Logiin apua tarvisi!!!

Tässä SDFix:


[b]SDFix: Version 1.207 [/b]
Run by Mikko Musakka on su 20.07.2008 at 17:30

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\MIKKOM~1\TYPYT~1\SDFix\SDFix

[b]Checking Services [/b]:

[b]Name [/b]:
sysrest.sys

[b]Path [/b]:
\??\C:\WINDOWS\system32\sysrest.sys

sysrest.sys - Deleted



Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper
Restoring Default ScreenSaver value

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\PHCGSF~1.BMP - Deleted
C:\WINDOWS\SYSTEM32\BLPHCG~1.SCR - Deleted
C:\WINDOWS\system32\2.tmp - Deleted
C:\A.tmp - Deleted
C:\WINDOWS\services.exe - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 17:41:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE"="C:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE:*:Disabled:SC3UpdaterMFC"
"C:\\Program Files\\TVU Player\\TVUPlayer.exe"="C:\\Program Files\\TVU Player\\TVUPlayer.exe:*:Enabled:TVUPlayer"
"C:\\Program Files\\Messenger\\Msmsgs.exe"="C:\\Program Files\\Messenger\\Msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Koti-Optimi DEMO\\Koti-Optimi DEMO.EXE"="C:\\Program Files\\Koti-Optimi DEMO\\Koti-Optimi DEMO.EXE:*:Enabled:FileMaker Pro Runtime"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\MIKKOM~1\TYPYT~1\SDFix\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Thu 4 May 2006 32,768 A..H. --- "C:\opinn„ytety”\~WRL0332.tmp"
Mon 8 May 2006 26,112 A..H. --- "C:\opinn„ytety”\~WRL2916.tmp"
Thu 15 Jun 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 23 Jan 2003 65,952 ..SHR --- "C:\Program Files\Autodesk\Autodesk Express Viewer\Setup.exe"
Thu 17 Aug 2006 30,208 ...H. --- "C:\Documents and Settings\Sirke Musakka\Omat tiedostot\Sirken ty”haku lomakkeet\~WRL0001.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e2cdfda265544b05233b12ad6d933aba\BIT10.tmp"
Thu 15 Jun 2006 4,348 ...H. --- "C:\Documents and Settings\Mikko Musakka\Omat tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv1key.bak"
Thu 6 Jul 2006 20 A..H. --- "C:\Documents and Settings\Mikko Musakka\Omat tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv1lic.bak"
Thu 6 Jul 2006 400 A.SH. --- "C:\Documents and Settings\Mikko Musakka\Omat tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv2key.bak"

[b]Finished![/b]

Ja tässä HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:44:40, on 20.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Launch Manager\LaunchAp.exe
C:\Launch Manager\HotkeyApp.exe
C:\Launch Manager\OSD.exe
C:\Launch Manager\OSDCtrl.exe
C:\Launch Manager\Wbutton.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Winamp\Winampa.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\hjt\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O22 - SharedTaskScheduler: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8825 bytes

Teropetteri kirjoitti:

Tässä SDFix:


[b]SDFix: Version 1.207 [/b]
Run by Mikko Musakka on su 20.07.2008 at 17:30

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\MIKKOM~1\TYPYT~1\SDFix\SDFix

[b]Checking Services [/b]:

[b]Name [/b]:
sysrest.sys

[b]Path [/b]:
\??\C:\WINDOWS\system32\sysrest.sys

sysrest.sys - Deleted



Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper
Restoring Default ScreenSaver value

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\PHCGSF~1.BMP - Deleted
C:\WINDOWS\SYSTEM32\BLPHCG~1.SCR - Deleted
C:\WINDOWS\system32\2.tmp - Deleted
C:\A.tmp - Deleted
C:\WINDOWS\services.exe - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 17:41:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE"="C:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE:*:Disabled:SC3UpdaterMFC"
"C:\\Program Files\\TVU Player\\TVUPlayer.exe"="C:\\Program Files\\TVU Player\\TVUPlayer.exe:*:Enabled:TVUPlayer"
"C:\\Program Files\\Messenger\\Msmsgs.exe"="C:\\Program Files\\Messenger\\Msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Koti-Optimi DEMO\\Koti-Optimi DEMO.EXE"="C:\\Program Files\\Koti-Optimi DEMO\\Koti-Optimi DEMO.EXE:*:Enabled:FileMaker Pro Runtime"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\MIKKOM~1\TYPYT~1\SDFix\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Thu 4 May 2006 32,768 A..H. --- "C:\opinn„ytety”\~WRL0332.tmp"
Mon 8 May 2006 26,112 A..H. --- "C:\opinn„ytety”\~WRL2916.tmp"
Thu 15 Jun 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 23 Jan 2003 65,952 ..SHR --- "C:\Program Files\Autodesk\Autodesk Express Viewer\Setup.exe"
Thu 17 Aug 2006 30,208 ...H. --- "C:\Documents and Settings\Sirke Musakka\Omat tiedostot\Sirken ty”haku lomakkeet\~WRL0001.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e2cdfda265544b05233b12ad6d933aba\BIT10.tmp"
Thu 15 Jun 2006 4,348 ...H. --- "C:\Documents and Settings\Mikko Musakka\Omat tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv1key.bak"
Thu 6 Jul 2006 20 A..H. --- "C:\Documents and Settings\Mikko Musakka\Omat tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv1lic.bak"
Thu 6 Jul 2006 400 A.SH. --- "C:\Documents and Settings\Mikko Musakka\Omat tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv2key.bak"

[b]Finished![/b]

Ja tässä HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:44:40, on 20.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Launch Manager\LaunchAp.exe
C:\Launch Manager\HotkeyApp.exe
C:\Launch Manager\OSD.exe
C:\Launch Manager\OSDCtrl.exe
C:\Launch Manager\Wbutton.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Winamp\Winampa.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\hjt\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O22 - SharedTaskScheduler: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8825 bytes

Lue lisää

SmitfraudFix

Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.

=============

scannaa hjt:llä merkkaa paina Fix checked

O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O22 - SharedTaskScheduler: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)

45665 kirjoitti:

SmitfraudFix

Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.

=============

scannaa hjt:llä merkkaa paina Fix checked

O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O22 - SharedTaskScheduler: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)

Lue lisää

Tässä Smitfraud:

SmitFraudFix v2.330

Scan done at 18:16:16,21, su 20.07.2008
Run from C:\Documents and Settings\Mikko Musakka\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Launch Manager\LaunchAp.exe
C:\Launch Manager\HotkeyApp.exe
C:\Launch Manager\OSD.exe
C:\Launch Manager\OSDCtrl.exe
C:\Launch Manager\Wbutton.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Winamp\Winampa.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikko Musakka


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikko Musakka\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MIKKOM~1\Suosikit


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Paketinajoituksen miniportti
DNS Server Search Order: 62.241.198.245
DNS Server Search Order: 62.241.198.246

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BB494F30-905E-4C21-A77E-8AECF262B140}: DhcpNameServer=62.241.198.245 62.241.198.246
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BB494F30-905E-4C21-A77E-8AECF262B140}: DhcpNameServer=62.241.198.245 62.241.198.246
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BB494F30-905E-4C21-A77E-8AECF262B140}: DhcpNameServer=62.241.198.245 62.241.198.246
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.241.198.245 62.241.198.246
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.241.198.245 62.241.198.246
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=62.241.198.245 62.241.198.246


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


Ja HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:52, on 20.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Launch Manager\LaunchAp.exe
C:\Launch Manager\HotkeyApp.exe
C:\Launch Manager\OSD.exe
C:\Launch Manager\OSDCtrl.exe
C:\Launch Manager\Wbutton.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Winamp\Winampa.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8348 bytes

Teropetteri kirjoitti:

Tässä Smitfraud:

SmitFraudFix v2.330

Scan done at 18:16:16,21, su 20.07.2008
Run from C:\Documents and Settings\Mikko Musakka\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Launch Manager\LaunchAp.exe
C:\Launch Manager\HotkeyApp.exe
C:\Launch Manager\OSD.exe
C:\Launch Manager\OSDCtrl.exe
C:\Launch Manager\Wbutton.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Winamp\Winampa.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikko Musakka


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikko Musakka\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MIKKOM~1\Suosikit


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Paketinajoituksen miniportti
DNS Server Search Order: 62.241.198.245
DNS Server Search Order: 62.241.198.246

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BB494F30-905E-4C21-A77E-8AECF262B140}: DhcpNameServer=62.241.198.245 62.241.198.246
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BB494F30-905E-4C21-A77E-8AECF262B140}: DhcpNameServer=62.241.198.245 62.241.198.246
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BB494F30-905E-4C21-A77E-8AECF262B140}: DhcpNameServer=62.241.198.245 62.241.198.246
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.241.198.245 62.241.198.246
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.241.198.245 62.241.198.246
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=62.241.198.245 62.241.198.246


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


Ja HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:52, on 20.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Launch Manager\LaunchAp.exe
C:\Launch Manager\HotkeyApp.exe
C:\Launch Manager\OSD.exe
C:\Launch Manager\OSDCtrl.exe
C:\Launch Manager\Wbutton.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Winamp\Winampa.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8348 bytes

Lue lisää

tämä ensin

Lataa Malwarebytes' Anti-Malware työpöydällesi.
http://www.besttechie.net/tools/mbam-setup.exe
•   Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
•   Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
•   Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
•   Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
•   Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
•   Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
•   Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
•   Lähetä lokin sisältö seuraavassa viestissäsi.

=========

ja tämä toisena

Lataa http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.


HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

45665 kirjoitti:

tämä ensin

Lataa Malwarebytes' Anti-Malware työpöydällesi.
http://www.besttechie.net/tools/mbam-setup.exe
•   Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
•   Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
•   Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
•   Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
•   Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
•   Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
•   Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
•   Lähetä lokin sisältö seuraavassa viestissäsi.

=========

ja tämä toisena

Lataa http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.


HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

Lue lisää

Ja tässä :

Malwarebytes' Anti-Malware 1.21
Tietokantaversio: 966
Windows 5.1.2600 Service Pack 2

20:11:47 20.7.2008
mbam-log-7-20-2008 (20-11-47).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 104075
Kulunut aika: 57 minute(s), 52 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 1
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 23
Saastuneita tiedostoja: 12

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\videoaccessactivex.Chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
C:\Program Files\rhclsfj0e76a (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
C:\System Volume Information\_restore{197AFCC0-EF41-4AEE-AAF3-1A048F3B4596}\RP476\A0042862.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{197AFCC0-EF41-4AEE-AAF3-1A048F3B4596}\RP476\A0042870.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\rhclsfj0e76a\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclsfj0e76a\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclsfj0e76a\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclsfj0e76a\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclsfj0e76a\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclsfj0e76a\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclsfj0e76a\rhclsfj0e76a.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclsfj0e76a\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\info.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
C:\mui.cmd (Trojan.Agent) -> Quarantined and deleted successfully.

Teropetteri kirjoitti:

Ja tässä :

Malwarebytes' Anti-Malware 1.21
Tietokantaversio: 966
Windows 5.1.2600 Service Pack 2

20:11:47 20.7.2008
mbam-log-7-20-2008 (20-11-47).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 104075
Kulunut aika: 57 minute(s), 52 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 1
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 23
Saastuneita tiedostoja: 12

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\videoaccessactivex.Chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
C:\Program Files\rhclsfj0e76a (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
C:\System Volume Information\_restore{197AFCC0-EF41-4AEE-AAF3-1A048F3B4596}\RP476\A0042862.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{197AFCC0-EF41-4AEE-AAF3-1A048F3B4596}\RP476\A0042870.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\rhclsfj0e76a\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclsfj0e76a\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclsfj0e76a\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclsfj0e76a\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclsfj0e76a\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclsfj0e76a\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclsfj0e76a\rhclsfj0e76a.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclsfj0e76a\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\info.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
C:\mui.cmd (Trojan.Agent) -> Quarantined and deleted successfully.

Lue lisää

1.Lataa combofix.exe työpöydällesi yhdestä, kahdesta klinkistä:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.