f0fa4fa0 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 21:18 577536 aeefa9d983c986e7a8d6d80ca165b93f C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-09-14 16:12 577536 44c02bc54d56ed3a685302e91396720a C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\dllcache\user32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\system32\ws2_32.dll
2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-04-20 14:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\system32\winlogon.exe
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2006-12-19 21:45 2061696 8f3bbe9045dfe4d89b24552fcba0e8b2 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 19:08 2061696 8bacc2a67078823acab7c8306f394918 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2005-03-02 21:08 2059136 1c09a92e5a1c21ca1ad367f13f9b5a9d C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 21:22 2059904 09e0237ef89c06c44b8433733060573f C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-09-14 16:08 2059136 e6cbe47b5ea01ce981e4663900f04a15 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2006-12-19 21:45 2184320 8f8898bc0cb9fd8c6b0a575367a977bd C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 19:08 2184448 7ff07a634379ee2fd2b097fd76c49bfc C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2005-03-02 21:08 2181632 ae8d156d1028fba3939609f4c39eb1f1 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 21:22 2182656 22a830ae087de7e3d72c4b1d9611bf6e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-09-14 16:08 2183296 2a8e38e78177bf83c73897511a4eecd0 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\system32\dllcache\explorer.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\system32\services.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\system32\lsass.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\system32\ctfmon.exe
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C5F6AF4-F34D-45A0-BEC4-A0483B8CFAA0}]
C:\WINDOWS\system32\qoMgeFUk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F10F876-F702-433E-85A2-C6B297B0719B}]
C:\WINDOWS\system32\qoMcdddB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74673317-2CC8-4C96-944D-B2356AFAF1C7}]
C:\WINDOWS\system32\byXRkLeC.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C108AE59-C97F-4517-8B74-5590BE3C2A82}]
C:\WINDOWS\system32\ddcbXOif.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EADA1EAF-22C3-D5AF-E6DF-F66433041251}]
C:\WINDOWS\system32\gnwtae32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"DAEMON Tools"="D:\Daemon\DAEMON Tools\daemon.exe" [2007-04-04 01:29 165784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:40 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-14 16:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 12:46 46592 C:\WINDOWS\SOUNDMAN.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07 617984]
"EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.exe" [2003-11-25 04:00 99840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10 49263]
"fssui"="C:\Program Files\Windows Live\Perheturva\fssui.exe" [ ]
"Windows svchost"="servicean.exe" [2008-06-16 20:51 37001 C:\WINDOWS\servicean.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C108AE59-C97F-4517-8B74-5590BE3C2A82}"= C:\WINDOWS\system32\ddcbXOif.dll [ ]
"{A6F5090F-D9EC-4263-9D7D-2968C5179291}"= C:\WINDOWS\system32\iifebCSk.dll [2008-06-17 14:03 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbXOif]
ddcbXOif.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifebCSk]
iifebCSk.dll 2008-06-17 14:03 24576 C:\WINDOWS\system32\iifebCSk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21936:TCP"= 21936:TCP:*:Disabled:BitComet 21936 TCP
"21936:UDP"= 21936:UDP:*:Disabled:BitComet 21936 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S2 clr_optimization_v2.0.50727_32 Smart;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Smart;C:\WINDOWS\system32\acelpdecy.exe [2008-06-17 00:28]
S2 fsssvc;Windows Live OneCare – perheturva;"C:\Program Files\Windows Live\Perheturva\fsssvc.exe" []
S2 ImapiServicelanmanworkstation;CD-levyjen kirjoittamisen IMAPI COM -palvelu ImapiServicelanmanworkstation;C:\WINDOWS\system32\accwizh.exe [2008-06-17 00:26]
S2 qandr;qandr;C:\WINDOWS\system32\drivers\qandr.sys []
S2 RasAutoHidServ;Remote Access Auto Connection -hallinta RasAutoHidServ;C:\WINDOWS\system32\actmoviei.exe [2008-06-17 11:09]
S2 TlntSvrsrservice;Telnet TlntSvrsrservice;C:\WINDOWS\system32\ahuid.exe [2008-06-17 11:30]
S2 wscsvcWmdmPmSN;Tietoturvakeskus wscsvcWmdmPmSN;C:\WINDOWS\system32\1037h.exe [2008-06-17 11:02]
S2 wuauservAlerter;Automaattiset päivitykset wuauservAlerter;C:\WINDOWS\system32\advpack.dlll.exe [2008-06-17 10:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b80-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b81-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105e-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105f-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-06-16 09:06:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-08-17 18:20:03 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 14:00:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\iifebCSk.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-06-17 14:07:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-17 11:07:07
Pre-Run: 65,591,799,808 tavua vapaana
Post-Run: 66,389,581,824 tavua vapaana
319 --- E O F --- 2008-06-14 08:03:37Ja lisää tulee,tämä siis sen scriptin tms ajamisen jälkeinen loki:
ComboFix 08-06-16.2 - Arto 2008-06-17 14:53:02.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.607 [GMT 3:00]
Running from: C:\Documents and Settings\Arto\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Arto\Työpöytä\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\Windows\msnmsgr.exe
C:\WINDOWS\servicean.exe
C:\WINDOWS\system32\byXNgdbB.dll
C:\WINDOWS\system32\byXRkLeC.dll
C:\WINDOWS\system32\ddcbXOif.dll
C:\WINDOWS\system32\gnwtae32.dll
C:\WINDOWS\system32\qmsjymfl.dll
C:\WINDOWS\system32\qoMcdddB.dll
C:\WINDOWS\system32\qoMgeFUk.dll
C:\WINDOWS\system32\vcwebwtf.dll
C:\WINDOWS\system32\wvUnLBTj.dll
C:\WINDOWS\system32\xwbaxuia.dll
C:\WINDOWS\winudpmgrs.exe
C:\WINDOWS\wmplayer.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM937b7f32.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\servicean.exe
C:\WINDOWS\system32\dacjgbfr.dll
C:\WINDOWS\system32\iifebCSk.dll
C:\WINDOWS\system32\JTvyHRqr.ini
C:\WINDOWS\system32\JTvyHRqr.ini2
C:\WINDOWS\system32\mspbxdyr.dll
C:\WINDOWS\system32\oskrdeju.ini
C:\WINDOWS\system32\rqRHyvTJ.dll
C:\WINDOWS\system32\ujedrkso.dll
C:\WINDOWS\system32\vtUkhiFY.dll
C:\WINDOWS\winudpmgrs.exe
C:\WINDOWS\wmplayer.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-17 to 2008-06-17 )))))))))))))))))
.
2008-06-17 13:39 . 2008-06-17 13:39 d-------- C:\Program Files\Trend Micro
2008-06-17 12:41 . 2008-06-17 12:41 2,231 --a------ C:\iss.exe
2008-06-17 11:30 . 2008-06-17 11:30 41,984 -r-hs---- C:\WINDOWS\system32\ahuid.exe
2008-06-17 11:09 . 2008-06-17 11:09 41,984 -r-hs---- C:\WINDOWS\system32\actmoviei.exe
2008-06-17 11:02 . 2008-06-17 11:02 41,984 -r-hs---- C:\WINDOWS\system32\1037h.exe
2008-06-17 10:56 . 2008-06-17 10:56 41,984 -r-hs---- C:\WINDOWS\system32\advpack.dlll.exe
2008-06-17 10:55 . 2008-06-17 10:55 36 --a------ C:\WINDOWS\rasqervy.dll
2008-06-17 10:55 . 2008-06-17 10:55 8 --a------ C:\WINDOWS\sdfinacs.dll
2008-06-17 10:54 . 2008-06-17 13:50 5 --a------ C:\WINDOWS\sdfixwcs.dll
2008-06-17 02:57 . 2008-06-17 11:30 176 --a------ C:\WINDOWS\wuasirvy.dll
2008-06-17 00:30 . 2008-06-17 00:30 48,585 --a------ C:\WINDOWS\system32\acelpdecyr.sys
2008-06-17 00:30 . 2008-06-17 00:30 23,040 --ahs---- C:\WINDOWS\system32\1033y.dll
2008-06-17 00:29 . 2008-06-17 00:28 41,984 -r-hs---- C:\WINDOWS\system32\acelpdecy.exe
2008-06-17 00:27 . 2008-06-17 10:54 170 --a-s---- C:\WINDOWS\system32\1991136218.dat
2008-06-17 00:26 . 2008-06-17 00:26 41,984 -r-hs---- C:\WINDOWS\system32\accwizh.exe
2008-06-16 20:51 . 2008-06-16 20:51 37,001 --a------ C:\Documents and Settings\Arto\aaaa.exe
2008-06-16 20:51 . 2008-06-16 20:51 36,465 --a------ C:\Documents and Settings\Arto\p.exe
2008-06-16 20:46 . 2008-06-16 20:46 389,120 --a------ C:\Documents and Settings\Arto\a.com
2008-06-15 21:34 . 2008-06-15 21:34 36,983 -r-hs---- C:\WINDOWS\winedit.exe
2008-06-15 21:34 . 2008-06-15 21:34 36,983 --a------ C:\Documents and Settings\Arto\sbot.exe
2008-06-15 18:39 . 2008-06-15 18:39 d-------- C:\Documents and Settings\Arto\Application Data\Apple Computer
2008-06-15 18:37 . 2008-06-15 18:38 d-------- C:\Program Files\QuickTime
2008-06-15 18:37 . 2008-06-15 18:37 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Program Files\Apple Software Update
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-13 21:04 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 15:52 . 2008-06-05 00:44 d-------- C:\Documents and Settings\Arto\Application Data\.purple
2008-06-03 21:14 . 2008-06-04 13:46 3,419 --a------ C:\WINDOWS\is154890.exe
2008-05-30 16:55 . 2008-06-04 16:03 3,424 --a------ C:\Documents and Settings\Arto\setup.exe
2008-05-29 21:18 . 2008-05-29 21:18 244 --ah----- C:\sqmnoopt01.sqm
2008-05-29 21:18 . 2008-05-29 21:18 232 --ah----- C:\sqmdata01.sqm
2008-05-27 22:03 . 2008-05-27 22:03 56,832 -r-hs---- C:\WINDOWS\winudspm.exe
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-05-22 22:06 . 2008-06-15 13:10 d-------- C:\Program Files\PartyGaming
2008-05-22 19:35 . 2008-05-22 19:35 d-------- C:\Documents and Settings\Arto\Application Data\Sports Interactive
2008-05-22 19:31 . 2008-05-22 19:31 d-------- C:\Program Files\Sports Interactive
2008-05-22 17:45 . 2008-05-22 17:45 d-------- C:\Program Files\Alwil Software
2008-05-22 15:15 . 2008-06-17 13:58 d-------- C:\Documents and Settings\Arto\Application Data\uTorrent
2008-05-21 16:17 . 2008-05-21 16:17 59 --a------ C:\WINDOWS\pp.enc
2008-05-19 23:21 . 2008-05-19 23:55 d-------- C:\Program Files\MagicISO
2008-05-19 22:40 . 2008-05-19 22:40 d-------- C:\Documents and Settings\Arto\Application Data\WhenU
2008-05-19 22:20 . 2008-05-19 22:20 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-19 22:13 . 2008-05-19 22:13 dr-h----- C:\Documents and Settings\Arto\Application Data\SecuROM
2008-05-19 22:13 . 2008-05-19 22:13 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Program Files\Zero G Registry
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Documents and Settings\Arto\InstallAnywhere
2008-05-19 00:11 . 2008-05-22 18:04 d-------- C:\Program Files\uTorrent
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 00:29 --------- d-----w C:\Program Files\Windows Live
2008-06-17 00:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-17 00:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 10:36 --------- d-----w C:\Documents and Settings\Arto\Application Data\Microgaming
2008-05-27 20:58 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-22 14:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\Arto\Application Data\Lavasoft
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-21 12:30 --------- d-----w C:\Program Files\Symantec
2008-05-21 12:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-21 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\Arto\Application Data\TVU Networks
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-04-23 18:55 --------- d-----w C:\Documents and Settings\Arto\Application Data\ppStream
2008-04-23 18:50 --------- d-----w C:\Program Files\Common Files\Synacast
2008-04-23 18:50 --------- d-----w C:\Documents and Settings\Arto\Application Data\PPMate
.
------- Sigcheck -------
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\system32\svchost.exe
2007-03-08 18:50 578560 90f1d04938bae133e2f4d8f7f0fa4fa0 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 21:18 577536 aeefa9d983c986e7a8d6d80ca165b93f C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-09-14 16:12 577536 44c02bc54d56ed3a685302e91396720a C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\dllcache\user32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\system32\ws2_32.dll
2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-04-20 14:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\system32\winlogon.exe
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2006-12-19 21:45 2061696 8f3bbe9045dfe4d89b24552fcba0e8b2 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 19:08 2061696 8bacc2a67078823acab7c8306f394918 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2005-03-02 21:08 2059136 1c09a92e5a1c21ca1ad367f13f9b5a9d C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 21:22 2059904 09e0237ef89c06c44b8433733060573f C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-09-14 16:08 2059136 e6cbe47b5ea01ce981e4663900f04a15 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2006-12-19 21:45 2184320 8f8898bc0cb9fd8c6b0a575367a977bd C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 19:08 2184448 7ff07a634379ee2fd2b097fd76c49bfc C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2005-03-02 21:08 2181632 ae8d156d1028fba3939609f4c39eb1f1 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 21:22 2182656 22a830ae087de7e3d72c4b1d9611bf6e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-09-14 16:08 2183296 2a8e38e78177bf83c73897511a4eecd0 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\system32\dllcache\explorer.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\system32\services.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\system32\lsass.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-17_14.06.26.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 10:59:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-17 11:57:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-17 11:57:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_714.dat
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C5F6AF4-F34D-45A0-BEC4-A0483B8CFAA0}]
C:\WINDOWS\system32\qoMgeFUk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F10F876-F702-433E-85A2-C6B297B0719B}]
C:\WINDOWS\system32\qoMcdddB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74673317-2CC8-4C96-944D-B2356AFAF1C7}]
C:\WINDOWS\system32\byXRkLeC.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C108AE59-C97F-4517-8B74-5590BE3C2A82}]
C:\WINDOWS\system32\ddcbXOif.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"DAEMON Tools"="D:\Daemon\DAEMON Tools\daemon.exe" [2007-04-04 01:29 165784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:40 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-14 16:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 12:46 46592 C:\WINDOWS\SOUNDMAN.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07 617984]
"EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.exe" [2003-11-25 04:00 99840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10 49263]
"fssui"="C:\Program Files\Windows Live\Perheturva\fssui.exe" [ ]
"Windows svchost"="servicean.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C108AE59-C97F-4517-8B74-5590BE3C2A82}"= C:\WINDOWS\system32\ddcbXOif.dll [ ]
"{A6F5090F-D9EC-4263-9D7D-2968C5179291}"= C:\WINDOWS\system32\iifebCSk.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbXOif]
ddcbXOif.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21936:TCP"= 21936:TCP:*:Disabled:BitComet 21936 TCP
"21936:UDP"= 21936:UDP:*:Disabled:BitComet 21936 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S2 clr_optimization_v2.0.50727_32 Smart;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Smart;C:\WINDOWS\system32\acelpdecy.exe [2008-06-17 00:28]
S2 fsssvc;Windows Live OneCare – perheturva;"C:\Program Files\Windows Live\Perheturva\fsssvc.exe" []
S2 ImapiServicelanmanworkstation;CD-levyjen kirjoittamisen IMAPI COM -palvelu ImapiServicelanmanworkstation;C:\WINDOWS\system32\accwizh.exe [2008-06-17 00:26]
S2 qandr;qandr;C:\WINDOWS\system32\drivers\qandr.sys []
S2 RasAutoHidServ;Remote Access Auto Connection -hallinta RasAutoHidServ;C:\WINDOWS\system32\actmoviei.exe [2008-06-17 11:09]
S2 TlntSvrsrservice;Telnet TlntSvrsrservice;C:\WINDOWS\system32\ahuid.exe [2008-06-17 11:30]
S2 wscsvcWmdmPmSN;Tietoturvakeskus wscsvcWmdmPmSN;C:\WINDOWS\system32\1037h.exe [2008-06-17 11:02]
S2 wuauservAlerter;Automaattiset päivitykset wuauservAlerter;C:\WINDOWS\system32\advpack.dlll.exe [2008-06-17 10:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b80-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b81-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105e-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105f-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-06-16 09:06:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-08-17 18:20:03 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 14:57:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-06-17 15:03:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-17 12:03:40
ComboFix2.txt 2008-06-17 11:07:21
Pre-Run: 66,343,395,328 tavua vapaana
Post-Run: 66,341,322,752 tavua vapaana
275 --- E O F --- 2008-06-14 08:03:37 - Fix.Fix
En ehkä ammukkaan kirjoitti:
Eli tässä sitten se combofixin loki,kiitoksia neuvoista tähän mennessä!
ComboFix 08-06-16.2 - Arto 2008-06-17 13:50:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.583 [GMT 3:00]
Running from: C:\Documents and Settings\Arto\Työpöytä\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Arto\Application Data\Microsoft\dtsc
C:\Documents and Settings\Arto\Application Data\Microsoft\dtsc\10929.exe
C:\Documents and Settings\Arto\Application Data\Microsoft\dtsc\3037.dll
C:\Documents and Settings\Arto\Application Data\Microsoft\dtsc\7050.dll
C:\Documents and Settings\Arto\Application Data\Microsoft\dtsc\id
C:\Documents and Settings\NetworkService\Application Data\wsnpoem
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll
C:\WINDOWS\BM937b7f32.xml
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\msacm32.drv
C:\WINDOWS\msnmsgr.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aiuxabwx.ini
C:\WINDOWS\system32\BdddcMoq.ini
C:\WINDOWS\system32\BdddcMoq.ini2
C:\WINDOWS\system32\byXNgdbB.dll
C:\WINDOWS\system32\cbXQjiiI.dll
C:\WINDOWS\system32\CeLkRXyb.ini
C:\WINDOWS\system32\CeLkRXyb.ini2
C:\WINDOWS\system32\ddcBSIyX.dll
C:\WINDOWS\system32\efcYspNe.dll
C:\WINDOWS\system32\elqtfqwh.ini
C:\WINDOWS\system32\faktryio.ini
C:\WINDOWS\system32\fccdCroL.dll
C:\WINDOWS\system32\hgGaxwuv.dll
C:\WINDOWS\system32\htidwkat.dll
C:\WINDOWS\system32\iiffEtus.dll
C:\WINDOWS\system32\jTBLnUvw.ini
C:\WINDOWS\system32\jTBLnUvw.ini2
C:\WINDOWS\system32\kaqfgfcr.ini
C:\WINDOWS\system32\khfcAQjI.dll
C:\WINDOWS\system32\khfDuRig.dll
C:\WINDOWS\system32\kUFegMoq.ini
C:\WINDOWS\system32\kUFegMoq.ini2
C:\WINDOWS\system32\ljJYPhHy.dll
C:\WINDOWS\system32\lrbabnkh.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\opnnkhIY.dll
C:\WINDOWS\system32\peabeouu.ini
C:\WINDOWS\system32\pmnlMedC.dll
C:\WINDOWS\system32\qmsjymfl.dll
C:\WINDOWS\system32\qnrvqsfm.dll
C:\WINDOWS\system32\qoMgFvUK.dll
C:\WINDOWS\system32\ssqNFWpq.dll
C:\WINDOWS\system32\tuvWnMDV.dll
C:\WINDOWS\system32\urqNHWqn.dll
C:\WINDOWS\system32\urqOGAqQ.dll
C:\WINDOWS\system32\urqPiggH.dll
C:\WINDOWS\system32\urqRiged.dll
C:\WINDOWS\system32\vcwebwtf.dll
C:\WINDOWS\system32\vietidoi.ini
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\system32\vtUlIcab.dll
C:\WINDOWS\system32\wvUlkIyX.dll
C:\WINDOWS\system32\wvUnLBTj.dll
C:\WINDOWS\system32\xwbaxuia.dll
C:\WINDOWS\system32\yayvVLDv.dll
C:\WINDOWS\ups.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSUPDATE
-------\Service_narqwe
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-17 to 2008-06-17 )))))))))))))))))
.
2008-06-17 13:39 . 2008-06-17 13:39 d-------- C:\Program Files\Trend Micro
2008-06-17 12:41 . 2008-06-17 12:41 2,231 --a------ C:\iss.exe
2008-06-17 11:30 . 2008-06-17 11:30 41,984 -r-hs---- C:\WINDOWS\system32\ahuid.exe
2008-06-17 11:09 . 2008-06-17 11:09 41,984 -r-hs---- C:\WINDOWS\system32\actmoviei.exe
2008-06-17 11:02 . 2008-06-17 11:02 41,984 -r-hs---- C:\WINDOWS\system32\1037h.exe
2008-06-17 10:56 . 2008-06-17 10:56 41,984 -r-hs---- C:\WINDOWS\system32\advpack.dlll.exe
2008-06-17 10:55 . 2008-06-17 10:55 36 --a------ C:\WINDOWS\rasqervy.dll
2008-06-17 10:55 . 2008-06-17 10:55 8 --a------ C:\WINDOWS\sdfinacs.dll
2008-06-17 10:54 . 2008-06-17 13:50 5 --a------ C:\WINDOWS\sdfixwcs.dll
2008-06-17 02:57 . 2008-06-17 11:30 176 --a------ C:\WINDOWS\wuasirvy.dll
2008-06-17 00:30 . 2008-06-17 00:30 48,585 --a------ C:\WINDOWS\system32\acelpdecyr.sys
2008-06-17 00:30 . 2008-06-17 00:30 23,040 --ahs---- C:\WINDOWS\system32\1033y.dll
2008-06-17 00:29 . 2008-06-17 00:28 41,984 -r-hs---- C:\WINDOWS\system32\acelpdecy.exe
2008-06-17 00:27 . 2008-06-17 10:54 170 --a-s---- C:\WINDOWS\system32\1991136218.dat
2008-06-17 00:26 . 2008-06-17 00:26 41,984 -r-hs---- C:\WINDOWS\system32\accwizh.exe
2008-06-16 20:51 . 2008-06-16 20:51 37,001 -r-hs---- C:\WINDOWS\servicean.exe
2008-06-16 20:51 . 2008-06-16 20:51 37,001 --a------ C:\Documents and Settings\Arto\aaaa.exe
2008-06-16 20:51 . 2008-06-16 20:51 36,465 --a------ C:\Documents and Settings\Arto\p.exe
2008-06-16 20:46 . 2008-06-16 20:46 389,120 --a------ C:\Documents and Settings\Arto\a.com
2008-06-16 20:00 . 2008-06-16 20:00 36,465 -r-hs---- C:\WINDOWS\winudpmgrs.exe
2008-06-15 21:34 . 2008-06-15 21:34 36,983 -r-hs---- C:\WINDOWS\winedit.exe
2008-06-15 21:34 . 2008-06-15 21:34 36,983 --a------ C:\Documents and Settings\Arto\sbot.exe
2008-06-15 18:54 . 2008-06-15 18:54 36,517 -r-hs---- C:\WINDOWS\wmplayer.exe
2008-06-15 18:39 . 2008-06-15 18:39 d-------- C:\Documents and Settings\Arto\Application Data\Apple Computer
2008-06-15 18:37 . 2008-06-15 18:38 d-------- C:\Program Files\QuickTime
2008-06-15 18:37 . 2008-06-15 18:37 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Program Files\Apple Software Update
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-13 21:04 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 15:52 . 2008-06-05 00:44 d-------- C:\Documents and Settings\Arto\Application Data\.purple
2008-06-03 21:14 . 2008-06-04 13:46 3,419 --a------ C:\WINDOWS\is154890.exe
2008-05-30 16:55 . 2008-06-04 16:03 3,424 --a------ C:\Documents and Settings\Arto\setup.exe
2008-05-29 21:18 . 2008-05-29 21:18 244 --ah----- C:\sqmnoopt01.sqm
2008-05-29 21:18 . 2008-05-29 21:18 232 --ah----- C:\sqmdata01.sqm
2008-05-27 22:03 . 2008-05-27 22:03 56,832 -r-hs---- C:\WINDOWS\winudspm.exe
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-05-22 22:06 . 2008-06-15 13:10 d-------- C:\Program Files\PartyGaming
2008-05-22 19:35 . 2008-05-22 19:35 d-------- C:\Documents and Settings\Arto\Application Data\Sports Interactive
2008-05-22 19:31 . 2008-05-22 19:31 d-------- C:\Program Files\Sports Interactive
2008-05-22 17:45 . 2008-05-22 17:45 d-------- C:\Program Files\Alwil Software
2008-05-22 15:15 . 2008-06-17 13:58 d-------- C:\Documents and Settings\Arto\Application Data\uTorrent
2008-05-21 16:17 . 2008-05-21 16:17 59 --a------ C:\WINDOWS\pp.enc
2008-05-19 23:21 . 2008-05-19 23:55 d-------- C:\Program Files\MagicISO
2008-05-19 22:40 . 2008-05-19 22:40 d-------- C:\Documents and Settings\Arto\Application Data\WhenU
2008-05-19 22:20 . 2008-05-19 22:20 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-19 22:13 . 2008-05-19 22:13 dr-h----- C:\Documents and Settings\Arto\Application Data\SecuROM
2008-05-19 22:13 . 2008-05-19 22:13 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Program Files\Zero G Registry
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Documents and Settings\Arto\InstallAnywhere
2008-05-19 00:11 . 2008-05-22 18:04 d-------- C:\Program Files\uTorrent
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 00:29 --------- d-----w C:\Program Files\Windows Live
2008-06-17 00:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-17 00:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 10:36 --------- d-----w C:\Documents and Settings\Arto\Application Data\Microgaming
2008-05-27 20:58 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-22 14:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\Arto\Application Data\Lavasoft
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-21 12:30 --------- d-----w C:\Program Files\Symantec
2008-05-21 12:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-21 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\Arto\Application Data\TVU Networks
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-04-23 18:55 --------- d-----w C:\Documents and Settings\Arto\Application Data\ppStream
2008-04-23 18:50 --------- d-----w C:\Program Files\Common Files\Synacast
2008-04-23 18:50 --------- d-----w C:\Documents and Settings\Arto\Application Data\PPMate
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.
------- Sigcheck -------
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\system32\svchost.exe
2007-03-08 18:50 578560 90f1d04938bae133e2f4d8f7f0fa4fa0 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 21:18 577536 aeefa9d983c986e7a8d6d80ca165b93f C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-09-14 16:12 577536 44c02bc54d56ed3a685302e91396720a C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\dllcache\user32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\system32\ws2_32.dll
2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-04-20 14:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\system32\winlogon.exe
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2006-12-19 21:45 2061696 8f3bbe9045dfe4d89b24552fcba0e8b2 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 19:08 2061696 8bacc2a67078823acab7c8306f394918 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2005-03-02 21:08 2059136 1c09a92e5a1c21ca1ad367f13f9b5a9d C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 21:22 2059904 09e0237ef89c06c44b8433733060573f C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-09-14 16:08 2059136 e6cbe47b5ea01ce981e4663900f04a15 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2006-12-19 21:45 2184320 8f8898bc0cb9fd8c6b0a575367a977bd C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 19:08 2184448 7ff07a634379ee2fd2b097fd76c49bfc C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2005-03-02 21:08 2181632 ae8d156d1028fba3939609f4c39eb1f1 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 21:22 2182656 22a830ae087de7e3d72c4b1d9611bf6e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-09-14 16:08 2183296 2a8e38e78177bf83c73897511a4eecd0 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\system32\dllcache\explorer.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\system32\services.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\system32\lsass.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\system32\ctfmon.exe
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C5F6AF4-F34D-45A0-BEC4-A0483B8CFAA0}]
C:\WINDOWS\system32\qoMgeFUk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F10F876-F702-433E-85A2-C6B297B0719B}]
C:\WINDOWS\system32\qoMcdddB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74673317-2CC8-4C96-944D-B2356AFAF1C7}]
C:\WINDOWS\system32\byXRkLeC.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C108AE59-C97F-4517-8B74-5590BE3C2A82}]
C:\WINDOWS\system32\ddcbXOif.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EADA1EAF-22C3-D5AF-E6DF-F66433041251}]
C:\WINDOWS\system32\gnwtae32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"DAEMON Tools"="D:\Daemon\DAEMON Tools\daemon.exe" [2007-04-04 01:29 165784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:40 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-14 16:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 12:46 46592 C:\WINDOWS\SOUNDMAN.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07 617984]
"EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.exe" [2003-11-25 04:00 99840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10 49263]
"fssui"="C:\Program Files\Windows Live\Perheturva\fssui.exe" [ ]
"Windows svchost"="servicean.exe" [2008-06-16 20:51 37001 C:\WINDOWS\servicean.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C108AE59-C97F-4517-8B74-5590BE3C2A82}"= C:\WINDOWS\system32\ddcbXOif.dll [ ]
"{A6F5090F-D9EC-4263-9D7D-2968C5179291}"= C:\WINDOWS\system32\iifebCSk.dll [2008-06-17 14:03 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbXOif]
ddcbXOif.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifebCSk]
iifebCSk.dll 2008-06-17 14:03 24576 C:\WINDOWS\system32\iifebCSk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21936:TCP"= 21936:TCP:*:Disabled:BitComet 21936 TCP
"21936:UDP"= 21936:UDP:*:Disabled:BitComet 21936 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S2 clr_optimization_v2.0.50727_32 Smart;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Smart;C:\WINDOWS\system32\acelpdecy.exe [2008-06-17 00:28]
S2 fsssvc;Windows Live OneCare – perheturva;"C:\Program Files\Windows Live\Perheturva\fsssvc.exe" []
S2 ImapiServicelanmanworkstation;CD-levyjen kirjoittamisen IMAPI COM -palvelu ImapiServicelanmanworkstation;C:\WINDOWS\system32\accwizh.exe [2008-06-17 00:26]
S2 qandr;qandr;C:\WINDOWS\system32\drivers\qandr.sys []
S2 RasAutoHidServ;Remote Access Auto Connection -hallinta RasAutoHidServ;C:\WINDOWS\system32\actmoviei.exe [2008-06-17 11:09]
S2 TlntSvrsrservice;Telnet TlntSvrsrservice;C:\WINDOWS\system32\ahuid.exe [2008-06-17 11:30]
S2 wscsvcWmdmPmSN;Tietoturvakeskus wscsvcWmdmPmSN;C:\WINDOWS\system32\1037h.exe [2008-06-17 11:02]
S2 wuauservAlerter;Automaattiset päivitykset wuauservAlerter;C:\WINDOWS\system32\advpack.dlll.exe [2008-06-17 10:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b80-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b81-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105e-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105f-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-06-16 09:06:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-08-17 18:20:03 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 14:00:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\iifebCSk.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-06-17 14:07:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-17 11:07:07
Pre-Run: 65,591,799,808 tavua vapaana
Post-Run: 66,389,581,824 tavua vapaana
319 --- E O F --- 2008-06-14 08:03:37Avaa Muistio ja kopioi/liitä viivojen välistä sisältö sinne:
___________
File::
C:\iss.exe
C:\WINDOWS\servicean.exe
C:\Documents and Settings\Arto\aaaa.exe
C:\Documents and Settings\Arto\p.exe
C:\Documents and Settings\Arto\a.com
C:\WINDOWS\winudpmgrs.exe
C:\WINDOWS\wmplayer.exe
C:\WINDOWS\is154890.exe
C:\Documents and Settings\Arto\setup.exe
C:\WINDOWS\winudspm.exe
C:\WINDOWS\pp.enc
__________
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
**********
aja tämänkin jälkeen compofix
parikertaa lävitse ilman yllä olevaa ja laita siintä viimisestä ajosta se loki - ....huuuh
Fix.Fix kirjoitti:
Avaa Muistio ja kopioi/liitä viivojen välistä sisältö sinne:
___________
File::
C:\iss.exe
C:\WINDOWS\servicean.exe
C:\Documents and Settings\Arto\aaaa.exe
C:\Documents and Settings\Arto\p.exe
C:\Documents and Settings\Arto\a.com
C:\WINDOWS\winudpmgrs.exe
C:\WINDOWS\wmplayer.exe
C:\WINDOWS\is154890.exe
C:\Documents and Settings\Arto\setup.exe
C:\WINDOWS\winudspm.exe
C:\WINDOWS\pp.enc
__________
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
**********
aja tämänkin jälkeen compofix
parikertaa lävitse ilman yllä olevaa ja laita siintä viimisestä ajosta se lokiEn oo varma kaipailitkos tätäkin,mutta käsitin ainakin niin!Jatkan noilla ohjeilla taas menemään...
Malwarebytes' Anti-Malware 1.17
Tietokantaversio: 863
15:44:12 17.6.2008
mbam-log-6-17-2008 (15-44-12).txt
Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 79190
Kulunut aika: 19 minute(s), 24 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 1
Saastuneita rekisteriavaimia: 4
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 60
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
C:\WINDOWS\system32\1033y.dll (Trojan.DownLoader) -> Unloaded module successfully.
Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qandr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c108ae59-c97f-4517-8b74-5590be3c2a82} (Trojan.Vundo) -> Quarantined and deleted successfully.
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\WINDOWS\system32\1033y.dll (Trojan.DownLoader) -> Delete on reboot.
C:\Documents and Settings\Arto\aaaa.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arto\p.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arto\sbot.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\servicean.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\winudpmgrs.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\wmplayer.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\byXNgdbB.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\cbXQjiiI.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcBSIyX.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\efcYspNe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\fccdCroL.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hgGaxwuv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\iiffEtus.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\khfcAQjI.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\khfDuRig.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ljJYPhHy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\opnnkhIY.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnlMedC.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\qoMgFvUK.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqNFWpq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvWnMDV.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\urqNHWqn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\urqOGAqQ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\urqRiged.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUlIcab.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wvUlkIyX.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wvUnLBTj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\xwbaxuia.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\yayvVLDv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114291.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114292.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114293.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114294.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114295.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114296.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114298.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114299.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114300.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114301.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114302.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114303.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114306.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114307.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114308.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114309.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114310.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114312.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114314.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114315.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114316.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114317.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114318.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP565\A0114408.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP565\A0114409.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP565\A0114410.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\winedit.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\winudspm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arto\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully. - Fix.Fix
....huuuh kirjoitti:
En oo varma kaipailitkos tätäkin,mutta käsitin ainakin niin!Jatkan noilla ohjeilla taas menemään...
Malwarebytes' Anti-Malware 1.17
Tietokantaversio: 863
15:44:12 17.6.2008
mbam-log-6-17-2008 (15-44-12).txt
Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 79190
Kulunut aika: 19 minute(s), 24 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 1
Saastuneita rekisteriavaimia: 4
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 60
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
C:\WINDOWS\system32\1033y.dll (Trojan.DownLoader) -> Unloaded module successfully.
Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qandr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c108ae59-c97f-4517-8b74-5590be3c2a82} (Trojan.Vundo) -> Quarantined and deleted successfully.
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\WINDOWS\system32\1033y.dll (Trojan.DownLoader) -> Delete on reboot.
C:\Documents and Settings\Arto\aaaa.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arto\p.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arto\sbot.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\servicean.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\winudpmgrs.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\wmplayer.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\byXNgdbB.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\cbXQjiiI.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcBSIyX.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\efcYspNe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\fccdCroL.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hgGaxwuv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\iiffEtus.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\khfcAQjI.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\khfDuRig.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ljJYPhHy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\opnnkhIY.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnlMedC.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\qoMgFvUK.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqNFWpq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvWnMDV.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\urqNHWqn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\urqOGAqQ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\urqRiged.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUlIcab.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wvUlkIyX.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wvUnLBTj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\xwbaxuia.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\yayvVLDv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114291.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114292.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114293.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114294.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114295.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114296.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114298.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114299.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114300.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114301.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114302.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114303.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114306.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114307.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114308.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114309.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114310.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114312.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114314.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114315.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114316.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114317.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP563\A0114318.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP565\A0114408.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP565\A0114409.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE85E962-1C55-4DBA-A4D5-DEEEE0CE5E49}\RP565\A0114410.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\winedit.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\winudspm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arto\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.ihan hyvä että tuli tämäkin
- Alkup.
Fix.Fix kirjoitti:
ihan hyvä että tuli tämäkin
Joo,pistelen varalta ihan kaiken suunnilleen..Tajua mitään mitä tapahtuu,mutta hyvä että joku tajuaa!:) Tässäpä uusimmat tuotokset:
ComboFix 08-06-16.2 - Arto 2008-06-17 15:51:36.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.661 [GMT 3:00]
Running from: C:\Documents and Settings\Arto\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Arto\Työpöytä\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\Documents and Settings\Arto\a.com
C:\Documents and Settings\Arto\aaaa.exe
C:\Documents and Settings\Arto\p.exe
C:\Documents and Settings\Arto\setup.exe
C:\iss.exe
C:\WINDOWS\is154890.exe
C:\WINDOWS\pp.enc
C:\WINDOWS\servicean.exe
C:\WINDOWS\winudpmgrs.exe
C:\WINDOWS\winudspm.exe
C:\WINDOWS\wmplayer.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Arto\a.com
C:\iss.exe
C:\WINDOWS\is154890.exe
C:\WINDOWS\pp.enc
C:\WINDOWS\rasqervy.dll
C:\WINDOWS\sdfinacs.dll
C:\WINDOWS\sdfixwcs.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\wuasirvy.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-17 to 2008-06-17 )))))))))))))))))
.
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Documents and Settings\Arto\Application Data\Malwarebytes
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 15:22 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-17 15:22 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 13:39 . 2008-06-17 13:39 d-------- C:\Program Files\Trend Micro
2008-06-17 11:30 . 2008-06-17 11:30 41,984 -r-hs---- C:\WINDOWS\system32\ahuid.exe
2008-06-17 11:09 . 2008-06-17 11:09 41,984 -r-hs---- C:\WINDOWS\system32\actmoviei.exe
2008-06-17 11:02 . 2008-06-17 11:02 41,984 -r-hs---- C:\WINDOWS\system32\1037h.exe
2008-06-17 10:56 . 2008-06-17 10:56 41,984 -r-hs---- C:\WINDOWS\system32\advpack.dlll.exe
2008-06-17 00:30 . 2008-06-17 00:30 48,585 --a------ C:\WINDOWS\system32\acelpdecyr.sys
2008-06-17 00:29 . 2008-06-17 00:28 41,984 -r-hs---- C:\WINDOWS\system32\acelpdecy.exe
2008-06-17 00:27 . 2008-06-17 15:46 124 --a-s---- C:\WINDOWS\system32\1991136218.dat
2008-06-17 00:26 . 2008-06-17 00:26 41,984 -r-hs---- C:\WINDOWS\system32\accwizh.exe
2008-06-15 18:39 . 2008-06-15 18:39 d-------- C:\Documents and Settings\Arto\Application Data\Apple Computer
2008-06-15 18:37 . 2008-06-15 18:38 d-------- C:\Program Files\QuickTime
2008-06-15 18:37 . 2008-06-15 18:37 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Program Files\Apple Software Update
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-13 21:04 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 15:52 . 2008-06-05 00:44 d-------- C:\Documents and Settings\Arto\Application Data\.purple
2008-05-29 21:18 . 2008-05-29 21:18 244 --ah----- C:\sqmnoopt01.sqm
2008-05-29 21:18 . 2008-05-29 21:18 232 --ah----- C:\sqmdata01.sqm
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-05-22 22:06 . 2008-06-15 13:10 d-------- C:\Program Files\PartyGaming
2008-05-22 19:35 . 2008-05-22 19:35 d-------- C:\Documents and Settings\Arto\Application Data\Sports Interactive
2008-05-22 19:31 . 2008-05-22 19:31 d-------- C:\Program Files\Sports Interactive
2008-05-22 17:45 . 2008-05-22 17:45 d-------- C:\Program Files\Alwil Software
2008-05-22 15:15 . 2008-06-17 13:58 d-------- C:\Documents and Settings\Arto\Application Data\uTorrent
2008-05-19 23:21 . 2008-05-19 23:55 d-------- C:\Program Files\MagicISO
2008-05-19 22:40 . 2008-05-19 22:40 d-------- C:\Documents and Settings\Arto\Application Data\WhenU
2008-05-19 22:20 . 2008-05-19 22:20 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-19 22:13 . 2008-05-19 22:13 dr-h----- C:\Documents and Settings\Arto\Application Data\SecuROM
2008-05-19 22:13 . 2008-05-19 22:13 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Program Files\Zero G Registry
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Documents and Settings\Arto\InstallAnywhere
2008-05-19 00:11 . 2008-05-22 18:04 d-------- C:\Program Files\uTorrent
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 00:29 --------- d-----w C:\Program Files\Windows Live
2008-06-17 00:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-17 00:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 10:36 --------- d-----w C:\Documents and Settings\Arto\Application Data\Microgaming
2008-05-27 20:58 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-22 14:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\Arto\Application Data\Lavasoft
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-21 12:30 --------- d-----w C:\Program Files\Symantec
2008-05-21 12:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-21 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\Arto\Application Data\TVU Networks
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-04-23 18:55 --------- d-----w C:\Documents and Settings\Arto\Application Data\ppStream
2008-04-23 18:50 --------- d-----w C:\Program Files\Common Files\Synacast
2008-04-23 18:50 --------- d-----w C:\Documents and Settings\Arto\Application Data\PPMate
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.
------- Sigcheck -------
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\system32\svchost.exe
2007-03-08 18:50 578560 90f1d04938bae133e2f4d8f7f0fa4fa0 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 21:18 577536 aeefa9d983c986e7a8d6d80ca165b93f C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-09-14 16:12 577536 44c02bc54d56ed3a685302e91396720a C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\dllcache\user32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\system32\ws2_32.dll
2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-04-20 14:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\system32\winlogon.exe
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2006-12-19 21:45 2061696 8f3bbe9045dfe4d89b24552fcba0e8b2 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 19:08 2061696 8bacc2a67078823acab7c8306f394918 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2005-03-02 21:08 2059136 1c09a92e5a1c21ca1ad367f13f9b5a9d C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 21:22 2059904 09e0237ef89c06c44b8433733060573f C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-09-14 16:08 2059136 e6cbe47b5ea01ce981e4663900f04a15 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2006-12-19 21:45 2184320 8f8898bc0cb9fd8c6b0a575367a977bd C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 19:08 2184448 7ff07a634379ee2fd2b097fd76c49bfc C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2005-03-02 21:08 2181632 ae8d156d1028fba3939609f4c39eb1f1 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 21:22 2182656 22a830ae087de7e3d72c4b1d9611bf6e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-09-14 16:08 2183296 2a8e38e78177bf83c73897511a4eecd0 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\system32\dllcache\explorer.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\system32\services.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\system32\lsass.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-17_14.06.26.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 10:59:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-17 12:45:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-17 12:46:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_71c.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"DAEMON Tools"="D:\Daemon\DAEMON Tools\daemon.exe" [2007-04-04 01:29 165784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:40 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-14 16:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 12:46 46592 C:\WINDOWS\SOUNDMAN.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07 617984]
"EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.exe" [2003-11-25 04:00 99840]
"fssui"="C:\Program Files\Windows Live\Perheturva\fssui.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A6F5090F-D9EC-4263-9D7D-2968C5179291}"= C:\WINDOWS\system32\iifebCSk.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21936:TCP"= 21936:TCP:*:Disabled:BitComet 21936 TCP
"21936:UDP"= 21936:UDP:*:Disabled:BitComet 21936 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S2 clr_optimization_v2.0.50727_32 Smart;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Smart;C:\WINDOWS\system32\acelpdecy.exe [2008-06-17 00:28]
S2 fsssvc;Windows Live OneCare – perheturva;"C:\Program Files\Windows Live\Perheturva\fsssvc.exe" []
S2 ImapiServicelanmanworkstation;CD-levyjen kirjoittamisen IMAPI COM -palvelu ImapiServicelanmanworkstation;C:\WINDOWS\system32\accwizh.exe [2008-06-17 00:26]
S2 RasAutoHidServ;Remote Access Auto Connection -hallinta RasAutoHidServ;C:\WINDOWS\system32\actmoviei.exe [2008-06-17 11:09]
S2 TlntSvrsrservice;Telnet TlntSvrsrservice;C:\WINDOWS\system32\ahuid.exe [2008-06-17 11:30]
S2 wscsvcWmdmPmSN;Tietoturvakeskus wscsvcWmdmPmSN;C:\WINDOWS\system32\1037h.exe [2008-06-17 11:02]
S2 wuauservAlerter;Automaattiset päivitykset wuauservAlerter;C:\WINDOWS\system32\advpack.dlll.exe [2008-06-17 10:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b80-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b81-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105e-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105f-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-16 09:06:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-08-17 18:20:03 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 15:53:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-17 15:56:49
ComboFix-quarantined-files.txt 2008-06-17 12:55:55
ComboFix2.txt 2008-06-17 12:03:45
ComboFix3.txt 2008-06-17 11:07:21
Pre-Run: 66,303,582,208 tavua vapaana
Post-Run: 66,297,651,200 tavua vapaana
233 --- E O F --- 2008-06-14 08:03:37 - .........
Alkup. kirjoitti:
Joo,pistelen varalta ihan kaiken suunnilleen..Tajua mitään mitä tapahtuu,mutta hyvä että joku tajuaa!:) Tässäpä uusimmat tuotokset:
ComboFix 08-06-16.2 - Arto 2008-06-17 15:51:36.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.661 [GMT 3:00]
Running from: C:\Documents and Settings\Arto\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Arto\Työpöytä\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\Documents and Settings\Arto\a.com
C:\Documents and Settings\Arto\aaaa.exe
C:\Documents and Settings\Arto\p.exe
C:\Documents and Settings\Arto\setup.exe
C:\iss.exe
C:\WINDOWS\is154890.exe
C:\WINDOWS\pp.enc
C:\WINDOWS\servicean.exe
C:\WINDOWS\winudpmgrs.exe
C:\WINDOWS\winudspm.exe
C:\WINDOWS\wmplayer.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Arto\a.com
C:\iss.exe
C:\WINDOWS\is154890.exe
C:\WINDOWS\pp.enc
C:\WINDOWS\rasqervy.dll
C:\WINDOWS\sdfinacs.dll
C:\WINDOWS\sdfixwcs.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\wuasirvy.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-17 to 2008-06-17 )))))))))))))))))
.
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Documents and Settings\Arto\Application Data\Malwarebytes
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 15:22 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-17 15:22 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 13:39 . 2008-06-17 13:39 d-------- C:\Program Files\Trend Micro
2008-06-17 11:30 . 2008-06-17 11:30 41,984 -r-hs---- C:\WINDOWS\system32\ahuid.exe
2008-06-17 11:09 . 2008-06-17 11:09 41,984 -r-hs---- C:\WINDOWS\system32\actmoviei.exe
2008-06-17 11:02 . 2008-06-17 11:02 41,984 -r-hs---- C:\WINDOWS\system32\1037h.exe
2008-06-17 10:56 . 2008-06-17 10:56 41,984 -r-hs---- C:\WINDOWS\system32\advpack.dlll.exe
2008-06-17 00:30 . 2008-06-17 00:30 48,585 --a------ C:\WINDOWS\system32\acelpdecyr.sys
2008-06-17 00:29 . 2008-06-17 00:28 41,984 -r-hs---- C:\WINDOWS\system32\acelpdecy.exe
2008-06-17 00:27 . 2008-06-17 15:46 124 --a-s---- C:\WINDOWS\system32\1991136218.dat
2008-06-17 00:26 . 2008-06-17 00:26 41,984 -r-hs---- C:\WINDOWS\system32\accwizh.exe
2008-06-15 18:39 . 2008-06-15 18:39 d-------- C:\Documents and Settings\Arto\Application Data\Apple Computer
2008-06-15 18:37 . 2008-06-15 18:38 d-------- C:\Program Files\QuickTime
2008-06-15 18:37 . 2008-06-15 18:37 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Program Files\Apple Software Update
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-13 21:04 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 15:52 . 2008-06-05 00:44 d-------- C:\Documents and Settings\Arto\Application Data\.purple
2008-05-29 21:18 . 2008-05-29 21:18 244 --ah----- C:\sqmnoopt01.sqm
2008-05-29 21:18 . 2008-05-29 21:18 232 --ah----- C:\sqmdata01.sqm
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-05-22 22:06 . 2008-06-15 13:10 d-------- C:\Program Files\PartyGaming
2008-05-22 19:35 . 2008-05-22 19:35 d-------- C:\Documents and Settings\Arto\Application Data\Sports Interactive
2008-05-22 19:31 . 2008-05-22 19:31 d-------- C:\Program Files\Sports Interactive
2008-05-22 17:45 . 2008-05-22 17:45 d-------- C:\Program Files\Alwil Software
2008-05-22 15:15 . 2008-06-17 13:58 d-------- C:\Documents and Settings\Arto\Application Data\uTorrent
2008-05-19 23:21 . 2008-05-19 23:55 d-------- C:\Program Files\MagicISO
2008-05-19 22:40 . 2008-05-19 22:40 d-------- C:\Documents and Settings\Arto\Application Data\WhenU
2008-05-19 22:20 . 2008-05-19 22:20 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-19 22:13 . 2008-05-19 22:13 dr-h----- C:\Documents and Settings\Arto\Application Data\SecuROM
2008-05-19 22:13 . 2008-05-19 22:13 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Program Files\Zero G Registry
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Documents and Settings\Arto\InstallAnywhere
2008-05-19 00:11 . 2008-05-22 18:04 d-------- C:\Program Files\uTorrent
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 00:29 --------- d-----w C:\Program Files\Windows Live
2008-06-17 00:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-17 00:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 10:36 --------- d-----w C:\Documents and Settings\Arto\Application Data\Microgaming
2008-05-27 20:58 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-22 14:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\Arto\Application Data\Lavasoft
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-21 12:30 --------- d-----w C:\Program Files\Symantec
2008-05-21 12:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-21 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\Arto\Application Data\TVU Networks
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-04-23 18:55 --------- d-----w C:\Documents and Settings\Arto\Application Data\ppStream
2008-04-23 18:50 --------- d-----w C:\Program Files\Common Files\Synacast
2008-04-23 18:50 --------- d-----w C:\Documents and Settings\Arto\Application Data\PPMate
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.
------- Sigcheck -------
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\system32\svchost.exe
2007-03-08 18:50 578560 90f1d04938bae133e2f4d8f7f0fa4fa0 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 21:18 577536 aeefa9d983c986e7a8d6d80ca165b93f C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-09-14 16:12 577536 44c02bc54d56ed3a685302e91396720a C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\dllcache\user32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\system32\ws2_32.dll
2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-04-20 14:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\system32\winlogon.exe
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2006-12-19 21:45 2061696 8f3bbe9045dfe4d89b24552fcba0e8b2 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 19:08 2061696 8bacc2a67078823acab7c8306f394918 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2005-03-02 21:08 2059136 1c09a92e5a1c21ca1ad367f13f9b5a9d C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 21:22 2059904 09e0237ef89c06c44b8433733060573f C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-09-14 16:08 2059136 e6cbe47b5ea01ce981e4663900f04a15 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2006-12-19 21:45 2184320 8f8898bc0cb9fd8c6b0a575367a977bd C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 19:08 2184448 7ff07a634379ee2fd2b097fd76c49bfc C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2005-03-02 21:08 2181632 ae8d156d1028fba3939609f4c39eb1f1 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 21:22 2182656 22a830ae087de7e3d72c4b1d9611bf6e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-09-14 16:08 2183296 2a8e38e78177bf83c73897511a4eecd0 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\system32\dllcache\explorer.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\system32\services.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\system32\lsass.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-17_14.06.26.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 10:59:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-17 12:45:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-17 12:46:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_71c.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"DAEMON Tools"="D:\Daemon\DAEMON Tools\daemon.exe" [2007-04-04 01:29 165784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:40 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-14 16:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 12:46 46592 C:\WINDOWS\SOUNDMAN.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07 617984]
"EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.exe" [2003-11-25 04:00 99840]
"fssui"="C:\Program Files\Windows Live\Perheturva\fssui.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A6F5090F-D9EC-4263-9D7D-2968C5179291}"= C:\WINDOWS\system32\iifebCSk.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21936:TCP"= 21936:TCP:*:Disabled:BitComet 21936 TCP
"21936:UDP"= 21936:UDP:*:Disabled:BitComet 21936 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S2 clr_optimization_v2.0.50727_32 Smart;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Smart;C:\WINDOWS\system32\acelpdecy.exe [2008-06-17 00:28]
S2 fsssvc;Windows Live OneCare – perheturva;"C:\Program Files\Windows Live\Perheturva\fsssvc.exe" []
S2 ImapiServicelanmanworkstation;CD-levyjen kirjoittamisen IMAPI COM -palvelu ImapiServicelanmanworkstation;C:\WINDOWS\system32\accwizh.exe [2008-06-17 00:26]
S2 RasAutoHidServ;Remote Access Auto Connection -hallinta RasAutoHidServ;C:\WINDOWS\system32\actmoviei.exe [2008-06-17 11:09]
S2 TlntSvrsrservice;Telnet TlntSvrsrservice;C:\WINDOWS\system32\ahuid.exe [2008-06-17 11:30]
S2 wscsvcWmdmPmSN;Tietoturvakeskus wscsvcWmdmPmSN;C:\WINDOWS\system32\1037h.exe [2008-06-17 11:02]
S2 wuauservAlerter;Automaattiset päivitykset wuauservAlerter;C:\WINDOWS\system32\advpack.dlll.exe [2008-06-17 10:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b80-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b81-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105e-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105f-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-16 09:06:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-08-17 18:20:03 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 15:53:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-17 15:56:49
ComboFix-quarantined-files.txt 2008-06-17 12:55:55
ComboFix2.txt 2008-06-17 12:03:45
ComboFix3.txt 2008-06-17 11:07:21
Pre-Run: 66,303,582,208 tavua vapaana
Post-Run: 66,297,651,200 tavua vapaana
233 --- E O F --- 2008-06-14 08:03:37Ja pistelin pari kertaa compolla vielä läpi ton,tässä viimesimmästä loki...Onko tämä ihan toivotonta?Tuntuu että samat hommat lukee tuolla jatkuvasti,tosin enhä minä tajuakkaa tästä mitään!
ComboFix 08-06-16.2 - Arto 2008-06-17 16:05:06.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.678 [GMT 3:00]
Running from: C:\Documents and Settings\Arto\Työpöytä\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-17 to 2008-06-17 )))))))))))))))))
.
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Documents and Settings\Arto\Application Data\Malwarebytes
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 15:22 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-17 15:22 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 13:39 . 2008-06-17 13:39 d-------- C:\Program Files\Trend Micro
2008-06-17 11:30 . 2008-06-17 11:30 41,984 -r-hs---- C:\WINDOWS\system32\ahuid.exe
2008-06-17 11:09 . 2008-06-17 11:09 41,984 -r-hs---- C:\WINDOWS\system32\actmoviei.exe
2008-06-17 11:02 . 2008-06-17 11:02 41,984 -r-hs---- C:\WINDOWS\system32\1037h.exe
2008-06-17 10:56 . 2008-06-17 10:56 41,984 -r-hs---- C:\WINDOWS\system32\advpack.dlll.exe
2008-06-17 00:30 . 2008-06-17 00:30 48,585 --a------ C:\WINDOWS\system32\acelpdecyr.sys
2008-06-17 00:29 . 2008-06-17 00:28 41,984 -r-hs---- C:\WINDOWS\system32\acelpdecy.exe
2008-06-17 00:27 . 2008-06-17 15:46 124 --a-s---- C:\WINDOWS\system32\1991136218.dat
2008-06-17 00:26 . 2008-06-17 00:26 41,984 -r-hs---- C:\WINDOWS\system32\accwizh.exe
2008-06-15 18:39 . 2008-06-15 18:39 d-------- C:\Documents and Settings\Arto\Application Data\Apple Computer
2008-06-15 18:37 . 2008-06-15 18:38 d-------- C:\Program Files\QuickTime
2008-06-15 18:37 . 2008-06-15 18:37 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Program Files\Apple Software Update
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-13 21:04 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 15:52 . 2008-06-05 00:44 d-------- C:\Documents and Settings\Arto\Application Data\.purple
2008-05-29 21:18 . 2008-05-29 21:18 244 --ah----- C:\sqmnoopt01.sqm
2008-05-29 21:18 . 2008-05-29 21:18 232 --ah----- C:\sqmdata01.sqm
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-05-22 22:06 . 2008-06-15 13:10 d-------- C:\Program Files\PartyGaming
2008-05-22 19:35 . 2008-05-22 19:35 d-------- C:\Documents and Settings\Arto\Application Data\Sports Interactive
2008-05-22 19:31 . 2008-05-22 19:31 d-------- C:\Program Files\Sports Interactive
2008-05-22 17:45 . 2008-05-22 17:45 d-------- C:\Program Files\Alwil Software
2008-05-22 15:15 . 2008-06-17 13:58 d-------- C:\Documents and Settings\Arto\Application Data\uTorrent
2008-05-19 23:21 . 2008-05-19 23:55 d-------- C:\Program Files\MagicISO
2008-05-19 22:40 . 2008-05-19 22:40 d-------- C:\Documents and Settings\Arto\Application Data\WhenU
2008-05-19 22:20 . 2008-05-19 22:20 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-19 22:13 . 2008-05-19 22:13 dr-h----- C:\Documents and Settings\Arto\Application Data\SecuROM
2008-05-19 22:13 . 2008-05-19 22:13 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Program Files\Zero G Registry
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Documents and Settings\Arto\InstallAnywhere
2008-05-19 00:11 . 2008-05-22 18:04 d-------- C:\Program Files\uTorrent
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 00:29 --------- d-----w C:\Program Files\Windows Live
2008-06-17 00:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-17 00:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 10:36 --------- d-----w C:\Documents and Settings\Arto\Application Data\Microgaming
2008-05-27 20:58 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-22 14:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\Arto\Application Data\Lavasoft
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-21 12:30 --------- d-----w C:\Program Files\Symantec
2008-05-21 12:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-21 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\Arto\Application Data\TVU Networks
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-04-23 18:55 --------- d-----w C:\Documents and Settings\Arto\Application Data\ppStream
2008-04-23 18:50 --------- d-----w C:\Program Files\Common Files\Synacast
2008-04-23 18:50 --------- d-----w C:\Documents and Settings\Arto\Application Data\PPMate
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.
------- Sigcheck -------
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\system32\svchost.exe
2007-03-08 18:50 578560 90f1d04938bae133e2f4d8f7f0fa4fa0 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 21:18 577536 aeefa9d983c986e7a8d6d80ca165b93f C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-09-14 16:12 577536 44c02bc54d56ed3a685302e91396720a C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\dllcache\user32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\system32\ws2_32.dll
2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-04-20 14:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\system32\winlogon.exe
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2006-12-19 21:45 2061696 8f3bbe9045dfe4d89b24552fcba0e8b2 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 19:08 2061696 8bacc2a67078823acab7c8306f394918 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2005-03-02 21:08 2059136 1c09a92e5a1c21ca1ad367f13f9b5a9d C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 21:22 2059904 09e0237ef89c06c44b8433733060573f C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-09-14 16:08 2059136 e6cbe47b5ea01ce981e4663900f04a15 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2006-12-19 21:45 2184320 8f8898bc0cb9fd8c6b0a575367a977bd C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 19:08 2184448 7ff07a634379ee2fd2b097fd76c49bfc C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2005-03-02 21:08 2181632 ae8d156d1028fba3939609f4c39eb1f1 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 21:22 2182656 22a830ae087de7e3d72c4b1d9611bf6e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-09-14 16:08 2183296 2a8e38e78177bf83c73897511a4eecd0 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\system32\dllcache\explorer.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\system32\services.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\system32\lsass.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-17_14.06.26.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 10:59:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-17 12:45:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-17 12:46:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_71c.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"DAEMON Tools"="D:\Daemon\DAEMON Tools\daemon.exe" [2007-04-04 01:29 165784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:40 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-14 16:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 12:46 46592 C:\WINDOWS\SOUNDMAN.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07 617984]
"EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.exe" [2003-11-25 04:00 99840]
"fssui"="C:\Program Files\Windows Live\Perheturva\fssui.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A6F5090F-D9EC-4263-9D7D-2968C5179291}"= C:\WINDOWS\system32\iifebCSk.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21936:TCP"= 21936:TCP:*:Disabled:BitComet 21936 TCP
"21936:UDP"= 21936:UDP:*:Disabled:BitComet 21936 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S2 clr_optimization_v2.0.50727_32 Smart;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Smart;C:\WINDOWS\system32\acelpdecy.exe [2008-06-17 00:28]
S2 fsssvc;Windows Live OneCare – perheturva;"C:\Program Files\Windows Live\Perheturva\fsssvc.exe" []
S2 ImapiServicelanmanworkstation;CD-levyjen kirjoittamisen IMAPI COM -palvelu ImapiServicelanmanworkstation;C:\WINDOWS\system32\accwizh.exe [2008-06-17 00:26]
S2 RasAutoHidServ;Remote Access Auto Connection -hallinta RasAutoHidServ;C:\WINDOWS\system32\actmoviei.exe [2008-06-17 11:09]
S2 TlntSvrsrservice;Telnet TlntSvrsrservice;C:\WINDOWS\system32\ahuid.exe [2008-06-17 11:30]
S2 wscsvcWmdmPmSN;Tietoturvakeskus wscsvcWmdmPmSN;C:\WINDOWS\system32\1037h.exe [2008-06-17 11:02]
S2 wuauservAlerter;Automaattiset päivitykset wuauservAlerter;C:\WINDOWS\system32\advpack.dlll.exe [2008-06-17 10:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b80-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b81-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105e-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105f-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-16 09:06:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-08-17 18:20:03 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 16:05:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-17 16:07:45
ComboFix-quarantined-files.txt 2008-06-17 13:07:35
ComboFix2.txt 2008-06-17 13:04:25
ComboFix3.txt 2008-06-17 12:56:49
ComboFix4.txt 2008-06-17 12:03:45
ComboFix5.txt 2008-06-17 11:07:21
Pre-Run: 66,304,499,712 tavua vapaana
Post-Run: 66,293,620,736 tavua vapaana
209 --- E O F --- 2008-06-14 08:03:37 - Fix.Fix
Alkup. kirjoitti:
Joo,pistelen varalta ihan kaiken suunnilleen..Tajua mitään mitä tapahtuu,mutta hyvä että joku tajuaa!:) Tässäpä uusimmat tuotokset:
ComboFix 08-06-16.2 - Arto 2008-06-17 15:51:36.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.661 [GMT 3:00]
Running from: C:\Documents and Settings\Arto\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Arto\Työpöytä\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\Documents and Settings\Arto\a.com
C:\Documents and Settings\Arto\aaaa.exe
C:\Documents and Settings\Arto\p.exe
C:\Documents and Settings\Arto\setup.exe
C:\iss.exe
C:\WINDOWS\is154890.exe
C:\WINDOWS\pp.enc
C:\WINDOWS\servicean.exe
C:\WINDOWS\winudpmgrs.exe
C:\WINDOWS\winudspm.exe
C:\WINDOWS\wmplayer.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Arto\a.com
C:\iss.exe
C:\WINDOWS\is154890.exe
C:\WINDOWS\pp.enc
C:\WINDOWS\rasqervy.dll
C:\WINDOWS\sdfinacs.dll
C:\WINDOWS\sdfixwcs.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\wuasirvy.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-17 to 2008-06-17 )))))))))))))))))
.
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Documents and Settings\Arto\Application Data\Malwarebytes
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 15:22 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-17 15:22 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 13:39 . 2008-06-17 13:39 d-------- C:\Program Files\Trend Micro
2008-06-17 11:30 . 2008-06-17 11:30 41,984 -r-hs---- C:\WINDOWS\system32\ahuid.exe
2008-06-17 11:09 . 2008-06-17 11:09 41,984 -r-hs---- C:\WINDOWS\system32\actmoviei.exe
2008-06-17 11:02 . 2008-06-17 11:02 41,984 -r-hs---- C:\WINDOWS\system32\1037h.exe
2008-06-17 10:56 . 2008-06-17 10:56 41,984 -r-hs---- C:\WINDOWS\system32\advpack.dlll.exe
2008-06-17 00:30 . 2008-06-17 00:30 48,585 --a------ C:\WINDOWS\system32\acelpdecyr.sys
2008-06-17 00:29 . 2008-06-17 00:28 41,984 -r-hs---- C:\WINDOWS\system32\acelpdecy.exe
2008-06-17 00:27 . 2008-06-17 15:46 124 --a-s---- C:\WINDOWS\system32\1991136218.dat
2008-06-17 00:26 . 2008-06-17 00:26 41,984 -r-hs---- C:\WINDOWS\system32\accwizh.exe
2008-06-15 18:39 . 2008-06-15 18:39 d-------- C:\Documents and Settings\Arto\Application Data\Apple Computer
2008-06-15 18:37 . 2008-06-15 18:38 d-------- C:\Program Files\QuickTime
2008-06-15 18:37 . 2008-06-15 18:37 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Program Files\Apple Software Update
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-13 21:04 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 15:52 . 2008-06-05 00:44 d-------- C:\Documents and Settings\Arto\Application Data\.purple
2008-05-29 21:18 . 2008-05-29 21:18 244 --ah----- C:\sqmnoopt01.sqm
2008-05-29 21:18 . 2008-05-29 21:18 232 --ah----- C:\sqmdata01.sqm
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-05-22 22:06 . 2008-06-15 13:10 d-------- C:\Program Files\PartyGaming
2008-05-22 19:35 . 2008-05-22 19:35 d-------- C:\Documents and Settings\Arto\Application Data\Sports Interactive
2008-05-22 19:31 . 2008-05-22 19:31 d-------- C:\Program Files\Sports Interactive
2008-05-22 17:45 . 2008-05-22 17:45 d-------- C:\Program Files\Alwil Software
2008-05-22 15:15 . 2008-06-17 13:58 d-------- C:\Documents and Settings\Arto\Application Data\uTorrent
2008-05-19 23:21 . 2008-05-19 23:55 d-------- C:\Program Files\MagicISO
2008-05-19 22:40 . 2008-05-19 22:40 d-------- C:\Documents and Settings\Arto\Application Data\WhenU
2008-05-19 22:20 . 2008-05-19 22:20 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-19 22:13 . 2008-05-19 22:13 dr-h----- C:\Documents and Settings\Arto\Application Data\SecuROM
2008-05-19 22:13 . 2008-05-19 22:13 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Program Files\Zero G Registry
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Documents and Settings\Arto\InstallAnywhere
2008-05-19 00:11 . 2008-05-22 18:04 d-------- C:\Program Files\uTorrent
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 00:29 --------- d-----w C:\Program Files\Windows Live
2008-06-17 00:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-17 00:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 10:36 --------- d-----w C:\Documents and Settings\Arto\Application Data\Microgaming
2008-05-27 20:58 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-22 14:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\Arto\Application Data\Lavasoft
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-21 12:30 --------- d-----w C:\Program Files\Symantec
2008-05-21 12:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-21 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\Arto\Application Data\TVU Networks
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-04-23 18:55 --------- d-----w C:\Documents and Settings\Arto\Application Data\ppStream
2008-04-23 18:50 --------- d-----w C:\Program Files\Common Files\Synacast
2008-04-23 18:50 --------- d-----w C:\Documents and Settings\Arto\Application Data\PPMate
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.
------- Sigcheck -------
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\system32\svchost.exe
2007-03-08 18:50 578560 90f1d04938bae133e2f4d8f7f0fa4fa0 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 21:18 577536 aeefa9d983c986e7a8d6d80ca165b93f C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-09-14 16:12 577536 44c02bc54d56ed3a685302e91396720a C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\dllcache\user32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\system32\ws2_32.dll
2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-04-20 14:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\system32\winlogon.exe
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2006-12-19 21:45 2061696 8f3bbe9045dfe4d89b24552fcba0e8b2 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 19:08 2061696 8bacc2a67078823acab7c8306f394918 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2005-03-02 21:08 2059136 1c09a92e5a1c21ca1ad367f13f9b5a9d C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 21:22 2059904 09e0237ef89c06c44b8433733060573f C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-09-14 16:08 2059136 e6cbe47b5ea01ce981e4663900f04a15 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2006-12-19 21:45 2184320 8f8898bc0cb9fd8c6b0a575367a977bd C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 19:08 2184448 7ff07a634379ee2fd2b097fd76c49bfc C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2005-03-02 21:08 2181632 ae8d156d1028fba3939609f4c39eb1f1 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 21:22 2182656 22a830ae087de7e3d72c4b1d9611bf6e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-09-14 16:08 2183296 2a8e38e78177bf83c73897511a4eecd0 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\system32\dllcache\explorer.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\system32\services.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\system32\lsass.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-17_14.06.26.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 10:59:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-17 12:45:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-17 12:46:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_71c.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"DAEMON Tools"="D:\Daemon\DAEMON Tools\daemon.exe" [2007-04-04 01:29 165784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:40 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-14 16:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 12:46 46592 C:\WINDOWS\SOUNDMAN.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07 617984]
"EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.exe" [2003-11-25 04:00 99840]
"fssui"="C:\Program Files\Windows Live\Perheturva\fssui.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A6F5090F-D9EC-4263-9D7D-2968C5179291}"= C:\WINDOWS\system32\iifebCSk.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21936:TCP"= 21936:TCP:*:Disabled:BitComet 21936 TCP
"21936:UDP"= 21936:UDP:*:Disabled:BitComet 21936 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S2 clr_optimization_v2.0.50727_32 Smart;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Smart;C:\WINDOWS\system32\acelpdecy.exe [2008-06-17 00:28]
S2 fsssvc;Windows Live OneCare – perheturva;"C:\Program Files\Windows Live\Perheturva\fsssvc.exe" []
S2 ImapiServicelanmanworkstation;CD-levyjen kirjoittamisen IMAPI COM -palvelu ImapiServicelanmanworkstation;C:\WINDOWS\system32\accwizh.exe [2008-06-17 00:26]
S2 RasAutoHidServ;Remote Access Auto Connection -hallinta RasAutoHidServ;C:\WINDOWS\system32\actmoviei.exe [2008-06-17 11:09]
S2 TlntSvrsrservice;Telnet TlntSvrsrservice;C:\WINDOWS\system32\ahuid.exe [2008-06-17 11:30]
S2 wscsvcWmdmPmSN;Tietoturvakeskus wscsvcWmdmPmSN;C:\WINDOWS\system32\1037h.exe [2008-06-17 11:02]
S2 wuauservAlerter;Automaattiset päivitykset wuauservAlerter;C:\WINDOWS\system32\advpack.dlll.exe [2008-06-17 10:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b80-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b81-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105e-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105f-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-16 09:06:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-08-17 18:20:03 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 15:53:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-17 15:56:49
ComboFix-quarantined-files.txt 2008-06-17 12:55:55
ComboFix2.txt 2008-06-17 12:03:45
ComboFix3.txt 2008-06-17 11:07:21
Pre-Run: 66,303,582,208 tavua vapaana
Post-Run: 66,297,651,200 tavua vapaana
233 --- E O F --- 2008-06-14 08:03:37Avaa Muistio ja kopioi/liitä viivojen välistä sisältö sinne:
___________
File::
C:\WINDOWS\system32\ahuid.exe
C:\WINDOWS\system32\actmoviei.exe
C:\WINDOWS\system32\acelpdecy.exe
C:\WINDOWS\system32\1037h.exe
C:\WINDOWS\system32\advpack.dlll.exe
C:\WINDOWS\system32\acelpdecy.exe
__________
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne. - Fix.Fix
......... kirjoitti:
Ja pistelin pari kertaa compolla vielä läpi ton,tässä viimesimmästä loki...Onko tämä ihan toivotonta?Tuntuu että samat hommat lukee tuolla jatkuvasti,tosin enhä minä tajuakkaa tästä mitään!
ComboFix 08-06-16.2 - Arto 2008-06-17 16:05:06.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.678 [GMT 3:00]
Running from: C:\Documents and Settings\Arto\Työpöytä\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-17 to 2008-06-17 )))))))))))))))))
.
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Documents and Settings\Arto\Application Data\Malwarebytes
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 15:22 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-17 15:22 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 13:39 . 2008-06-17 13:39 d-------- C:\Program Files\Trend Micro
2008-06-17 11:30 . 2008-06-17 11:30 41,984 -r-hs---- C:\WINDOWS\system32\ahuid.exe
2008-06-17 11:09 . 2008-06-17 11:09 41,984 -r-hs---- C:\WINDOWS\system32\actmoviei.exe
2008-06-17 11:02 . 2008-06-17 11:02 41,984 -r-hs---- C:\WINDOWS\system32\1037h.exe
2008-06-17 10:56 . 2008-06-17 10:56 41,984 -r-hs---- C:\WINDOWS\system32\advpack.dlll.exe
2008-06-17 00:30 . 2008-06-17 00:30 48,585 --a------ C:\WINDOWS\system32\acelpdecyr.sys
2008-06-17 00:29 . 2008-06-17 00:28 41,984 -r-hs---- C:\WINDOWS\system32\acelpdecy.exe
2008-06-17 00:27 . 2008-06-17 15:46 124 --a-s---- C:\WINDOWS\system32\1991136218.dat
2008-06-17 00:26 . 2008-06-17 00:26 41,984 -r-hs---- C:\WINDOWS\system32\accwizh.exe
2008-06-15 18:39 . 2008-06-15 18:39 d-------- C:\Documents and Settings\Arto\Application Data\Apple Computer
2008-06-15 18:37 . 2008-06-15 18:38 d-------- C:\Program Files\QuickTime
2008-06-15 18:37 . 2008-06-15 18:37 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Program Files\Apple Software Update
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-13 21:04 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 15:52 . 2008-06-05 00:44 d-------- C:\Documents and Settings\Arto\Application Data\.purple
2008-05-29 21:18 . 2008-05-29 21:18 244 --ah----- C:\sqmnoopt01.sqm
2008-05-29 21:18 . 2008-05-29 21:18 232 --ah----- C:\sqmdata01.sqm
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-05-22 22:06 . 2008-06-15 13:10 d-------- C:\Program Files\PartyGaming
2008-05-22 19:35 . 2008-05-22 19:35 d-------- C:\Documents and Settings\Arto\Application Data\Sports Interactive
2008-05-22 19:31 . 2008-05-22 19:31 d-------- C:\Program Files\Sports Interactive
2008-05-22 17:45 . 2008-05-22 17:45 d-------- C:\Program Files\Alwil Software
2008-05-22 15:15 . 2008-06-17 13:58 d-------- C:\Documents and Settings\Arto\Application Data\uTorrent
2008-05-19 23:21 . 2008-05-19 23:55 d-------- C:\Program Files\MagicISO
2008-05-19 22:40 . 2008-05-19 22:40 d-------- C:\Documents and Settings\Arto\Application Data\WhenU
2008-05-19 22:20 . 2008-05-19 22:20 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-19 22:13 . 2008-05-19 22:13 dr-h----- C:\Documents and Settings\Arto\Application Data\SecuROM
2008-05-19 22:13 . 2008-05-19 22:13 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Program Files\Zero G Registry
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Documents and Settings\Arto\InstallAnywhere
2008-05-19 00:11 . 2008-05-22 18:04 d-------- C:\Program Files\uTorrent
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 00:29 --------- d-----w C:\Program Files\Windows Live
2008-06-17 00:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-17 00:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 10:36 --------- d-----w C:\Documents and Settings\Arto\Application Data\Microgaming
2008-05-27 20:58 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-22 14:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\Arto\Application Data\Lavasoft
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-21 12:30 --------- d-----w C:\Program Files\Symantec
2008-05-21 12:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-21 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\Arto\Application Data\TVU Networks
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-04-23 18:55 --------- d-----w C:\Documents and Settings\Arto\Application Data\ppStream
2008-04-23 18:50 --------- d-----w C:\Program Files\Common Files\Synacast
2008-04-23 18:50 --------- d-----w C:\Documents and Settings\Arto\Application Data\PPMate
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.
------- Sigcheck -------
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\system32\svchost.exe
2007-03-08 18:50 578560 90f1d04938bae133e2f4d8f7f0fa4fa0 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 21:18 577536 aeefa9d983c986e7a8d6d80ca165b93f C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-09-14 16:12 577536 44c02bc54d56ed3a685302e91396720a C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\dllcache\user32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\system32\ws2_32.dll
2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-04-20 14:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\system32\winlogon.exe
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2006-12-19 21:45 2061696 8f3bbe9045dfe4d89b24552fcba0e8b2 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 19:08 2061696 8bacc2a67078823acab7c8306f394918 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2005-03-02 21:08 2059136 1c09a92e5a1c21ca1ad367f13f9b5a9d C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 21:22 2059904 09e0237ef89c06c44b8433733060573f C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-09-14 16:08 2059136 e6cbe47b5ea01ce981e4663900f04a15 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2006-12-19 21:45 2184320 8f8898bc0cb9fd8c6b0a575367a977bd C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 19:08 2184448 7ff07a634379ee2fd2b097fd76c49bfc C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2005-03-02 21:08 2181632 ae8d156d1028fba3939609f4c39eb1f1 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 21:22 2182656 22a830ae087de7e3d72c4b1d9611bf6e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-09-14 16:08 2183296 2a8e38e78177bf83c73897511a4eecd0 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\system32\dllcache\explorer.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\system32\services.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\system32\lsass.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-17_14.06.26.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 10:59:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-17 12:45:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-17 12:46:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_71c.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"DAEMON Tools"="D:\Daemon\DAEMON Tools\daemon.exe" [2007-04-04 01:29 165784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:40 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-14 16:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 12:46 46592 C:\WINDOWS\SOUNDMAN.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07 617984]
"EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.exe" [2003-11-25 04:00 99840]
"fssui"="C:\Program Files\Windows Live\Perheturva\fssui.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A6F5090F-D9EC-4263-9D7D-2968C5179291}"= C:\WINDOWS\system32\iifebCSk.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21936:TCP"= 21936:TCP:*:Disabled:BitComet 21936 TCP
"21936:UDP"= 21936:UDP:*:Disabled:BitComet 21936 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S2 clr_optimization_v2.0.50727_32 Smart;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Smart;C:\WINDOWS\system32\acelpdecy.exe [2008-06-17 00:28]
S2 fsssvc;Windows Live OneCare – perheturva;"C:\Program Files\Windows Live\Perheturva\fsssvc.exe" []
S2 ImapiServicelanmanworkstation;CD-levyjen kirjoittamisen IMAPI COM -palvelu ImapiServicelanmanworkstation;C:\WINDOWS\system32\accwizh.exe [2008-06-17 00:26]
S2 RasAutoHidServ;Remote Access Auto Connection -hallinta RasAutoHidServ;C:\WINDOWS\system32\actmoviei.exe [2008-06-17 11:09]
S2 TlntSvrsrservice;Telnet TlntSvrsrservice;C:\WINDOWS\system32\ahuid.exe [2008-06-17 11:30]
S2 wscsvcWmdmPmSN;Tietoturvakeskus wscsvcWmdmPmSN;C:\WINDOWS\system32\1037h.exe [2008-06-17 11:02]
S2 wuauservAlerter;Automaattiset päivitykset wuauservAlerter;C:\WINDOWS\system32\advpack.dlll.exe [2008-06-17 10:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b80-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b81-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105e-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105f-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-16 09:06:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-08-17 18:20:03 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 16:05:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-17 16:07:45
ComboFix-quarantined-files.txt 2008-06-17 13:07:35
ComboFix2.txt 2008-06-17 13:04:25
ComboFix3.txt 2008-06-17 12:56:49
ComboFix4.txt 2008-06-17 12:03:45
ComboFix5.txt 2008-06-17 11:07:21
Pre-Run: 66,304,499,712 tavua vapaana
Post-Run: 66,293,620,736 tavua vapaana
209 --- E O F --- 2008-06-14 08:03:37täytyy sitten ruveta pikkusen muuttelemaan :D
- koneeni tiedostossa...
Fix.Fix kirjoitti:
Avaa Muistio ja kopioi/liitä viivojen välistä sisältö sinne:
___________
File::
C:\WINDOWS\system32\ahuid.exe
C:\WINDOWS\system32\actmoviei.exe
C:\WINDOWS\system32\acelpdecy.exe
C:\WINDOWS\system32\1037h.exe
C:\WINDOWS\system32\advpack.dlll.exe
C:\WINDOWS\system32\acelpdecy.exe
__________
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.Ja taas on seurattu urhoollisesti ohjeita:
ComboFix 08-06-16.2 - Arto 2008-06-17 16:42:14.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.670 [GMT 3:00]
Running from: C:\Documents and Settings\Arto\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Arto\Työpöytä\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\WINDOWS\system32\1037h.exe
C:\WINDOWS\system32\acelpdecy.exe
C:\WINDOWS\system32\actmoviei.exe
C:\WINDOWS\system32\advpack.dlll.exe
C:\WINDOWS\system32\ahuid.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\1037h.exe
C:\WINDOWS\system32\acelpdecy.exe
C:\WINDOWS\system32\actmoviei.exe
C:\WINDOWS\system32\advpack.dlll.exe
C:\WINDOWS\system32\ahuid.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_clr_optimization_v2.0.50727_32_Smart
-------\Legacy_RasAutoHidServ
-------\Legacy_TlntSvrsrservice
-------\Legacy_wscsvcWmdmPmSN
-------\Legacy_wuauservAlerter
-------\Service_clr_optimization_v2.0.50727_32 Smart
-------\Service_RasAutoHidServ
-------\Service_TlntSvrsrservice
-------\Service_wscsvcWmdmPmSN
-------\Service_wuauservAlerter
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-17 to 2008-06-17 )))))))))))))))))
.
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Documents and Settings\Arto\Application Data\Malwarebytes
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 15:22 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-17 15:22 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 13:39 . 2008-06-17 13:39 d-------- C:\Program Files\Trend Micro
2008-06-17 00:30 . 2008-06-17 00:30 48,585 --a------ C:\WINDOWS\system32\acelpdecyr.sys
2008-06-17 00:27 . 2008-06-17 15:46 124 --a-s---- C:\WINDOWS\system32\1991136218.dat
2008-06-17 00:26 . 2008-06-17 00:26 41,984 -r-hs---- C:\WINDOWS\system32\accwizh.exe
2008-06-15 18:39 . 2008-06-15 18:39 d-------- C:\Documents and Settings\Arto\Application Data\Apple Computer
2008-06-15 18:37 . 2008-06-15 18:38 d-------- C:\Program Files\QuickTime
2008-06-15 18:37 . 2008-06-15 18:37 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Program Files\Apple Software Update
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-13 21:04 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 15:52 . 2008-06-05 00:44 d-------- C:\Documents and Settings\Arto\Application Data\.purple
2008-05-29 21:18 . 2008-05-29 21:18 244 --ah----- C:\sqmnoopt01.sqm
2008-05-29 21:18 . 2008-05-29 21:18 232 --ah----- C:\sqmdata01.sqm
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-05-22 22:06 . 2008-06-15 13:10 d-------- C:\Program Files\PartyGaming
2008-05-22 19:35 . 2008-05-22 19:35 d-------- C:\Documents and Settings\Arto\Application Data\Sports Interactive
2008-05-22 19:31 . 2008-05-22 19:31 d-------- C:\Program Files\Sports Interactive
2008-05-22 17:45 . 2008-05-22 17:45 d-------- C:\Program Files\Alwil Software
2008-05-22 15:15 . 2008-06-17 13:58 d-------- C:\Documents and Settings\Arto\Application Data\uTorrent
2008-05-19 23:21 . 2008-05-19 23:55 d-------- C:\Program Files\MagicISO
2008-05-19 22:40 . 2008-05-19 22:40 d-------- C:\Documents and Settings\Arto\Application Data\WhenU
2008-05-19 22:20 . 2008-05-19 22:20 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-19 22:13 . 2008-05-19 22:13 dr-h----- C:\Documents and Settings\Arto\Application Data\SecuROM
2008-05-19 22:13 . 2008-05-19 22:13 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Program Files\Zero G Registry
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Documents and Settings\Arto\InstallAnywhere
2008-05-19 00:11 . 2008-05-22 18:04 d-------- C:\Program Files\uTorrent
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 00:29 --------- d-----w C:\Program Files\Windows Live
2008-06-17 00:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-17 00:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 10:36 --------- d-----w C:\Documents and Settings\Arto\Application Data\Microgaming
2008-05-27 20:58 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-22 14:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\Arto\Application Data\Lavasoft
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-21 12:30 --------- d-----w C:\Program Files\Symantec
2008-05-21 12:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-21 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\Arto\Application Data\TVU Networks
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-04-23 18:55 --------- d-----w C:\Documents and Settings\Arto\Application Data\ppStream
2008-04-23 18:50 --------- d-----w C:\Program Files\Common Files\Synacast
2008-04-23 18:50 --------- d-----w C:\Documents and Settings\Arto\Application Data\PPMate
.
------- Sigcheck -------
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\system32\svchost.exe
2007-03-08 18:50 578560 90f1d04938bae133e2f4d8f7f0fa4fa0 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 21:18 577536 aeefa9d983c986e7a8d6d80ca165b93f C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-09-14 16:12 577536 44c02bc54d56ed3a685302e91396720a C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\dllcache\user32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\system32\ws2_32.dll
2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-04-20 14:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\system32\winlogon.exe
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2006-12-19 21:45 2061696 8f3bbe9045dfe4d89b24552fcba0e8b2 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 19:08 2061696 8bacc2a67078823acab7c8306f394918 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2005-03-02 21:08 2059136 1c09a92e5a1c21ca1ad367f13f9b5a9d C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 21:22 2059904 09e0237ef89c06c44b8433733060573f C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-09-14 16:08 2059136 e6cbe47b5ea01ce981e4663900f04a15 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2006-12-19 21:45 2184320 8f8898bc0cb9fd8c6b0a575367a977bd C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 19:08 2184448 7ff07a634379ee2fd2b097fd76c49bfc C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2005-03-02 21:08 2181632 ae8d156d1028fba3939609f4c39eb1f1 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 21:22 2182656 22a830ae087de7e3d72c4b1d9611bf6e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-09-14 16:08 2183296 2a8e38e78177bf83c73897511a4eecd0 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\system32\dllcache\explorer.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\system32\services.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\system32\lsass.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-17_14.06.26.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 10:59:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-17 13:44:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-17 13:44:41 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_72c.dat
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"DAEMON Tools"="D:\Daemon\DAEMON Tools\daemon.exe" [2007-04-04 01:29 165784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:40 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-14 16:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 12:46 46592 C:\WINDOWS\SOUNDMAN.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07 617984]
"EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.exe" [2003-11-25 04:00 99840]
"fssui"="C:\Program Files\Windows Live\Perheturva\fssui.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A6F5090F-D9EC-4263-9D7D-2968C5179291}"= C:\WINDOWS\system32\iifebCSk.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21936:TCP"= 21936:TCP:*:Disabled:BitComet 21936 TCP
"21936:UDP"= 21936:UDP:*:Disabled:BitComet 21936 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S2 fsssvc;Windows Live OneCare – perheturva;"C:\Program Files\Windows Live\Perheturva\fsssvc.exe" []
S2 ImapiServicelanmanworkstation;CD-levyjen kirjoittamisen IMAPI COM -palvelu ImapiServicelanmanworkstation;C:\WINDOWS\system32\accwizh.exe [2008-06-17 00:26]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b80-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b81-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105e-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105f-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-06-16 09:06:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-08-17 18:20:03 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 16:45:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-06-17 16:51:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-17 13:51:12
ComboFix2.txt 2008-06-17 13:07:46
ComboFix3.txt 2008-06-17 13:04:25
ComboFix4.txt 2008-06-17 12:56:49
ComboFix5.txt 2008-06-17 12:03:45
Pre-Run: 66,265,038,848 tavua vapaana
Post-Run: 66,262,880,256 tavua vapaana
236 --- E O F --- 2008-06-14 08:03:37 - Fix.Fix
koneeni tiedostossa... kirjoitti:
Ja taas on seurattu urhoollisesti ohjeita:
ComboFix 08-06-16.2 - Arto 2008-06-17 16:42:14.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.670 [GMT 3:00]
Running from: C:\Documents and Settings\Arto\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Arto\Työpöytä\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\WINDOWS\system32\1037h.exe
C:\WINDOWS\system32\acelpdecy.exe
C:\WINDOWS\system32\actmoviei.exe
C:\WINDOWS\system32\advpack.dlll.exe
C:\WINDOWS\system32\ahuid.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\1037h.exe
C:\WINDOWS\system32\acelpdecy.exe
C:\WINDOWS\system32\actmoviei.exe
C:\WINDOWS\system32\advpack.dlll.exe
C:\WINDOWS\system32\ahuid.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_clr_optimization_v2.0.50727_32_Smart
-------\Legacy_RasAutoHidServ
-------\Legacy_TlntSvrsrservice
-------\Legacy_wscsvcWmdmPmSN
-------\Legacy_wuauservAlerter
-------\Service_clr_optimization_v2.0.50727_32 Smart
-------\Service_RasAutoHidServ
-------\Service_TlntSvrsrservice
-------\Service_wscsvcWmdmPmSN
-------\Service_wuauservAlerter
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-17 to 2008-06-17 )))))))))))))))))
.
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Documents and Settings\Arto\Application Data\Malwarebytes
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 15:22 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-17 15:22 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 13:39 . 2008-06-17 13:39 d-------- C:\Program Files\Trend Micro
2008-06-17 00:30 . 2008-06-17 00:30 48,585 --a------ C:\WINDOWS\system32\acelpdecyr.sys
2008-06-17 00:27 . 2008-06-17 15:46 124 --a-s---- C:\WINDOWS\system32\1991136218.dat
2008-06-17 00:26 . 2008-06-17 00:26 41,984 -r-hs---- C:\WINDOWS\system32\accwizh.exe
2008-06-15 18:39 . 2008-06-15 18:39 d-------- C:\Documents and Settings\Arto\Application Data\Apple Computer
2008-06-15 18:37 . 2008-06-15 18:38 d-------- C:\Program Files\QuickTime
2008-06-15 18:37 . 2008-06-15 18:37 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Program Files\Apple Software Update
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-13 21:04 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 15:52 . 2008-06-05 00:44 d-------- C:\Documents and Settings\Arto\Application Data\.purple
2008-05-29 21:18 . 2008-05-29 21:18 244 --ah----- C:\sqmnoopt01.sqm
2008-05-29 21:18 . 2008-05-29 21:18 232 --ah----- C:\sqmdata01.sqm
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-05-22 22:06 . 2008-06-15 13:10 d-------- C:\Program Files\PartyGaming
2008-05-22 19:35 . 2008-05-22 19:35 d-------- C:\Documents and Settings\Arto\Application Data\Sports Interactive
2008-05-22 19:31 . 2008-05-22 19:31 d-------- C:\Program Files\Sports Interactive
2008-05-22 17:45 . 2008-05-22 17:45 d-------- C:\Program Files\Alwil Software
2008-05-22 15:15 . 2008-06-17 13:58 d-------- C:\Documents and Settings\Arto\Application Data\uTorrent
2008-05-19 23:21 . 2008-05-19 23:55 d-------- C:\Program Files\MagicISO
2008-05-19 22:40 . 2008-05-19 22:40 d-------- C:\Documents and Settings\Arto\Application Data\WhenU
2008-05-19 22:20 . 2008-05-19 22:20 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-19 22:13 . 2008-05-19 22:13 dr-h----- C:\Documents and Settings\Arto\Application Data\SecuROM
2008-05-19 22:13 . 2008-05-19 22:13 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Program Files\Zero G Registry
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Documents and Settings\Arto\InstallAnywhere
2008-05-19 00:11 . 2008-05-22 18:04 d-------- C:\Program Files\uTorrent
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 00:29 --------- d-----w C:\Program Files\Windows Live
2008-06-17 00:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-17 00:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 10:36 --------- d-----w C:\Documents and Settings\Arto\Application Data\Microgaming
2008-05-27 20:58 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-22 14:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\Arto\Application Data\Lavasoft
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-21 12:30 --------- d-----w C:\Program Files\Symantec
2008-05-21 12:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-21 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\Arto\Application Data\TVU Networks
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-04-23 18:55 --------- d-----w C:\Documents and Settings\Arto\Application Data\ppStream
2008-04-23 18:50 --------- d-----w C:\Program Files\Common Files\Synacast
2008-04-23 18:50 --------- d-----w C:\Documents and Settings\Arto\Application Data\PPMate
.
------- Sigcheck -------
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\system32\svchost.exe
2007-03-08 18:50 578560 90f1d04938bae133e2f4d8f7f0fa4fa0 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 21:18 577536 aeefa9d983c986e7a8d6d80ca165b93f C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-09-14 16:12 577536 44c02bc54d56ed3a685302e91396720a C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\dllcache\user32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\system32\ws2_32.dll
2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-04-20 14:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\system32\winlogon.exe
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2006-12-19 21:45 2061696 8f3bbe9045dfe4d89b24552fcba0e8b2 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 19:08 2061696 8bacc2a67078823acab7c8306f394918 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2005-03-02 21:08 2059136 1c09a92e5a1c21ca1ad367f13f9b5a9d C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 21:22 2059904 09e0237ef89c06c44b8433733060573f C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-09-14 16:08 2059136 e6cbe47b5ea01ce981e4663900f04a15 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2006-12-19 21:45 2184320 8f8898bc0cb9fd8c6b0a575367a977bd C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 19:08 2184448 7ff07a634379ee2fd2b097fd76c49bfc C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2005-03-02 21:08 2181632 ae8d156d1028fba3939609f4c39eb1f1 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 21:22 2182656 22a830ae087de7e3d72c4b1d9611bf6e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-09-14 16:08 2183296 2a8e38e78177bf83c73897511a4eecd0 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\system32\dllcache\explorer.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\system32\services.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\system32\lsass.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-17_14.06.26.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 10:59:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-17 13:44:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-17 13:44:41 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_72c.dat
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"DAEMON Tools"="D:\Daemon\DAEMON Tools\daemon.exe" [2007-04-04 01:29 165784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:40 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-14 16:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 12:46 46592 C:\WINDOWS\SOUNDMAN.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07 617984]
"EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.exe" [2003-11-25 04:00 99840]
"fssui"="C:\Program Files\Windows Live\Perheturva\fssui.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A6F5090F-D9EC-4263-9D7D-2968C5179291}"= C:\WINDOWS\system32\iifebCSk.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21936:TCP"= 21936:TCP:*:Disabled:BitComet 21936 TCP
"21936:UDP"= 21936:UDP:*:Disabled:BitComet 21936 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S2 fsssvc;Windows Live OneCare – perheturva;"C:\Program Files\Windows Live\Perheturva\fsssvc.exe" []
S2 ImapiServicelanmanworkstation;CD-levyjen kirjoittamisen IMAPI COM -palvelu ImapiServicelanmanworkstation;C:\WINDOWS\system32\accwizh.exe [2008-06-17 00:26]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b80-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b81-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105e-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105f-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-06-16 09:06:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-08-17 18:20:03 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 16:45:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-06-17 16:51:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-17 13:51:12
ComboFix2.txt 2008-06-17 13:07:46
ComboFix3.txt 2008-06-17 13:04:25
ComboFix4.txt 2008-06-17 12:56:49
ComboFix5.txt 2008-06-17 12:03:45
Pre-Run: 66,265,038,848 tavua vapaana
Post-Run: 66,262,880,256 tavua vapaana
236 --- E O F --- 2008-06-14 08:03:37Avaa Muistio ja kopioi/liitä viivojen välistä sisältö sinne:
___________
File::
C:\WINDOWS\system32\accwizh.exe
C:\WINDOWS\system32\acelpdecyr.sys
__________
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne. - Puuh
Fix.Fix kirjoitti:
Avaa Muistio ja kopioi/liitä viivojen välistä sisältö sinne:
___________
File::
C:\WINDOWS\system32\accwizh.exe
C:\WINDOWS\system32\acelpdecyr.sys
__________
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.Uusinta uutta tänään:
ComboFix 08-06-16.2 - Arto 2008-06-17 17:18:05.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.689 [GMT 3:00]
Running from: C:\Documents and Settings\Arto\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Arto\Työpöytä\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\WINDOWS\system32\accwizh.exe
C:\WINDOWS\system32\acelpdecyr.sys
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\accwizh.exe
C:\WINDOWS\system32\acelpdecyr.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ImapiServicelanmanworkstation
-------\Service_ImapiServicelanmanworkstation
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-17 to 2008-06-17 )))))))))))))))))
.
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Documents and Settings\Arto\Application Data\Malwarebytes
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 15:22 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-17 15:22 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 13:39 . 2008-06-17 13:39 d-------- C:\Program Files\Trend Micro
2008-06-17 00:27 . 2008-06-17 15:46 124 --a-s---- C:\WINDOWS\system32\1991136218.dat
2008-06-15 18:39 . 2008-06-15 18:39 d-------- C:\Documents and Settings\Arto\Application Data\Apple Computer
2008-06-15 18:37 . 2008-06-15 18:38 d-------- C:\Program Files\QuickTime
2008-06-15 18:37 . 2008-06-15 18:37 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Program Files\Apple Software Update
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-13 21:04 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 15:52 . 2008-06-05 00:44 d-------- C:\Documents and Settings\Arto\Application Data\.purple
2008-05-29 21:18 . 2008-05-29 21:18 244 --ah----- C:\sqmnoopt01.sqm
2008-05-29 21:18 . 2008-05-29 21:18 232 --ah----- C:\sqmdata01.sqm
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-05-22 22:06 . 2008-06-15 13:10 d-------- C:\Program Files\PartyGaming
2008-05-22 19:35 . 2008-05-22 19:35 d-------- C:\Documents and Settings\Arto\Application Data\Sports Interactive
2008-05-22 19:31 . 2008-05-22 19:31 d-------- C:\Program Files\Sports Interactive
2008-05-22 17:45 . 2008-05-22 17:45 d-------- C:\Program Files\Alwil Software
2008-05-22 15:15 . 2008-06-17 13:58 d-------- C:\Documents and Settings\Arto\Application Data\uTorrent
2008-05-19 23:21 . 2008-05-19 23:55 d-------- C:\Program Files\MagicISO
2008-05-19 22:40 . 2008-05-19 22:40 d-------- C:\Documents and Settings\Arto\Application Data\WhenU
2008-05-19 22:20 . 2008-05-19 22:20 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-19 22:13 . 2008-05-19 22:13 dr-h----- C:\Documents and Settings\Arto\Application Data\SecuROM
2008-05-19 22:13 . 2008-05-19 22:13 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Program Files\Zero G Registry
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Documents and Settings\Arto\InstallAnywhere
2008-05-19 00:11 . 2008-05-22 18:04 d-------- C:\Program Files\uTorrent
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 00:29 --------- d-----w C:\Program Files\Windows Live
2008-06-17 00:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-17 00:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 10:36 --------- d-----w C:\Documents and Settings\Arto\Application Data\Microgaming
2008-05-27 20:58 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-22 14:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\Arto\Application Data\Lavasoft
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-21 12:30 --------- d-----w C:\Program Files\Symantec
2008-05-21 12:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-21 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\Arto\Application Data\TVU Networks
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-04-23 18:55 --------- d-----w C:\Documents and Settings\Arto\Application Data\ppStream
2008-04-23 18:50 --------- d-----w C:\Program Files\Common Files\Synacast
2008-04-23 18:50 --------- d-----w C:\Documents and Settings\Arto\Application Data\PPMate
.
------- Sigcheck -------
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\system32\svchost.exe
2007-03-08 18:50 578560 90f1d04938bae133e2f4d8f7f0fa4fa0 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 21:18 577536 aeefa9d983c986e7a8d6d80ca165b93f C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-09-14 16:12 577536 44c02bc54d56ed3a685302e91396720a C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\dllcache\user32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\system32\ws2_32.dll
2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-04-20 14:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\system32\winlogon.exe
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2006-12-19 21:45 2061696 8f3bbe9045dfe4d89b24552fcba0e8b2 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 19:08 2061696 8bacc2a67078823acab7c8306f394918 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2005-03-02 21:08 2059136 1c09a92e5a1c21ca1ad367f13f9b5a9d C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 21:22 2059904 09e0237ef89c06c44b8433733060573f C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-09-14 16:08 2059136 e6cbe47b5ea01ce981e4663900f04a15 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2006-12-19 21:45 2184320 8f8898bc0cb9fd8c6b0a575367a977bd C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 19:08 2184448 7ff07a634379ee2fd2b097fd76c49bfc C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2005-03-02 21:08 2181632 ae8d156d1028fba3939609f4c39eb1f1 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 21:22 2182656 22a830ae087de7e3d72c4b1d9611bf6e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-09-14 16:08 2183296 2a8e38e78177bf83c73897511a4eecd0 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\system32\dllcache\explorer.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\system32\services.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\system32\lsass.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-17_14.06.26.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 10:59:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-17 14:20:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-17 14:20:41 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_728.dat
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"DAEMON Tools"="D:\Daemon\DAEMON Tools\daemon.exe" [2007-04-04 01:29 165784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:40 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-14 16:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 12:46 46592 C:\WINDOWS\SOUNDMAN.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07 617984]
"EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.exe" [2003-11-25 04:00 99840]
"fssui"="C:\Program Files\Windows Live\Perheturva\fssui.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A6F5090F-D9EC-4263-9D7D-2968C5179291}"= C:\WINDOWS\system32\iifebCSk.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21936:TCP"= 21936:TCP:*:Disabled:BitComet 21936 TCP
"21936:UDP"= 21936:UDP:*:Disabled:BitComet 21936 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S2 fsssvc;Windows Live OneCare – perheturva;"C:\Program Files\Windows Live\Perheturva\fsssvc.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b80-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b81-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105e-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105f-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-06-16 09:06:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-08-17 18:20:03 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 17:21:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-06-17 17:27:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-17 14:26:59
ComboFix2.txt 2008-06-17 13:51:17
ComboFix3.txt 2008-06-17 13:07:46
ComboFix4.txt 2008-06-17 13:04:25
ComboFix5.txt 2008-06-17 12:56:49
Pre-Run: 66,243,137,536 tavua vapaana
Post-Run: 66,236,088,320 tavua vapaana
219 --- E O F --- 2008-06-14 08:03:37 - Fix.Fix
Puuh kirjoitti:
Uusinta uutta tänään:
ComboFix 08-06-16.2 - Arto 2008-06-17 17:18:05.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.689 [GMT 3:00]
Running from: C:\Documents and Settings\Arto\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Arto\Työpöytä\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\WINDOWS\system32\accwizh.exe
C:\WINDOWS\system32\acelpdecyr.sys
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\accwizh.exe
C:\WINDOWS\system32\acelpdecyr.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ImapiServicelanmanworkstation
-------\Service_ImapiServicelanmanworkstation
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-17 to 2008-06-17 )))))))))))))))))
.
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Documents and Settings\Arto\Application Data\Malwarebytes
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 15:22 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-17 15:22 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 13:39 . 2008-06-17 13:39 d-------- C:\Program Files\Trend Micro
2008-06-17 00:27 . 2008-06-17 15:46 124 --a-s---- C:\WINDOWS\system32\1991136218.dat
2008-06-15 18:39 . 2008-06-15 18:39 d-------- C:\Documents and Settings\Arto\Application Data\Apple Computer
2008-06-15 18:37 . 2008-06-15 18:38 d-------- C:\Program Files\QuickTime
2008-06-15 18:37 . 2008-06-15 18:37 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Program Files\Apple Software Update
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-13 21:04 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 15:52 . 2008-06-05 00:44 d-------- C:\Documents and Settings\Arto\Application Data\.purple
2008-05-29 21:18 . 2008-05-29 21:18 244 --ah----- C:\sqmnoopt01.sqm
2008-05-29 21:18 . 2008-05-29 21:18 232 --ah----- C:\sqmdata01.sqm
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-05-22 22:06 . 2008-06-15 13:10 d-------- C:\Program Files\PartyGaming
2008-05-22 19:35 . 2008-05-22 19:35 d-------- C:\Documents and Settings\Arto\Application Data\Sports Interactive
2008-05-22 19:31 . 2008-05-22 19:31 d-------- C:\Program Files\Sports Interactive
2008-05-22 17:45 . 2008-05-22 17:45 d-------- C:\Program Files\Alwil Software
2008-05-22 15:15 . 2008-06-17 13:58 d-------- C:\Documents and Settings\Arto\Application Data\uTorrent
2008-05-19 23:21 . 2008-05-19 23:55 d-------- C:\Program Files\MagicISO
2008-05-19 22:40 . 2008-05-19 22:40 d-------- C:\Documents and Settings\Arto\Application Data\WhenU
2008-05-19 22:20 . 2008-05-19 22:20 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-19 22:13 . 2008-05-19 22:13 dr-h----- C:\Documents and Settings\Arto\Application Data\SecuROM
2008-05-19 22:13 . 2008-05-19 22:13 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Program Files\Zero G Registry
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Documents and Settings\Arto\InstallAnywhere
2008-05-19 00:11 . 2008-05-22 18:04 d-------- C:\Program Files\uTorrent
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 00:29 --------- d-----w C:\Program Files\Windows Live
2008-06-17 00:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-17 00:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 10:36 --------- d-----w C:\Documents and Settings\Arto\Application Data\Microgaming
2008-05-27 20:58 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-22 14:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\Arto\Application Data\Lavasoft
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-21 12:30 --------- d-----w C:\Program Files\Symantec
2008-05-21 12:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-21 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\Arto\Application Data\TVU Networks
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-04-23 18:55 --------- d-----w C:\Documents and Settings\Arto\Application Data\ppStream
2008-04-23 18:50 --------- d-----w C:\Program Files\Common Files\Synacast
2008-04-23 18:50 --------- d-----w C:\Documents and Settings\Arto\Application Data\PPMate
.
------- Sigcheck -------
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\system32\svchost.exe
2007-03-08 18:50 578560 90f1d04938bae133e2f4d8f7f0fa4fa0 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 21:18 577536 aeefa9d983c986e7a8d6d80ca165b93f C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-09-14 16:12 577536 44c02bc54d56ed3a685302e91396720a C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\dllcache\user32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\system32\ws2_32.dll
2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-04-20 14:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\system32\winlogon.exe
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2006-12-19 21:45 2061696 8f3bbe9045dfe4d89b24552fcba0e8b2 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 19:08 2061696 8bacc2a67078823acab7c8306f394918 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2005-03-02 21:08 2059136 1c09a92e5a1c21ca1ad367f13f9b5a9d C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 21:22 2059904 09e0237ef89c06c44b8433733060573f C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-09-14 16:08 2059136 e6cbe47b5ea01ce981e4663900f04a15 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2006-12-19 21:45 2184320 8f8898bc0cb9fd8c6b0a575367a977bd C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 19:08 2184448 7ff07a634379ee2fd2b097fd76c49bfc C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2005-03-02 21:08 2181632 ae8d156d1028fba3939609f4c39eb1f1 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 21:22 2182656 22a830ae087de7e3d72c4b1d9611bf6e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-09-14 16:08 2183296 2a8e38e78177bf83c73897511a4eecd0 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\system32\dllcache\explorer.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\system32\services.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\system32\lsass.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-17_14.06.26.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 10:59:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-17 14:20:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-17 14:20:41 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_728.dat
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"DAEMON Tools"="D:\Daemon\DAEMON Tools\daemon.exe" [2007-04-04 01:29 165784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:40 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-14 16:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 12:46 46592 C:\WINDOWS\SOUNDMAN.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07 617984]
"EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.exe" [2003-11-25 04:00 99840]
"fssui"="C:\Program Files\Windows Live\Perheturva\fssui.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A6F5090F-D9EC-4263-9D7D-2968C5179291}"= C:\WINDOWS\system32\iifebCSk.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21936:TCP"= 21936:TCP:*:Disabled:BitComet 21936 TCP
"21936:UDP"= 21936:UDP:*:Disabled:BitComet 21936 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S2 fsssvc;Windows Live OneCare – perheturva;"C:\Program Files\Windows Live\Perheturva\fsssvc.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b80-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b81-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105e-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105f-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-06-16 09:06:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-08-17 18:20:03 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 17:21:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-06-17 17:27:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-17 14:26:59
ComboFix2.txt 2008-06-17 13:51:17
ComboFix3.txt 2008-06-17 13:07:46
ComboFix4.txt 2008-06-17 13:04:25
ComboFix5.txt 2008-06-17 12:56:49
Pre-Run: 66,243,137,536 tavua vapaana
Post-Run: 66,236,088,320 tavua vapaana
219 --- E O F --- 2008-06-14 08:03:37Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:
Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.
Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.
******
Lataa SDFix by AndyManchesta
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan:
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä
Jossakin koneissa hakataan F8:sin sijasta F5:tä
• Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
• Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
• Paina Y käynnistääksesi skriptin.
• Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
• Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
• Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
• Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
• Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
• Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera. - plopaa
Fix.Fix kirjoitti:
Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:
Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.
Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.
******
Lataa SDFix by AndyManchesta
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan:
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä
Jossakin koneissa hakataan F8:sin sijasta F5:tä
• Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
• Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
• Paina Y käynnistääksesi skriptin.
• Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
• Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
• Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
• Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
• Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
• Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.SmitfraudFixillä nyt jauhettu läpi...
SmitFraudFix v2.325
Scan done at 18:03:43,82, ti 17.06.2008
Run from C:\Documents and Settings\Arto\Local Settings\Temp\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Daemon\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Arto
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Arto\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Arto\Suosikit
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: ASUSTeK/Broadcom 440x 10/100 Integrated Controller - Paketinajoituksen miniportti
DNS Server Search Order: 192.168.254.254
DNS Server Search Order: 192.168.254.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6A3A0634-71C5-4E45-A4EF-6709FD49A67F}: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6A3A0634-71C5-4E45-A4EF-6709FD49A67F}: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6A3A0634-71C5-4E45-A4EF-6709FD49A67F}: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254 192.168.254.254
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End - Uusinta
plopaa kirjoitti:
SmitfraudFixillä nyt jauhettu läpi...
SmitFraudFix v2.325
Scan done at 18:03:43,82, ti 17.06.2008
Run from C:\Documents and Settings\Arto\Local Settings\Temp\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Daemon\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Arto
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Arto\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Arto\Suosikit
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: ASUSTeK/Broadcom 440x 10/100 Integrated Controller - Paketinajoituksen miniportti
DNS Server Search Order: 192.168.254.254
DNS Server Search Order: 192.168.254.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6A3A0634-71C5-4E45-A4EF-6709FD49A67F}: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6A3A0634-71C5-4E45-A4EF-6709FD49A67F}: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6A3A0634-71C5-4E45-A4EF-6709FD49A67F}: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254 192.168.254.254
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» EndSdfixin jälkeen,en oo varma menikö nyt ihan oikein tuo homma!
[b]SDFix: Version 1.194 [/b]
Run by Arto on ti 17.06.2008 at 18:19
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\Arto\TYPYT~1\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 18:24:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060a98911]
"0019630979b0"=hex:11,10,c6,e1,bd,a8,27,d5,02,0f,eb,60,46,a9,66,ce
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Daemon\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:df,e2,70,cd,f5,3e,a6,4d,ca,12,94,da,d7,d9,c1,bc,66,55,c4,e5,f7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,0d,79,a1,74,ca,b6,af,00,55,8b,56,78,db,05,62,93,73,..
"khjeh"=hex:9c,78,29,0f,24,79,6a,b2,d2,c9,29,31,95,cd,06,76,8b,99,10,13,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:15,1a,7f,95,6e,bf,06,41,43,90,95,91,9b,6f,34,ca,3a,c5,12,8c,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:5c,73,d6,2e,15,a0,ac,19,62,c6,07,73,5b,1d,d7,ef,b0,6f,8b,63,c4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060a98911]
"0019630979b0"=hex:11,10,c6,e1,bd,a8,27,d5,02,0f,eb,60,46,a9,66,ce
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Daemon\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:df,e2,70,cd,f5,3e,a6,4d,ca,12,94,da,d7,d9,c1,bc,66,55,c4,e5,f7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,0d,79,a1,74,ca,b6,af,00,55,8b,56,78,db,05,62,93,73,..
"khjeh"=hex:9c,78,29,0f,24,79,6a,b2,d2,c9,29,31,95,cd,06,76,8b,99,10,13,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:15,1a,7f,95,6e,bf,06,41,43,90,95,91,9b,6f,34,ca,3a,c5,12,8c,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:5c,73,d6,2e,15,a0,ac,19,62,c6,07,73,5b,1d,d7,ef,b0,6f,8b,63,c4,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000049
"TracesSuccessful"=dword:00000008
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Disabled:æTorrent"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Disabled:Football Manager 2008"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Disabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Wed 15 Nov 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 23 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0045d90d3c637c74f834c75fe192b558\BIT2.tmp"
[b]Finished![/b] - Fix.Fix
Uusinta kirjoitti:
Sdfixin jälkeen,en oo varma menikö nyt ihan oikein tuo homma!
[b]SDFix: Version 1.194 [/b]
Run by Arto on ti 17.06.2008 at 18:19
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\Arto\TYPYT~1\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 18:24:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060a98911]
"0019630979b0"=hex:11,10,c6,e1,bd,a8,27,d5,02,0f,eb,60,46,a9,66,ce
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Daemon\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:df,e2,70,cd,f5,3e,a6,4d,ca,12,94,da,d7,d9,c1,bc,66,55,c4,e5,f7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,0d,79,a1,74,ca,b6,af,00,55,8b,56,78,db,05,62,93,73,..
"khjeh"=hex:9c,78,29,0f,24,79,6a,b2,d2,c9,29,31,95,cd,06,76,8b,99,10,13,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:15,1a,7f,95,6e,bf,06,41,43,90,95,91,9b,6f,34,ca,3a,c5,12,8c,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:5c,73,d6,2e,15,a0,ac,19,62,c6,07,73,5b,1d,d7,ef,b0,6f,8b,63,c4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060a98911]
"0019630979b0"=hex:11,10,c6,e1,bd,a8,27,d5,02,0f,eb,60,46,a9,66,ce
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Daemon\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:df,e2,70,cd,f5,3e,a6,4d,ca,12,94,da,d7,d9,c1,bc,66,55,c4,e5,f7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,0d,79,a1,74,ca,b6,af,00,55,8b,56,78,db,05,62,93,73,..
"khjeh"=hex:9c,78,29,0f,24,79,6a,b2,d2,c9,29,31,95,cd,06,76,8b,99,10,13,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:15,1a,7f,95,6e,bf,06,41,43,90,95,91,9b,6f,34,ca,3a,c5,12,8c,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:5c,73,d6,2e,15,a0,ac,19,62,c6,07,73,5b,1d,d7,ef,b0,6f,8b,63,c4,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000049
"TracesSuccessful"=dword:00000008
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Disabled:æTorrent"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Disabled:Football Manager 2008"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Disabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Wed 15 Nov 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 23 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0045d90d3c637c74f834c75fe192b558\BIT2.tmp"
[b]Finished![/b]scannaa hjt:n loki uusi
- taaas
Fix.Fix kirjoitti:
scannaa hjt:n loki uusi
Tässäpäs ois uusinta,näyttää että se ei lyhene millää,tiijjä sitte mikä tarkotuskaa tässä on :D
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:42, on 17.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Daemon\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Perheturva\fssui.exe" -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Daemon\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Windows Live OneCare – perheturva (fsssvc) - Unknown owner - C:\Program Files\Windows Live\Perheturva\fsssvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7326 bytes - Fix.Fix
taaas kirjoitti:
Tässäpäs ois uusinta,näyttää että se ei lyhene millää,tiijjä sitte mikä tarkotuskaa tässä on :D
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:42, on 17.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Daemon\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Perheturva\fssui.exe" -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Daemon\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Windows Live OneCare – perheturva (fsssvc) - Unknown owner - C:\Program Files\Windows Live\Perheturva\fsssvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7326 bytesVaihe 1
1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK
*****
vaihe2
aja uudelleen Malwarebytes' Anti-Malware ja laita loki
*****
vaihe3
aja uudelleen combofix laita loki - tindandaa
Fix.Fix kirjoitti:
Vaihe 1
1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK
*****
vaihe2
aja uudelleen Malwarebytes' Anti-Malware ja laita loki
*****
vaihe3
aja uudelleen combofix laita lokiAjettu on tämäkin,tulos näyttänee jo hyvältä :)
Malwarebytes' Anti-Malware 1.17
Tietokantaversio: 863
13:51:33 18.6.2008
mbam-log-6-18-2008 (13-51-33).txt
Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 79394
Kulunut aika: 19 minute(s), 0 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty) - myöskin ajettu
tindandaa kirjoitti:
Ajettu on tämäkin,tulos näyttänee jo hyvältä :)
Malwarebytes' Anti-Malware 1.17
Tietokantaversio: 863
13:51:33 18.6.2008
mbam-log-6-18-2008 (13-51-33).txt
Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 79394
Kulunut aika: 19 minute(s), 0 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)Next?
ComboFix 08-06-16.2 - Arto 2008-06-18 13:54:42.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.682 [GMT 3:00]
Running from: C:\Documents and Settings\Arto\Työpöytä\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-18 to 2008-06-18 )))))))))))))))))
.
2008-06-17 18:15 . 2008-06-17 18:15 d-------- C:\WINDOWS\ERUNT
2008-06-17 18:03 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-17 18:03 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-17 18:03 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-17 18:03 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-17 18:03 . 2008-06-15 15:28 81,920 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-17 18:03 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-17 18:03 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-17 18:03 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-17 18:03 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-17 18:03 . 2008-06-17 18:03 2,590 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Documents and Settings\Arto\Application Data\Malwarebytes
2008-06-17 15:22 . 2008-06-17 15:22 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 15:22 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-17 15:22 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 13:39 . 2008-06-17 13:39 d-------- C:\Program Files\Trend Micro
2008-06-17 00:27 . 2008-06-17 15:46 124 --a-s---- C:\WINDOWS\system32\1991136218.dat
2008-06-15 18:39 . 2008-06-15 18:39 d-------- C:\Documents and Settings\Arto\Application Data\Apple Computer
2008-06-15 18:37 . 2008-06-15 18:38 d-------- C:\Program Files\QuickTime
2008-06-15 18:37 . 2008-06-15 18:37 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Program Files\Apple Software Update
2008-06-15 18:36 . 2008-06-15 18:36 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-13 21:04 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 15:52 . 2008-06-05 00:44 d-------- C:\Documents and Settings\Arto\Application Data\.purple
2008-05-29 21:18 . 2008-05-29 21:18 244 --ah----- C:\sqmnoopt01.sqm
2008-05-29 21:18 . 2008-05-29 21:18 232 --ah----- C:\sqmdata01.sqm
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-05-22 22:06 . 2008-06-15 13:10 d-------- C:\Program Files\PartyGaming
2008-05-22 19:35 . 2008-05-22 19:35 d-------- C:\Documents and Settings\Arto\Application Data\Sports Interactive
2008-05-22 19:31 . 2008-05-22 19:31 d-------- C:\Program Files\Sports Interactive
2008-05-22 17:45 . 2008-05-22 17:45 d-------- C:\Program Files\Alwil Software
2008-05-22 15:15 . 2008-06-17 13:58 d-------- C:\Documents and Settings\Arto\Application Data\uTorrent
2008-05-19 23:21 . 2008-05-19 23:55 d-------- C:\Program Files\MagicISO
2008-05-19 22:40 . 2008-05-19 22:40 d-------- C:\Documents and Settings\Arto\Application Data\WhenU
2008-05-19 22:20 . 2008-05-19 22:20 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-19 22:13 . 2008-05-19 22:13 dr-h----- C:\Documents and Settings\Arto\Application Data\SecuROM
2008-05-19 22:13 . 2008-05-19 22:13 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Program Files\Zero G Registry
2008-05-19 22:09 . 2008-05-19 22:09 d--h----- C:\Documents and Settings\Arto\InstallAnywhere
2008-05-19 00:11 . 2008-05-22 18:04 d-------- C:\Program Files\uTorrent
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 00:29 --------- d-----w C:\Program Files\Windows Live
2008-06-17 00:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-17 00:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 10:36 --------- d-----w C:\Documents and Settings\Arto\Application Data\Microgaming
2008-05-27 20:58 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-22 14:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\Arto\Application Data\Lavasoft
2008-05-22 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-21 12:30 --------- d-----w C:\Program Files\Symantec
2008-05-21 12:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-21 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\Arto\Application Data\TVU Networks
2008-04-23 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-04-23 18:55 --------- d-----w C:\Documents and Settings\Arto\Application Data\ppStream
2008-04-23 18:50 --------- d-----w C:\Program Files\Common Files\Synacast
2008-04-23 18:50 --------- d-----w C:\Documents and Settings\Arto\Application Data\PPMate
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.
------- Sigcheck -------
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\system32\svchost.exe
2007-03-08 18:50 578560 90f1d04938bae133e2f4d8f7f0fa4fa0 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 21:18 577536 aeefa9d983c986e7a8d6d80ca165b93f C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-09-14 16:12 577536 44c02bc54d56ed3a685302e91396720a C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\system32\dllcache\user32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\system32\ws2_32.dll
2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-04-20 14:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 20:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\system32\winlogon.exe
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2006-12-19 21:45 2061696 8f3bbe9045dfe4d89b24552fcba0e8b2 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 19:08 2061696 8bacc2a67078823acab7c8306f394918 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2005-03-02 21:08 2059136 1c09a92e5a1c21ca1ad367f13f9b5a9d C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 21:22 2059904 09e0237ef89c06c44b8433733060573f C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-09-14 16:08 2059136 e6cbe47b5ea01ce981e4663900f04a15 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 19:02 2059904 9f7bc4398e9a43f533ed4d8e690b1cd6 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2006-12-19 21:45 2184320 8f8898bc0cb9fd8c6b0a575367a977bd C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 19:08 2184448 7ff07a634379ee2fd2b097fd76c49bfc C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2005-03-02 21:08 2181632 ae8d156d1028fba3939609f4c39eb1f1 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 21:22 2182656 22a830ae087de7e3d72c4b1d9611bf6e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-09-14 16:08 2183296 2a8e38e78177bf83c73897511a4eecd0 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 19:02 2182656 6a51f190523074b729702923fac865f4 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\system32\dllcache\explorer.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\system32\services.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\system32\lsass.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-17_14.06.26.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 10:59:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-18 10:31:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-17 09:36:00 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
2008-06-17 15:15:57 5,484,544 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
2008-06-17 15:15:57 208,896 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
2008-06-17 09:36:00 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
2008-06-17 15:15:46 5,484,544 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
2008-06-17 15:15:47 208,896 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
2008-06-18 10:31:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6f0.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"DAEMON Tools"="D:\Daemon\DAEMON Tools\daemon.exe" [2007-04-04 01:29 165784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:40 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-14 16:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 12:46 46592 C:\WINDOWS\SOUNDMAN.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07 617984]
"EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.exe" [2003-11-25 04:00 99840]
"fssui"="C:\Program Files\Windows Live\Perheturva\fssui.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A6F5090F-D9EC-4263-9D7D-2968C5179291}"= C:\WINDOWS\system32\iifebCSk.dll [ ]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21936:TCP"= 21936:TCP:*:Disabled:BitComet 21936 TCP
"21936:UDP"= 21936:UDP:*:Disabled:BitComet 21936 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S2 fsssvc;Windows Live OneCare – perheturva;"C:\Program Files\Windows Live\Perheturva\fsssvc.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b80-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e35b81-c34f-11dc-863b-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105e-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8939105f-c80a-11dc-8647-00e018bba379}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-16 09:06:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-08-17 18:20:03 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 13:56:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-18 13:59:34
ComboFix-quarantined-files.txt 2008-06-18 10:58:58
ComboFix2.txt 2008-06-17 14:27:04
ComboFix3.txt 2008-06-17 13:51:17
ComboFix4.txt 2008-06-17 13:07:46
ComboFix5.txt 2008-06-17 13:04:25
Pre-Run: 66,316,513,280 tavua vapaana
Post-Run: 66,327,236,608 tavua vapaana
211 --- E O F --- 2008-06-14 08:03:37 - Oho.
PPO Portti: Tietoturvahälytys!!!
Tiedoston "ComboFix.exe" lataaminen on estetty, koska se sisältää viruksen "RAT/ProcLaunch".
URL = http://subs.geekstogo.com/ComboFix.exe
http://www.fortinet.com/ve?vn=RAT/ProcLaunch - vai vai
Oho. kirjoitti:
PPO Portti: Tietoturvahälytys!!!
Tiedoston "ComboFix.exe" lataaminen on estetty, koska se sisältää viruksen "RAT/ProcLaunch".
URL = http://subs.geekstogo.com/ComboFix.exe
http://www.fortinet.com/ve?vn=RAT/ProcLaunchniinkös
- Googleta....
vai vai kirjoitti:
niinkös
Vaan PPO portti!
Palveluntarjoajan tarjoama virussuoja ja palomuuri-palvelu, joka ei ole koneella.
- Fix.Fix
tehääs vielä pikkusen
Lataa http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
OTMoveIt ja tallenna se työpöydällesi.
Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.
HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.
******
Kirjoita windowsin käynnistävalikon suorita-kenttään >>> ComboFix.exe /u OK- Pumpump
"Kirjoita windowsin käynnistävalikon suorita-kenttään >>> ComboFix.exe /u OK
- Fix.Fix
Pumpump kirjoitti:
"Kirjoita windowsin käynnistävalikon suorita-kenttään >>> ComboFix.exe /u OK
tuo combofix se tuo ComboFix.exe /u oli se komento :)
=========
otetaas vielä Malwarebytes' Anti-Malware ajo ja siintä loki
========
uusi hjt:n loki scannaten - Fix.Fix
Fix.Fix kirjoitti:
tuo combofix se tuo ComboFix.exe /u oli se komento :)
=========
otetaas vielä Malwarebytes' Anti-Malware ajo ja siintä loki
========
uusi hjt:n loki scannatenei Malwarebytes' Anti-Malware ajoo
- mmmmmm
Fix.Fix kirjoitti:
ei Malwarebytes' Anti-Malware ajoo
Tässäpä tämä!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:34:09, on 18.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Daemon\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Perheturva\fssui.exe" -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Daemon\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Windows Live OneCare – perheturva (fsssvc) - Unknown owner - C:\Program Files\Windows Live\Perheturva\fsssvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7280 bytes - Fix.Fix
mmmmmm kirjoitti:
Tässäpä tämä!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:34:09, on 18.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Daemon\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Perheturva\fssui.exe" -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Daemon\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Windows Live OneCare – perheturva (fsssvc) - Unknown owner - C:\Program Files\Windows Live\Perheturva\fsssvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7280 bytesJavan päivitys ja välimuistin tyhjennys:
1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.jpg
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:
http://java.sun.com/javase/downloads/index.jsp
Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u6
Paina Download
Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.
(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).
8. Varmista että kaikki kaksi valintaa ovat rastitettuja:
*Applications and Applets
*Trace and Log Files
Ja paina OK -nappia
9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Klikkaa OK jättääksesi Java asetusikkunasi.
************
palomuuri softa koneelle
http://keskustelu.afterdawn.com/thread_view.cfm/162275
siiten kun se on asennettu niin windowsin palomuuri pois päältä. - Shooter
Fix.Fix kirjoitti:
Javan päivitys ja välimuistin tyhjennys:
1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.jpg
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:
http://java.sun.com/javase/downloads/index.jsp
Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u6
Paina Download
Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.
(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).
8. Varmista että kaikki kaksi valintaa ovat rastitettuja:
*Applications and Applets
*Trace and Log Files
Ja paina OK -nappia
9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Klikkaa OK jättääksesi Java asetusikkunasi.
************
palomuuri softa koneelle
http://keskustelu.afterdawn.com/thread_view.cfm/162275
siiten kun se on asennettu niin windowsin palomuuri pois päältä.Nyt on palomuuri ladattuna ja kaikki tähän mennessä tehty,onko pöpö voitettu?:D
- Fix.Fix
Shooter kirjoitti:
Nyt on palomuuri ladattuna ja kaikki tähän mennessä tehty,onko pöpö voitettu?:D
kone täyteen örkkejä ;D
- Alkup...
Fix.Fix kirjoitti:
kone täyteen örkkejä ;D
Kiitoksia kauheesti avusta!Eiköhän tästä meikäläinenkin hieman viisastunu...:)
Ketjusta on poistettu 1 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Kotkalainen Demari Riku Pirinen vangittu Saksassa lapsipornosta
https://www.kymensanomat.fi/paikalliset/8081054 Kotkalainen Demari Riku Pirinen vangittu Saksassa lapsipornon hallussapi1233124Vanhalle ukon rähjälle
Satutit mua niin paljon kun erottiin. Oletko todella niin itsekäs että kuvittelet että huolisin sut kaiken tapahtuneen372486Olen tosi outo....
Päättelen palstajuttujen perusteella mitä mieltä minun kaipauksen kohde minusta on. Joskus kuvittelen tänne selkeitä tap302435Maisa on SALAKUVATTU huumepoliisinsa kanssa!
https://www.seiska.fi/vain-seiskassa/ensimmainen-yhteiskuva-maisa-torpan-ja-poliisikullan-lahiorakkaus-roihuaa/15256631112149- 1141690
Hommaatko kinkkua jouluksi?
Itse tein pakastimeen n. 3Kg:n murekkeen sienillä ja juustokuorrutuksella. Voihan se olla, että jonkun pienen, valmiin k1711398Nurmossa kuoli 2 Lasta..
Autokolarissa. Näin kertovat iltapäivälehdet juuri nyt. 22.11. Ja aina ennen Joulua näitä tulee. . .241297Aatteleppa ite!
Jos ei oltaisikaan nyt NATOssa, olisimme puolueettomana sivustakatsojia ja elelisimme tyytyväisenä rauhassa maassamme.2901234Mikko Koivu yrittää pestä mustan valkoiseksi
Ilmeisesti huomannut, että Helenan tukijoukot kasvaa kasvamistaan. Riistakamera paljasti hiljattain kylmän totuuden Mi2761218- 621077