AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
torstai 13.11.2025 / 22:49
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > koneessa joku virus/haittaohjelma, ilmeisesti messengeristä
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
Koneessa joku virus/haittaohjelma, ilmeisesti messengeristä
  Siirry:
 
Kirjoittaja Viesti
Sivu:12>
mrjonessi
Newbie
_ 		2. kesäkuuta 2008 @ 18:32 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Nyt on kone ihan sekasin, menin avaamaan sen "sun kuva?"-meseviruksen ja nyt on kone ihan sekasin, C:n juureen tulee exejä ja avast hälyttää jatkuvasti, muttei auta yhtään. Tässä Hjt-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:49, on 2.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\BitComet\BitComet.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\WINDOWS\system32\telecms.exe
D:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] D:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] D:\WINDOWS\system32\telecms.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - d:\windows\system32\mssrv32.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5264 bytes
[ + lainaa]
mrjonessi
Newbie
_ 		2. kesäkuuta 2008 @ 22:14 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Jos joku voisi vaikka auttaa..
[ + lainaa]
Hujo
Suspended permanently
_ 		2. kesäkuuta 2008 @ 23:24 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

[ + lainaa]
Voiko tietsikka koskaan toimia?
mrjonessi
Newbie
_ 		3. kesäkuuta 2008 @ 18:26 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tässäpä tämä:

ComboFix 08-06-01.6 - Jouni Ala 2008-06-03 18:18:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.562 [GMT 3:00]
Running from: D:\Documents and Settings\Jouni Ala\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\service.exe
D:\WINDOWS\system32\mssrv32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_msupdate
-------\Service_msupdate


((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))
.

2008-06-03 18:20 . 2008-06-03 18:20 9,216 --a------ D:\WINDOWS\system32\kxhhj.exe
2008-06-03 18:13 . 2008-06-03 18:13 9,216 --a------ D:\WINDOWS\system32\gnuqjjal.exe
2008-06-03 18:05 . 2008-06-03 18:05 9,216 --a------ D:\WINDOWS\system32\cxjbzl.exe
2008-06-03 17:35 . 2008-06-03 17:35 9,216 --a------ D:\WINDOWS\system32\ltrvvlq.exe
2008-06-02 21:35 . 2008-06-03 18:18 8,176 --a------ D:\Documents and Settings\Jouni Ala\setup.exe
2008-06-02 20:23 . 2008-06-02 20:23 9,216 --a------ D:\WINDOWS\system32\fjiiywj.exe
2008-06-02 19:10 . 2008-06-02 19:10 9,216 --a------ D:\WINDOWS\system32\uoikl.exe
2008-06-02 18:58 . 2008-06-02 18:58 9,216 --a------ D:\WINDOWS\system32\krjvry.exe
2008-06-02 18:22 . 2008-06-03 18:21 71,602 --a------ D:\WINDOWS\system32\hcnwg4u.sys
2008-06-01 20:08 . 2008-06-01 20:08 <DIR> d-------- D:\Program Files\MSXML 4.0
2008-06-01 18:15 . 2008-06-01 18:15 1,355 --a------ D:\WINDOWS\imsins.BAK
2008-06-01 15:40 . 2008-06-01 15:40 <DIR> d-------- D:\VundoFix Backups
2008-06-01 15:23 . 2008-06-01 15:23 2,352 --a------ D:\WINDOWS\system32\tmp.reg
2008-06-01 15:21 . 2007-09-06 00:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe
2008-06-01 15:21 . 2006-04-27 17:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe
2008-06-01 15:21 . 2008-05-27 13:54 86,528 --a------ D:\WINDOWS\system32\VACFix.exe
2008-06-01 15:21 . 2008-05-18 21:40 82,944 --a------ D:\WINDOWS\system32\IEDFix.exe
2008-06-01 15:21 . 2008-05-18 21:40 82,944 --a------ D:\WINDOWS\system32\404Fix.exe
2008-06-01 15:21 . 2003-06-05 21:13 53,248 --a------ D:\WINDOWS\system32\Process.exe
2008-06-01 15:21 . 2004-07-31 18:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe
2008-06-01 15:21 . 2007-10-04 00:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe
2008-06-01 14:59 . 2004-03-09 01:00 1,081,616 --a------ D:\WINDOWS\system32\MSCOMCTL.OCX
2008-05-31 21:12 . 2008-05-31 21:12 43,520 --a------ D:\WINDOWS\system32\CmdLineExt03.dll
2008-05-31 18:53 . 2008-05-31 20:38 86,512 --a------ D:\Documents and Settings\Jouni Ala\setup1.exe
2008-05-31 12:00 . 2008-05-31 12:00 83,400 -r-hs---- D:\WINDOWS\winudpmgr.exe
2008-05-31 11:34 . 2008-05-31 11:34 <DIR> d-------- D:\Documents and Settings\Jouni Ala\Application Data\Ahead
2008-05-31 11:29 . 2008-05-31 11:29 <DIR> d-------- D:\Program Files\Nero
2008-05-31 11:29 . 2008-05-31 11:32 <DIR> d-------- D:\Program Files\Common Files\Ahead
2008-05-31 11:29 . 2008-05-31 11:29 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Nero
2008-05-29 22:59 . 2008-05-29 22:59 <DIR> d-------- D:\Program Files\Windows Media Connect 2
2008-05-29 22:58 . 2008-05-29 22:58 <DIR> d-------- D:\WINDOWS\system32\LogFiles
2008-05-29 22:58 . 2008-05-29 22:59 <DIR> d-------- D:\WINDOWS\system32\drivers\UMDF
2008-05-28 19:22 . 2008-05-29 17:03 56,832 -r-hs---- D:\WINDOWS\winudspm.exe
2008-05-27 18:59 . 2008-05-27 18:59 98,304 --a------ D:\WINDOWS\system32\CmdLineExt.dll
2008-05-27 18:58 . 2008-05-27 18:58 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-27 18:56 . 2008-05-27 18:56 <DIR> d-------- D:\Program Files\DAEMON Tools Lite
2008-05-27 18:54 . 2008-05-27 18:54 <DIR> d-------- D:\Documents and Settings\Jouni Ala\Application Data\DAEMON Tools
2008-05-27 18:54 . 2008-05-27 18:54 717,296 --a------ D:\WINDOWS\system32\drivers\sptd.sys
2008-05-26 20:43 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
2008-05-26 20:43 . 2007-07-30 19:19 207,736 --a------ D:\WINDOWS\system32\muweb.dll
2008-05-26 20:43 . 2007-07-30 19:19 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui
2008-05-26 16:38 . 2008-05-26 20:41 <DIR> d-------- D:\Documents and Settings\Jouni Ala\Contacts
2008-05-26 16:17 . 2008-05-26 16:32 <DIR> d-------- D:\Program Files\Windows Live
2008-05-26 16:17 . 2008-05-26 16:21 <DIR> d--hsc--- D:\Program Files\Common Files\WindowsLiveInstaller
2008-05-26 16:17 . 2008-05-26 16:17 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-24 13:13 . 2003-09-17 15:57 8,440 --a------ D:\WINDOWS\system32\drivers\LANPkt.sys
2008-05-23 17:42 . 2006-03-17 03:38 28,672 --------- D:\WINDOWS\system32\verclsid.exe
2008-05-23 16:34 . 2007-10-30 20:20 360,064 --a------ D:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL
2008-05-23 16:34 . 2007-10-30 20:20 360,064 --a--c--- D:\WINDOWS\system32\dllcache\tcpip.sys.ORIGINAL
2008-05-23 16:08 . 2008-05-23 16:08 <DIR> d-------- D:\Documents and Settings\Jouni Ala\Application Data\vlc
2008-05-23 07:47 . 2008-05-23 07:48 <DIR> d-------- D:\Documents and Settings\Jouni Ala\Application Data\fretsonfire
2008-05-22 21:41 . 2008-05-22 21:41 2,560 --a------ D:\WINDOWS\system32\bitcometres.dll
2008-05-22 21:40 . 2008-05-22 23:05 <DIR> d-------- D:\Program Files\BitComet
2008-05-22 21:15 . 2008-05-22 21:42 <DIR> d-------- D:\Documents and Settings\Jouni Ala\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 17:08 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-05-31 17:07 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-05-23 13:34 360,064 ----a-w D:\WINDOWS\system32\drivers\tcpip.sys
2008-05-23 13:08 --------- d-----w D:\Documents and Settings\Jouni Ala\Application Data\vlc
2008-05-22 17:22 315,392 ----a-w D:\WINDOWS\HideWin.exe
2008-05-22 17:22 --------- d-----w D:\Program Files\Realtek
2008-05-22 17:21 --------- d-----w D:\Program Files\DIFX
2008-05-22 17:04 --------- d-----w D:\Program Files\microsoft frontpage
2007-06-13 10:23 249,496 --sh--r D:\WINDOWS\system32\telecms.exe
.

------- Sigcheck -------

2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 D:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 15:00 359040 9f4b36614a0fc234525ba224957de55c D:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-05-23 16:34 360064 482ab7f9cd41702e8f856c11cfefb02d D:\WINDOWS\system32\dllcache\tcpip.sys
2008-05-23 16:34 360064 482ab7f9cd41702e8f856c11cfefb02d D:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"BitComet"="D:\Program Files\BitComet\BitComet.exe" [2008-03-25 09:38 2196280]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="D:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 12:39 486856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 15:00 208952]
"PHIME2002ASync"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00 455168]
"PHIME2002A"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00 455168]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 10:28 16126464 D:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"Windows UDP Control"="winudspm.exe" [2008-05-29 17:03 56832 D:\WINDOWS\winudspm.exe]
"psyspy-2.1.4 Client Server"="D:\WINDOWS\system32\telecms.exe" [2007-06-13 13:23 249496]
"Windows svchost"="service.exe" []
"NeroFilterCheck"="D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Windows UDP Control Center"="winudpmgr.exe" [2008-05-31 12:00 83400 D:\WINDOWS\winudpmgr.exe]
"RegistryMechanic"="" []
"Local Security Authority Service"="D:\WINDOWS\system32\lssas.exe" [2007-06-13 13:23 35840]
"Advanced DHTML Enable"="c:\ple.exe" [2008-06-03 18:21 24064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"psyspy-2.1.4 Client Server"="D:\WINDOWS\system32\telecms.exe" [2007-06-13 13:23 249496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\BitComet\\BitComet.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\WINDOWS\\system32\\telecms.exe"=
"C:\\ple.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27329:TCP"= 27329:TCP:BitComet 27329 TCP
"27329:UDP"= 27329:UDP:BitComet 27329 UDP

R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S2 qandr;qandr;D:\WINDOWS\system32\drivers\qandr.sys []
S3 oflpydin;oflpydin;D:\DOCUME~1\JOUNIA~1\LOCALS~1\Temp\oflpydin.sys []


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612}]
c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 18:20:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-06-03 18:22:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-03 15:21:57

Pre-Run: 14,569,308,160 bytes free
Post-Run: 16,702,857,216 bytes free

169 --- E O F --- 2008-06-01 17:08:37
[ + lainaa]
Hujo
Suspended permanently
_ 		3. kesäkuuta 2008 @ 18:48 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] D:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Lainaus:
File::
D:\WINDOWS\system32\telecms.exe
C:\WINDOWS\winudspm.exe
C:\WINDOWS\service.exe
C:\WINDOWS\winudpmgr.exe

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

==================

Lataa TÄSTÄ VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Fix Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

================

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.


[ + lainaa]
Voiko tietsikka koskaan toimia?
mrjonessi
Newbie
_ 		3. kesäkuuta 2008 @ 20:50 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tässä on combofixin logi:

ComboFix 08-06-01.6 - Jouni Ala 2008-06-03 20:47:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.625 [GMT 3:00]
Running from: D:\Documents and Settings\Jouni Ala\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Jouni Ala\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\service.exe
C:\WINDOWS\winudpmgr.exe
C:\WINDOWS\winudspm.exe
D:\WINDOWS\system32\telecms.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\system32\telecms.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))
.

2008-06-03 18:20 . 2008-06-03 18:20 9,216 --a------ D:\WINDOWS\system32\kxhhj.exe
2008-06-03 18:13 . 2008-06-03 18:13 9,216 --a------ D:\WINDOWS\system32\gnuqjjal.exe
2008-06-03 18:05 . 2008-06-03 18:05 9,216 --a------ D:\WINDOWS\system32\cxjbzl.exe
2008-06-03 17:35 . 2008-06-03 17:35 9,216 --a------ D:\WINDOWS\system32\ltrvvlq.exe
2008-06-02 21:35 . 2008-06-03 18:18 8,176 --a------ D:\Documents and Settings\Jouni Ala\setup.exe
2008-06-02 20:23 . 2008-06-02 20:23 9,216 --a------ D:\WINDOWS\system32\fjiiywj.exe
2008-06-02 19:10 . 2008-06-02 19:10 9,216 --a------ D:\WINDOWS\system32\uoikl.exe
2008-06-02 18:58 . 2008-06-02 18:58 9,216 --a------ D:\WINDOWS\system32\krjvry.exe
2008-06-02 18:22 . 2008-06-03 20:47 71,602 --a------ D:\WINDOWS\system32\hcnwg4u.sys
2008-06-01 20:08 . 2008-06-01 20:08 <DIR> d-------- D:\Program Files\MSXML 4.0
2008-06-01 18:15 . 2008-06-01 18:15 1,355 --a------ D:\WINDOWS\imsins.BAK
2008-06-01 15:40 . 2008-06-01 15:40 <DIR> d-------- D:\VundoFix Backups
2008-06-01 15:23 . 2008-06-01 15:23 2,352 --a------ D:\WINDOWS\system32\tmp.reg
2008-06-01 15:21 . 2007-09-06 00:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe
2008-06-01 15:21 . 2006-04-27 17:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe
2008-06-01 15:21 . 2008-05-27 13:54 86,528 --a------ D:\WINDOWS\system32\VACFix.exe
2008-06-01 15:21 . 2008-05-18 21:40 82,944 --a------ D:\WINDOWS\system32\IEDFix.exe
2008-06-01 15:21 . 2008-05-18 21:40 82,944 --a------ D:\WINDOWS\system32\404Fix.exe
2008-06-01 15:21 . 2003-06-05 21:13 53,248 --a------ D:\WINDOWS\system32\Process.exe
2008-06-01 15:21 . 2004-07-31 18:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe
2008-06-01 15:21 . 2007-10-04 00:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe
2008-06-01 14:59 . 2004-03-09 01:00 1,081,616 --a------ D:\WINDOWS\system32\MSCOMCTL.OCX
2008-05-31 21:12 . 2008-05-31 21:12 43,520 --a------ D:\WINDOWS\system32\CmdLineExt03.dll
2008-05-31 18:53 . 2008-05-31 20:38 86,512 --a------ D:\Documents and Settings\Jouni Ala\setup1.exe
2008-05-31 12:00 . 2008-05-31 12:00 83,400 -r-hs---- D:\WINDOWS\winudpmgr.exe
2008-05-31 11:34 . 2008-05-31 11:34 <DIR> d-------- D:\Documents and Settings\Jouni Ala\Application Data\Ahead
2008-05-31 11:29 . 2008-05-31 11:29 <DIR> d-------- D:\Program Files\Nero
2008-05-31 11:29 . 2008-05-31 11:32 <DIR> d-------- D:\Program Files\Common Files\Ahead
2008-05-31 11:29 . 2008-05-31 11:29 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Nero
2008-05-29 22:59 . 2008-05-29 22:59 <DIR> d-------- D:\Program Files\Windows Media Connect 2
2008-05-29 22:58 . 2008-05-29 22:58 <DIR> d-------- D:\WINDOWS\system32\LogFiles
2008-05-29 22:58 . 2008-05-29 22:59 <DIR> d-------- D:\WINDOWS\system32\drivers\UMDF
2008-05-28 19:22 . 2008-05-29 17:03 56,832 -r-hs---- D:\WINDOWS\winudspm.exe
2008-05-27 18:59 . 2008-05-27 18:59 98,304 --a------ D:\WINDOWS\system32\CmdLineExt.dll
2008-05-27 18:58 . 2008-05-27 18:58 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-27 18:56 . 2008-05-27 18:56 <DIR> d-------- D:\Program Files\DAEMON Tools Lite
2008-05-27 18:54 . 2008-05-27 18:54 <DIR> d-------- D:\Documents and Settings\Jouni Ala\Application Data\DAEMON Tools
2008-05-27 18:54 . 2008-05-27 18:54 717,296 --a------ D:\WINDOWS\system32\drivers\sptd.sys
2008-05-26 20:43 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
2008-05-26 20:43 . 2007-07-30 19:19 207,736 --a------ D:\WINDOWS\system32\muweb.dll
2008-05-26 20:43 . 2007-07-30 19:19 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui
2008-05-26 16:38 . 2008-05-26 20:41 <DIR> d-------- D:\Documents and Settings\Jouni Ala\Contacts
2008-05-26 16:17 . 2008-05-26 16:32 <DIR> d-------- D:\Program Files\Windows Live
2008-05-26 16:17 . 2008-05-26 16:21 <DIR> d--hsc--- D:\Program Files\Common Files\WindowsLiveInstaller
2008-05-26 16:17 . 2008-05-26 16:17 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-24 13:13 . 2003-09-17 15:57 8,440 --a------ D:\WINDOWS\system32\drivers\LANPkt.sys
2008-05-23 17:42 . 2006-03-17 03:38 28,672 --------- D:\WINDOWS\system32\verclsid.exe
2008-05-23 16:34 . 2007-10-30 20:20 360,064 --a------ D:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL
2008-05-23 16:34 . 2007-10-30 20:20 360,064 --a--c--- D:\WINDOWS\system32\dllcache\tcpip.sys.ORIGINAL
2008-05-23 16:08 . 2008-05-23 16:08 <DIR> d-------- D:\Documents and Settings\Jouni Ala\Application Data\vlc
2008-05-23 07:47 . 2008-05-23 07:48 <DIR> d-------- D:\Documents and Settings\Jouni Ala\Application Data\fretsonfire
2008-05-22 21:41 . 2008-05-22 21:41 2,560 --a------ D:\WINDOWS\system32\bitcometres.dll
2008-05-22 21:40 . 2008-05-22 23:05 <DIR> d-------- D:\Program Files\BitComet
2008-05-22 21:15 . 2008-05-22 21:42 <DIR> d-------- D:\Documents and Settings\Jouni Ala\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 17:08 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-05-31 17:07 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-05-23 13:34 360,064 ----a-w D:\WINDOWS\system32\drivers\tcpip.sys
2008-05-23 13:08 --------- d-----w D:\Documents and Settings\Jouni Ala\Application Data\vlc
2008-05-22 17:22 315,392 ----a-w D:\WINDOWS\HideWin.exe
2008-05-22 17:22 --------- d-----w D:\Program Files\Realtek
2008-05-22 17:21 --------- d-----w D:\Program Files\DIFX
2008-05-22 17:04 --------- d-----w D:\Program Files\microsoft frontpage
2008-03-27 08:12 151,583 ----a-w D:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w D:\WINDOWS\system32\win32k.sys
.

------- Sigcheck -------

2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 D:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 15:00 359040 9f4b36614a0fc234525ba224957de55c D:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-05-23 16:34 360064 482ab7f9cd41702e8f856c11cfefb02d D:\WINDOWS\system32\dllcache\tcpip.sys
2008-05-23 16:34 360064 482ab7f9cd41702e8f856c11cfefb02d D:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"BitComet"="D:\Program Files\BitComet\BitComet.exe" [2008-03-25 09:38 2196280]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="D:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 12:39 486856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 15:00 208952]
"PHIME2002ASync"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00 455168]
"PHIME2002A"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00 455168]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 10:28 16126464 D:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"NeroFilterCheck"="D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"RegistryMechanic"="" []
"Local Security Authority Service"="D:\WINDOWS\system32\lssas.exe" [2007-06-13 13:23 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"psyspy-2.1.4 Client Server"="D:\WINDOWS\system32\telecms.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\BitComet\\BitComet.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\ple.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27329:TCP"= 27329:TCP:BitComet 27329 TCP
"27329:UDP"= 27329:UDP:BitComet 27329 UDP

R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S2 qandr;qandr;D:\WINDOWS\system32\drivers\qandr.sys []
S3 oflpydin;oflpydin;D:\DOCUME~1\JOUNIA~1\LOCALS~1\Temp\oflpydin.sys []

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 20:47:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-03 20:48:31
ComboFix-quarantined-files.txt 2008-06-03 17:48:26
ComboFix2.txt 2008-06-03 15:22:01

Pre-Run: 16,693,252,096 bytes free
Post-Run: 16,679,563,264 bytes free

150 --- E O F --- 2008-06-01 17:08:37
[ + lainaa]
mrjonessi
Newbie
_ 		3. kesäkuuta 2008 @ 20:55 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tässä vundofix-logi:


VundoFix V7.0.5

Scan started at 15:40:40 1.6.2008

Listing files found while scanning....


VundoFix V7.0.5

Scan started at 20:51:30 3.6.2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

Beginning removal...


..sekä tuore hjt-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:24, on 3.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\lssas.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\BitComet\BitComet.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\ple.exe
c:\ple.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\ple.exe
c:\ple.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: BitComet ClickCapture - {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Local Security Authority Service] D:\WINDOWS\system32\lssas.exe
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] D:\WINDOWS\system32\telecms.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &d&ownload &with bitcomet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &d&ownload all video with bitcomet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &d&ownload all with bitcomet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4972 bytes
[ + lainaa]
Hujo
Suspended permanently
_ 		3. kesäkuuta 2008 @ 21:28 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Lainaus:
File::
c:\ple.exe
D:\WINDOWS\system32\lssas.exe
D:\WINDOWS\system32\telecms.exe
D:\WINDOWS\winudpmgr.exe
D:\WINDOWS\winudspm.exe
D:\WINDOWS\system32\telecms.exe
D:\WINDOWS\service.exe

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

[ + lainaa]
Voiko tietsikka koskaan toimia?
mrjonessi
Newbie
_ 		3. kesäkuuta 2008 @ 21:45 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tässä ComboFix:

ComboFix 08-06-01.6 - Jouni Ala 2008-06-03 21:43:23.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.526 [GMT 3:00]
Running from: D:\Documents and Settings\Jouni Ala\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Jouni Ala\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\ple.exe
D:\WINDOWS\service.exe
D:\WINDOWS\system32\lssas.exe
D:\WINDOWS\system32\telecms.exe
D:\WINDOWS\winudpmgr.exe
D:\WINDOWS\winudspm.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\ple.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))
.

2008-06-03 20:57 . 2008-06-03 20:57 <DIR> d-------- D:\Documents and Settings\Jouni Ala\Application Data\Malwarebytes
2008-06-03 20:57 . 2008-06-03 20:57 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-03 20:57 . 2008-05-30 01:06 34,296 --a------ D:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-03 20:57 . 2008-05-30 01:06 15,864 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-06-02 18:22 . 2008-06-03 21:44 71,602 --a------ D:\WINDOWS\system32\hcnwg4u.sys
2008-06-01 20:08 . 2008-06-01 20:08 <DIR> d-------- D:\Program Files\MSXML 4.0
2008-06-01 18:15 . 2008-06-01 18:15 1,355 --a------ D:\WINDOWS\imsins.BAK
2008-06-01 15:40 . 2008-06-01 15:40 <DIR> d-------- D:\VundoFix Backups
2008-06-01 15:23 . 2008-06-01 15:23 2,352 --a------ D:\WINDOWS\system32\tmp.reg
2008-06-01 15:21 . 2007-09-06 00:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe
2008-06-01 15:21 . 2006-04-27 17:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe
2008-06-01 15:21 . 2008-05-27 13:54 86,528 --a------ D:\WINDOWS\system32\VACFix.exe
2008-06-01 15:21 . 2008-05-18 21:40 82,944 --a------ D:\WINDOWS\system32\IEDFix.exe
2008-06-01 15:21 . 2008-05-18 21:40 82,944 --a------ D:\WINDOWS\system32\404Fix.exe
2008-06-01 15:21 . 2003-06-05 21:13 53,248 --a------ D:\WINDOWS\system32\Process.exe
2008-06-01 15:21 . 2004-07-31 18:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe
2008-06-01 15:21 . 2007-10-04 00:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe
2008-06-01 14:59 . 2004-03-09 01:00 1,081,616 --a------ D:\WINDOWS\system32\MSCOMCTL.OCX
2008-05-31 21:12 . 2008-05-31 21:12 43,520 --a------ D:\WINDOWS\system32\CmdLineExt03.dll
2008-05-31 11:34 . 2008-05-31 11:34 <DIR> d-------- D:\Documents and Settings\Jouni Ala\Application Data\Ahead
2008-05-31 11:29 . 2008-05-31 11:29 <DIR> d-------- D:\Program Files\Nero
2008-05-31 11:29 . 2008-05-31 11:32 <DIR> d-------- D:\Program Files\Common Files\Ahead
2008-05-31 11:29 . 2008-05-31 11:29 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Nero
2008-05-29 22:59 . 2008-05-29 22:59 <DIR> d-------- D:\Program Files\Windows Media Connect 2
2008-05-29 22:58 . 2008-05-29 22:58 <DIR> d-------- D:\WINDOWS\system32\LogFiles
2008-05-29 22:58 . 2008-05-29 22:59 <DIR> d-------- D:\WINDOWS\system32\drivers\UMDF
2008-05-27 18:59 . 2008-05-27 18:59 98,304 --a------ D:\WINDOWS\system32\CmdLineExt.dll
2008-05-27 18:58 . 2008-05-27 18:58 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-27 18:56 . 2008-05-27 18:56 <DIR> d-------- D:\Program Files\DAEMON Tools Lite
2008-05-27 18:54 . 2008-05-27 18:54 <DIR> d-------- D:\Documents and Settings\Jouni Ala\Application Data\DAEMON Tools
2008-05-27 18:54 . 2008-05-27 18:54 717,296 --a------ D:\WINDOWS\system32\drivers\sptd.sys
2008-05-26 20:43 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
2008-05-26 20:43 . 2007-07-30 19:19 207,736 --a------ D:\WINDOWS\system32\muweb.dll
2008-05-26 20:43 . 2007-07-30 19:19 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui
2008-05-26 16:38 . 2008-05-26 20:41 <DIR> d-------- D:\Documents and Settings\Jouni Ala\Contacts
2008-05-26 16:17 . 2008-05-26 16:32 <DIR> d-------- D:\Program Files\Windows Live
2008-05-26 16:17 . 2008-05-26 16:21 <DIR> d--hsc--- D:\Program Files\Common Files\WindowsLiveInstaller
2008-05-26 16:17 . 2008-05-26 16:17 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-24 13:13 . 2003-09-17 15:57 8,440 --a------ D:\WINDOWS\system32\drivers\LANPkt.sys
2008-05-23 17:42 . 2006-03-17 03:38 28,672 --------- D:\WINDOWS\system32\verclsid.exe
2008-05-23 16:34 . 2007-10-30 20:20 360,064 --a------ D:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL
2008-05-23 16:34 . 2007-10-30 20:20 360,064 --a--c--- D:\WINDOWS\system32\dllcache\tcpip.sys.ORIGINAL
2008-05-23 16:08 . 2008-05-23 16:08 <DIR> d-------- D:\Documents and Settings\Jouni Ala\Application Data\vlc
2008-05-23 07:47 . 2008-05-23 07:48 <DIR> d-------- D:\Documents and Settings\Jouni Ala\Application Data\fretsonfire
2008-05-22 21:41 . 2008-05-22 21:41 2,560 --a------ D:\WINDOWS\system32\bitcometres.dll
2008-05-22 21:40 . 2008-06-03 21:05 <DIR> d-------- D:\Program Files\BitComet
2008-05-22 21:15 . 2008-05-22 21:42 <DIR> d-------- D:\Documents and Settings\Jouni Ala\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 17:08 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-05-31 17:07 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-05-23 13:34 360,064 ----a-w D:\WINDOWS\system32\drivers\tcpip.sys
2008-05-23 13:08 --------- d-----w D:\Documents and Settings\Jouni Ala\Application Data\vlc
2008-05-22 17:22 315,392 ----a-w D:\WINDOWS\HideWin.exe
2008-05-22 17:22 --------- d-----w D:\Program Files\Realtek
2008-05-22 17:21 --------- d-----w D:\Program Files\DIFX
2008-05-22 17:04 --------- d-----w D:\Program Files\microsoft frontpage
2008-03-27 08:12 151,583 ----a-w D:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w D:\WINDOWS\system32\win32k.sys
.

------- Sigcheck -------

2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 D:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 15:00 359040 9f4b36614a0fc234525ba224957de55c D:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-05-23 16:34 360064 482ab7f9cd41702e8f856c11cfefb02d D:\WINDOWS\system32\dllcache\tcpip.sys
2008-05-23 16:34 360064 482ab7f9cd41702e8f856c11cfefb02d D:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-03_18.21.48.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 15:20:24 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2008-06-03 18:37:52 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2008-06-03 18:38:06 16,384 ----atw D:\WINDOWS\Temp\Perflib_Perfdata_624.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"BitComet"="D:\Program Files\BitComet\BitComet.exe" [2008-03-25 09:38 2196280]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="D:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 12:39 486856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 15:00 208952]
"PHIME2002ASync"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00 455168]
"PHIME2002A"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00 455168]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 10:28 16126464 D:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"NeroFilterCheck"="D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"RegistryMechanic"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\BitComet\\BitComet.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27329:TCP"= 27329:TCP:BitComet 27329 TCP
"27329:UDP"= 27329:UDP:BitComet 27329 UDP

R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 oflpydin;oflpydin;D:\DOCUME~1\JOUNIA~1\LOCALS~1\Temp\oflpydin.sys []

*Newly Created Service* - catchme
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 21:44:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-03 21:44:31
ComboFix-quarantined-files.txt 2008-06-03 18:44:27
ComboFix2.txt 2008-06-03 17:48:32
ComboFix3.txt 2008-06-03 15:22:01

Pre-Run: 16,688,656,384 bytes free
Post-Run: 16,676,294,656 bytes free

148 --- E O F --- 2008-06-01 17:08:37
[ + lainaa]
Hujo
Suspended permanently
_ 		3. kesäkuuta 2008 @ 21:50 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Nyt vain listaa alaspäin
[ + lainaa]
Voiko tietsikka koskaan toimia?
mrjonessi
Newbie
_ 		3. kesäkuuta 2008 @ 22:06 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Jos MalwareBytesiä meinaat niin tehty on ja tässä on loki:

Malwarebytes' Anti-Malware 1.14
Tietokantaversio: 818

21:36:02 3.6.2008
mbam-log-6-3-2008 (21-36-02).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 106950
Kulunut aika: 35 minute(s), 6 second(s)

Saastuneita muistiprosesseja: 1
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 1
Saastuneita rekisteriarvoja: 2
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 56

Saastuneita muistiprosesseja:
D:\WINDOWS\system32\lssas.exe (Trojan.Agent) -> Unloaded process successfully.

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qandr (Rootkit.Agent) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Local Security Authority Service (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\psyspy-2.1.4 Client Server (Worm.IRCBot) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
D:\WINDOWS\system32\lssas.exe (Trojan.Agent) -> Delete on reboot.
C:\emoge.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\hldtlwe.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\setup.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\stup.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\stupx.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP20\A0009633.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP20\A0009634.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP20\A0009635.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP20\A0009636.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP20\A0009637.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP20\A0009638.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP20\A0009639.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP20\A0009640.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP20\A0009641.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP21\A0009676.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP21\A0009681.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP21\A0009682.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP25\A0011693.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP25\A0011695.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP25\A0011697.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP25\A0011698.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP25\A0011699.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP27\A0012723.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP27\A0013725.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP27\A0013736.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP27\A0013744.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP27\A0013756.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP27\A0013766.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP28\A0013798.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP28\A0013835.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP28\A0013836.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jouni Ala\setup1.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\QooBox\Quarantine\D\WINDOWS\service.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\QooBox\Quarantine\D\WINDOWS\system32\telecms.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP15\A0009418.com (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP16\A0009439.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP21\A0009665.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP21\A0009675.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP23\A0009695.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP25\A0011694.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP27\A0013758.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP28\A0013781.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP28\A0013783.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{ED5926C0-369E-4C41-94D9-DEA4B92F15F8}\RP29\A0013845.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\WINDOWS\winudpmgr.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\WINDOWS\winudspm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\cxjbzl.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\fjiiywj.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\gnuqjjal.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\krjvry.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\kxhhj.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ltrvvlq.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\uoikl.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jouni Ala\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
[ + lainaa]
Hujo
Suspended permanently
_ 		3. kesäkuuta 2008 @ 22:11 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

[ + lainaa]
Voiko tietsikka koskaan toimia?
mrjonessi
Newbie
_ 		3. kesäkuuta 2008 @ 22:18 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tehty on, pitäskö hjt:tä laittaa?
[ + lainaa]
Hujo
Suspended permanently
_ 		3. kesäkuuta 2008 @ 22:29 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
laita hjt:n loki vain olikos sulla tuo Malwarebytes' Anti-Malware
enestään koneella
[ + lainaa]
Voiko tietsikka koskaan toimia?
mrjonessi
Newbie
_ 		4. kesäkuuta 2008 @ 17:28 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Ei ollu MalwareBytes' ennestään, mutta Vundofix oli. Tässä on Hjt-loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:04, on 4.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\BitComet\BitComet.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: BitComet ClickCapture - {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &d&ownload &with bitcomet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &d&ownload all video with bitcomet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &d&ownload all with bitcomet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4755 bytes
[ + lainaa]
Hujo
Suspended permanently
_ 		4. kesäkuuta 2008 @ 19:10 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Hjt:n loki kunnossa
mites kone pätkii :)
[ + lainaa]
Voiko tietsikka koskaan toimia?
Septou
Newbie
_ 		4. kesäkuuta 2008 @ 20:22 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Hei!
Samanlainen ongelma tytön koneessa. Koska näyttää olevan ammattimies asialla, voisitko vilkaista oheisia lokeja ja antaa toimintaohjeet minullekin?

Combofix:

ComboFix 08-06-03.4 - Henna 2008-06-04 19:34:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.197 [GMT 3:00]
Running from: C:\Documents and Settings\Henna\Työpöytä\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\mssrv32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE
-------\Service_msupdate


((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-05-04 to 2008-06-04 )))))))))))))))))
.

2008-06-04 14:33 . 2008-06-04 18:33 3,424 --a------ C:\is155400.exe
2008-06-04 13:58 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-04 13:58 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-06-04 13:58 . 2007-07-30 19:19 203,096 --a--c--- C:\WINDOWS\system32\dllcache\wuweb.dll
2008-06-04 00:10 . 2008-06-04 19:10 <KANSIO> d-------- C:\Documents and Settings\Henna\Application Data\F-Secure
2008-06-04 00:04 . 2008-06-04 00:10 51,072 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-06-04 00:04 . 2008-06-04 00:10 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-06-04 00:03 . 2008-06-04 00:16 <KANSIO> d-------- C:\Program Files\Elisa Tietoturvapalvelu
2008-06-04 00:03 . 2008-06-04 00:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-06-04 00:02 . 2008-06-04 00:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-06-03 22:47 . 2008-06-04 13:57 3,423 --a------ C:\WINDOWS\is154890.exe
2008-06-03 22:22 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-03 22:22 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-03 22:22 . 2008-05-27 13:54 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-03 22:22 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-03 22:22 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-03 22:22 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-03 22:22 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-03 22:21 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-03 22:11 . 2008-06-04 20:12 71,602 --a------ C:\WINDOWS\system32\hcnwg4u.sys
2008-06-03 20:19 . 2008-06-03 21:09 <KANSIO> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-06-03 20:17 . 2008-06-03 22:50 86,548 --a------ C:\ssetup.0xe
2008-06-03 14:06 . 2008-06-03 22:22 1,880 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-03 13:58 . 2008-06-03 13:58 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-03 01:00 . 2008-06-03 01:00 104,078 --a------ C:\WINDOWS\sb.0xe
2008-06-02 21:41 . 2008-06-03 15:22 96,950 --a------ C:\setup.0xe
2008-06-02 21:35 . 2008-06-04 16:03 3,424 --a------ C:\Documents and Settings\Henna\setup.exe
2008-06-02 21:27 . 2008-06-02 21:27 96,950 --a------ C:\stupx.0xe
2008-06-02 21:23 . 2008-06-03 14:13 96,950 -r-hs---- C:\WINDOWS\mservice.0xe
2008-06-02 21:23 . 2008-06-02 21:23 96,950 --a------ C:\stup.0xe
2008-06-02 19:04 . 2008-06-02 19:04 0 --a------ C:\d1.exe
2008-06-02 19:03 . 2008-06-02 19:03 2 --a------ C:\-1795943351
2008-06-02 19:02 . 2008-06-02 19:03 15,360 --a------ C:\abhwevhi.exe
2008-05-27 22:17 . 2008-05-27 22:17 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-05-27 21:24 . 2008-05-27 21:25 <KANSIO> d-------- C:\Documents and Settings\J?rjestelm?nvalvoja
2008-05-27 20:20 . 2008-05-27 20:20 56,832 -r-hs---- C:\WINDOWS\winudspm.0xe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 19:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-03 19:50 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-03 19:10 --------- d-----w C:\Program Files\PartyGaming
2008-06-03 10:54 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-06-02 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-25 19:33 --------- d-----w C:\Program Files\RevConnect
2008-04-01 18:52 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-05 13:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 13:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 13:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 12:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 12:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
.

(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 01:29 165784]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-04-20 02:17 421888]
"\VISTA\EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.exe" [2006-12-25 05:00 177664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"Windows UDP Control"="winudspm.exe" []
"Windows UDP Control Center"="winudpmgr.exe" []
"Windows svchost"="service.exe" []
"F-Secure Manager"="C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.exe" [2008-02-13 13:38 184800]
"F-Secure TNB"="C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" [2008-02-13 13:38 741800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\rserver30\\rserver3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2171:UDP"= 2171:UDP:Windows Media Format SDK (firefox.exe)
"2170:UDP"= 2170:UDP:Windows Media Format SDK (firefox.exe)

R0 fsfw;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-06-04 00:10]
R1 f-secure hips;F-Secure HIPS;C:\Program Files\Elisa Tietoturvapalvelu\HIPS\fshs.sys [2008-06-04 00:09]
R1 raddrvv3;raddrvv3;C:\WINDOWS\system32\rserver30\raddrvv3.sys [2007-10-31 15:30]
R2 RServer3;Radmin Server V3;"C:\WINDOWS\system32\rserver30\RServer3.exe" /service []
R3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);C:\WINDOWS\system32\DRIVERS\webc3vid.sys [2001-11-07 03:00]
R3 f-secure gatekeeper;F-Secure Gatekeeper;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsgk.sys [2008-02-13 13:38]
R3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 05:01]
S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-18 01:04]
S4 f-secure filter;F-Secure File System Filter;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSfilter.sys [2008-02-13 13:38]
S4 f-secure recognizer;F-Secure File System Recognizer;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSrec.sys [2008-02-13 13:38]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 20:10:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\VISTA\\EPSON Stylus Photo R220 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAIE.EXE /FU \"C:\\DOCUME~1\\Henna\\LOCALS~1\\Temp\\E_S41.tmp\" /EF \"HKCU\""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\ELISAT~1\FSGUI\fsguidll.exe
C:\Program Files\WinZip\WZQKPICK.EXE
.
**************************************************************************
.
Completion time: 2008-06-04 20:14:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-04 17:14:43

Pre-Run: 1,653,342,208 tavua vapaana
Post-Run: 1,626,771,456 tavua vapaana

155 --- E O F --- 2008-05-28 19:45:23


HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:21:10, on 4.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [\VISTA\EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\DOCUME~1\Henna\LOCALS~1\Temp\E_S41.tmp" /EF "HKCU"
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = henna
O17 - HKLM\Software\..\Telephony: DomainName = henna
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = henna
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = henna
O23 - Service: FSGKHS (f-secure gatekeeper handler starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (fsaua) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (fsdfwd) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (fsma) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4689 bytes
[ + lainaa]
Hujo
Suspended permanently
_ 		4. kesäkuuta 2008 @ 20:39 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Septou
yleensä aloitetaan oma vistiketju

====================


Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Lainaus:
File::
C:\WINDOWS\mservice.0xe
C:\WINDOWS\winudspm.0xe
C:\WINDOWS\service.exe

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

==============

scannaa hjt:llä merkkaa paina Fix checkee

O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe
O4 - HKLM\..\Run: [Windows svchost] service.exe

==============

scannaa uusi combofix ja uusi hjt:n loki


[ + lainaa]
Voiko tietsikka koskaan toimia?
mrjonessi
Newbie
_ 		4. kesäkuuta 2008 @ 20:56 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Kiitos paljon avusta, nyt ei ole mese spamminyt, avast kyllä vielä löytää epäilyttäviä tiedostoja, mutta ei ole vakavaa. Ja vielä kerran suuret kiitokset. :)
[ + lainaa]
Hujo
Suspended permanently
_ 		4. kesäkuuta 2008 @ 21:22 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Mitäs se avasti löytää?

===========

scannaa hjt:llä merkkaa paina Fix checked

O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe
O4 - HKLM\..\Run: [Windows svchost] service.exe
[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 4. kesäkuuta 2008 @ 21:23
Septou
Newbie
_ 		4. kesäkuuta 2008 @ 21:45 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Sorry,
lähetin samaan ketjuun, koska oli sama aihe. En tiennyt käytäntöä. Tässä Combofix.txt:

ComboFix 08-06-03.4 - Henna 2008-06-04 21:27:45.2 - NTFSx86
Running from: C:\Documents and Settings\Henna\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Henna\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\mservice.0xe
C:\WINDOWS\service.exe
C:\WINDOWS\winudspm.0xe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\mservice.0xe
C:\WINDOWS\winudspm.0xe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-04 to 2008-06-04 )))))))))))))))))
.

2008-06-04 20:14 . 2008-06-04 20:14 <KANSIO> d-------- C:\Documents and Settings\Jõrjestelmõnvalvoja
2008-06-04 14:33 . 2008-06-04 18:33 3,424 --a------ C:\is155400.exe
2008-06-04 13:58 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-04 13:58 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-06-04 13:58 . 2007-07-30 19:19 203,096 --a--c--- C:\WINDOWS\system32\dllcache\wuweb.dll
2008-06-04 00:10 . 2008-06-04 19:10 <KANSIO> d-------- C:\Documents and Settings\Henna\Application Data\F-Secure
2008-06-04 00:04 . 2008-06-04 00:10 51,072 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-06-04 00:04 . 2008-06-04 00:10 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-06-04 00:03 . 2008-06-04 00:16 <KANSIO> d-------- C:\Program Files\Elisa Tietoturvapalvelu
2008-06-04 00:03 . 2008-06-04 00:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-06-04 00:02 . 2008-06-04 00:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-06-03 22:47 . 2008-06-04 13:57 3,423 --a------ C:\WINDOWS\is154890.exe
2008-06-03 22:22 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-03 22:22 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-03 22:22 . 2008-05-27 13:54 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-03 22:22 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-03 22:22 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-03 22:22 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-03 22:22 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-03 22:21 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-03 22:11 . 2008-06-04 21:31 71,602 --a------ C:\WINDOWS\system32\hcnwg4u.sys
2008-06-03 20:19 . 2008-06-03 21:09 <KANSIO> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-06-03 20:17 . 2008-06-03 22:50 86,548 --a------ C:\ssetup.0xe
2008-06-03 14:06 . 2008-06-03 22:22 1,880 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-03 13:58 . 2008-06-03 13:58 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-03 01:00 . 2008-06-03 01:00 104,078 --a------ C:\WINDOWS\sb.0xe
2008-06-02 21:41 . 2008-06-03 15:22 96,950 --a------ C:\setup.0xe
2008-06-02 21:35 . 2008-06-04 16:03 3,424 --a------ C:\Documents and Settings\Henna\setup.exe
2008-06-02 21:27 . 2008-06-02 21:27 96,950 --a------ C:\stupx.0xe
2008-06-02 21:23 . 2008-06-02 21:23 96,950 --a------ C:\stup.0xe
2008-06-02 19:04 . 2008-06-02 19:04 0 --a------ C:\d1.exe
2008-06-02 19:03 . 2008-06-02 19:03 2 --a------ C:\-1795943351
2008-06-02 19:02 . 2008-06-02 19:03 15,360 --a------ C:\abhwevhi.exe
2008-05-27 22:17 . 2008-05-27 22:17 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-05-27 21:25 . 2007-05-09 00:15 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-05-27 21:25 . 2007-05-09 00:15 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-05-27 21:24 . 2007-05-08 21:26 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-05-27 21:24 . 2007-05-08 21:26 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-05-27 21:24 . 2008-05-27 21:25 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 19:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-03 19:50 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-03 19:10 --------- d-----w C:\Program Files\PartyGaming
2008-06-03 10:54 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-06-02 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-25 19:33 --------- d-----w C:\Program Files\RevConnect
2008-04-01 18:52 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-05 13:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 13:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 13:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 12:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 12:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 01:29 165784]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-04-20 02:17 421888]
"\VISTA\EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.exe" [2006-12-25 05:00 177664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"Windows UDP Control"="winudspm.exe" []
"Windows UDP Control Center"="winudpmgr.exe" []
"Windows svchost"="service.exe" []
"F-Secure Manager"="C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.exe" [2008-02-13 13:38 184800]
"F-Secure TNB"="C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" [2008-02-13 13:38 741800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-11 11:10:00 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\rserver30\\rserver3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2171:UDP"= 2171:UDP:Windows Media Format SDK (firefox.exe)
"2170:UDP"= 2170:UDP:Windows Media Format SDK (firefox.exe)

R0 fsfw;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-06-04 00:10]
R1 f-secure hips;F-Secure HIPS;C:\Program Files\Elisa Tietoturvapalvelu\HIPS\fshs.sys [2008-06-04 00:09]
R1 raddrvv3;raddrvv3;C:\WINDOWS\system32\rserver30\raddrvv3.sys [2007-10-31 15:30]
R2 RServer3;Radmin Server V3;"C:\WINDOWS\system32\rserver30\RServer3.exe" /service []
R3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);C:\WINDOWS\system32\DRIVERS\webc3vid.sys [2001-11-07 03:00]
R3 f-secure gatekeeper;F-Secure Gatekeeper;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsgk.sys [2008-02-13 13:38]
R3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 05:01]
S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-18 01:04]
S4 f-secure filter;F-Secure File System Filter;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSfilter.sys [2008-02-13 13:38]
S4 f-secure recognizer;F-Secure File System Recognizer;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSrec.sys [2008-02-13 13:38]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 21:30:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\VISTA\\EPSON Stylus Photo R220 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAIE.EXE /FU \"C:\\DOCUME~1\\Henna\\LOCALS~1\\Temp\\E_S41.tmp\" /EF \"HKCU\""
.
Completion time: 2008-06-04 21:32:42
ComboFix-quarantined-files.txt 2008-06-04 18:32:23
ComboFix2.txt 2008-06-04 17:14:53

Pre-Run: 1,609,129,984 tavua vapaana
Post-Run: 1,599,123,456 tavua vapaana

150 --- E O F --- 2008-05-28 19:45:23
[ + lainaa]
Septou
Newbie
_ 		4. kesäkuuta 2008 @ 21:55 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Ja tässä lokit uuden skannauksen jälkeen:

ComboFix 08-06-03.4 - Henna 2008-06-04 21:46:49.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.213 [GMT 3:00]
Running from: C:\Documents and Settings\Henna\Työpöytä\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-04 to 2008-06-04 )))))))))))))))))
.

2008-06-04 20:14 . 2008-06-04 20:14 <KANSIO> d-------- C:\Documents and Settings\Jõrjestelmõnvalvoja
2008-06-04 14:33 . 2008-06-04 18:33 3,424 --a------ C:\is155400.exe
2008-06-04 13:58 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-04 13:58 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-06-04 13:58 . 2007-07-30 19:19 203,096 --a--c--- C:\WINDOWS\system32\dllcache\wuweb.dll
2008-06-04 00:10 . 2008-06-04 19:10 <KANSIO> d-------- C:\Documents and Settings\Henna\Application Data\F-Secure
2008-06-04 00:04 . 2008-06-04 00:10 51,072 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-06-04 00:04 . 2008-06-04 00:10 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-06-04 00:03 . 2008-06-04 00:16 <KANSIO> d-------- C:\Program Files\Elisa Tietoturvapalvelu
2008-06-04 00:03 . 2008-06-04 00:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-06-04 00:02 . 2008-06-04 00:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-06-03 22:47 . 2008-06-04 13:57 3,423 --a------ C:\WINDOWS\is154890.exe
2008-06-03 22:22 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-03 22:22 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-03 22:22 . 2008-05-27 13:54 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-03 22:22 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-03 22:22 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-03 22:22 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-03 22:22 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-03 22:21 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-03 22:11 . 2008-06-04 21:49 71,602 --a------ C:\WINDOWS\system32\hcnwg4u.sys
2008-06-03 20:19 . 2008-06-03 21:09 <KANSIO> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-06-03 20:17 . 2008-06-03 22:50 86,548 --a------ C:\ssetup.0xe
2008-06-03 14:06 . 2008-06-03 22:22 1,880 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-03 13:58 . 2008-06-03 13:58 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-03 01:00 . 2008-06-03 01:00 104,078 --a------ C:\WINDOWS\sb.0xe
2008-06-02 21:41 . 2008-06-03 15:22 96,950 --a------ C:\setup.0xe
2008-06-02 21:35 . 2008-06-04 16:03 3,424 --a------ C:\Documents and Settings\Henna\setup.exe
2008-06-02 21:27 . 2008-06-02 21:27 96,950 --a------ C:\stupx.0xe
2008-06-02 21:23 . 2008-06-02 21:23 96,950 --a------ C:\stup.0xe
2008-06-02 19:04 . 2008-06-02 19:04 0 --a------ C:\d1.exe
2008-06-02 19:03 . 2008-06-02 19:03 2 --a------ C:\-1795943351
2008-06-02 19:02 . 2008-06-02 19:03 15,360 --a------ C:\abhwevhi.exe
2008-05-27 22:17 . 2008-05-27 22:17 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-05-27 21:25 . 2007-05-09 00:15 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-05-27 21:25 . 2007-05-09 00:15 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-05-27 21:24 . 2007-05-08 21:26 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-05-27 21:24 . 2007-05-08 21:26 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-05-27 21:24 . 2008-05-27 21:25 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 19:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-03 19:50 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-03 19:10 --------- d-----w C:\Program Files\PartyGaming
2008-06-03 10:54 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-06-02 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-25 19:33 --------- d-----w C:\Program Files\RevConnect
2008-04-01 18:52 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-05 13:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 13:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 13:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 12:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 12:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 01:29 165784]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-04-20 02:17 421888]
"\VISTA\EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.exe" [2006-12-25 05:00 177664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"F-Secure Manager"="C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.exe" [2008-02-13 13:38 184800]
"F-Secure TNB"="C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" [2008-02-13 13:38 741800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-11 11:10:00 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\rserver30\\rserver3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2171:UDP"= 2171:UDP:Windows Media Format SDK (firefox.exe)
"2170:UDP"= 2170:UDP:Windows Media Format SDK (firefox.exe)

R0 fsfw;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-06-04 00:10]
R1 f-secure hips;F-Secure HIPS;C:\Program Files\Elisa Tietoturvapalvelu\HIPS\fshs.sys [2008-06-04 00:09]
R1 raddrvv3;raddrvv3;C:\WINDOWS\system32\rserver30\raddrvv3.sys [2007-10-31 15:30]
R2 RServer3;Radmin Server V3;"C:\WINDOWS\system32\rserver30\RServer3.exe" /service []
R3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);C:\WINDOWS\system32\DRIVERS\webc3vid.sys [2001-11-07 03:00]
R3 f-secure gatekeeper;F-Secure Gatekeeper;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsgk.sys [2008-02-13 13:38]
R3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 05:01]
S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-18 01:04]
S4 f-secure filter;F-Secure File System Filter;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSfilter.sys [2008-02-13 13:38]
S4 f-secure recognizer;F-Secure File System Recognizer;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSrec.sys [2008-02-13 13:38]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 21:48:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\VISTA\\EPSON Stylus Photo R220 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAIE.EXE /FU \"C:\\DOCUME~1\\Henna\\LOCALS~1\\Temp\\E_S41.tmp\" /EF \"HKCU\""
.
Completion time: 2008-06-04 21:50:44
ComboFix-quarantined-files.txt 2008-06-04 18:50:21
ComboFix2.txt 2008-06-04 18:32:44
ComboFix3.txt 2008-06-04 17:14:53

Pre-Run: 1,607,032,832 tavua vapaana
Post-Run: 1,597,198,336 tavua vapaana

138 --- E O F --- 2008-05-28 19:45:23

_________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:51:16, on 4.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [\VISTA\EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\DOCUME~1\Henna\LOCALS~1\Temp\E_S41.tmp" /EF "HKCU"
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = henna
O17 - HKLM\Software\..\Telephony: DomainName = henna
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = henna
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = henna
O23 - Service: FSGKHS (f-secure gatekeeper handler starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (fsaua) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (fsdfwd) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (fsma) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4478 bytes
[ + lainaa]
Hujo
Suspended permanently
_ 		4. kesäkuuta 2008 @ 21:56 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Lainaus:
File::
C:\WINDOWS\service.0xe
C:\is155400.exe
C:\ssetup.0xe
C:\WINDOWS\sb.0xe
C:\setup.0xe
C:\stupx.0xe
C:\stup.0xe
C:\-1795943351

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

============

scannaa uusi hjt:n loki
[ + lainaa]
Voiko tietsikka koskaan toimia?
Septou
Newbie
_ 		4. kesäkuuta 2008 @ 22:10 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tehty työtä käskettyä. Tässä uudet lokit:

ComboFix 08-06-03.4 - Henna 2008-06-04 22:02:25.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.208 [GMT 3:00]
Running from: C:\Documents and Settings\Henna\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Henna\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\-1795943351
C:\is155400.exe
C:\setup.0xe
C:\ssetup.0xe
C:\stup.0xe
C:\stupx.0xe
C:\WINDOWS\sb.0xe
C:\WINDOWS\service.0xe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1795943351
C:\is155400.exe
C:\setup.0xe
C:\ssetup.0xe
C:\stup.0xe
C:\stupx.0xe
C:\WINDOWS\sb.0xe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-04 to 2008-06-04 )))))))))))))))))
.

2008-06-04 20:14 . 2008-06-04 20:14 <KANSIO> d-------- C:\Documents and Settings\Jõrjestelmõnvalvoja
2008-06-04 13:58 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-04 13:58 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-06-04 13:58 . 2007-07-30 19:19 203,096 --a--c--- C:\WINDOWS\system32\dllcache\wuweb.dll
2008-06-04 00:10 . 2008-06-04 19:10 <KANSIO> d-------- C:\Documents and Settings\Henna\Application Data\F-Secure
2008-06-04 00:04 . 2008-06-04 00:10 51,072 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-06-04 00:04 . 2008-06-04 00:10 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-06-04 00:03 . 2008-06-04 00:16 <KANSIO> d-------- C:\Program Files\Elisa Tietoturvapalvelu
2008-06-04 00:03 . 2008-06-04 00:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-06-04 00:02 . 2008-06-04 00:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-06-03 22:47 . 2008-06-04 13:57 3,423 --a------ C:\WINDOWS\is154890.exe
2008-06-03 22:22 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-03 22:22 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-03 22:22 . 2008-05-27 13:54 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-03 22:22 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-03 22:22 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-03 22:22 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-03 22:22 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-03 22:21 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-03 22:11 . 2008-06-04 22:04 71,602 --a------ C:\WINDOWS\system32\hcnwg4u.sys
2008-06-03 20:19 . 2008-06-03 21:09 <KANSIO> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-06-03 14:06 . 2008-06-03 22:22 1,880 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-03 13:58 . 2008-06-03 13:58 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-02 21:35 . 2008-06-04 16:03 3,424 --a------ C:\Documents and Settings\Henna\setup.exe
2008-06-02 19:04 . 2008-06-02 19:04 0 --a------ C:\d1.exe
2008-06-02 19:02 . 2008-06-02 19:03 15,360 --a------ C:\abhwevhi.exe
2008-05-27 22:17 . 2008-05-27 22:17 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-05-27 21:25 . 2007-05-09 00:15 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-05-27 21:25 . 2007-05-09 00:15 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-05-27 21:24 . 2007-05-09 00:15 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-05-27 21:24 . 2007-05-08 21:26 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-05-27 21:24 . 2007-05-08 21:26 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-05-27 21:24 . 2008-05-27 21:25 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 19:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-03 19:50 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-03 19:10 --------- d-----w C:\Program Files\PartyGaming
2008-06-03 10:54 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-06-02 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-25 19:33 --------- d-----w C:\Program Files\RevConnect
2008-04-01 18:52 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-05 13:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 13:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 13:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 12:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 12:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 01:29 165784]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-04-20 02:17 421888]
"\VISTA\EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.exe" [2006-12-25 05:00 177664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"F-Secure Manager"="C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.exe" [2008-02-13 13:38 184800]
"F-Secure TNB"="C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" [2008-02-13 13:38 741800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-11 11:10:00 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\rserver30\\rserver3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2171:UDP"= 2171:UDP:Windows Media Format SDK (firefox.exe)
"2170:UDP"= 2170:UDP:Windows Media Format SDK (firefox.exe)

R0 fsfw;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-06-04 00:10]
R1 f-secure hips;F-Secure HIPS;C:\Program Files\Elisa Tietoturvapalvelu\HIPS\fshs.sys [2008-06-04 00:09]
R1 raddrvv3;raddrvv3;C:\WINDOWS\system32\rserver30\raddrvv3.sys [2007-10-31 15:30]
R2 RServer3;Radmin Server V3;"C:\WINDOWS\system32\rserver30\RServer3.exe" /service []
R3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);C:\WINDOWS\system32\DRIVERS\webc3vid.sys [2001-11-07 03:00]
R3 f-secure gatekeeper;F-Secure Gatekeeper;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsgk.sys [2008-02-13 13:38]
R3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 05:01]
S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-18 01:04]
S4 f-secure filter;F-Secure File System Filter;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSfilter.sys [2008-02-13 13:38]
S4 f-secure recognizer;F-Secure File System Recognizer;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSrec.sys [2008-02-13 13:38]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 22:04:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\VISTA\\EPSON Stylus Photo R220 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAIE.EXE /FU \"C:\\DOCUME~1\\Henna\\LOCALS~1\\Temp\\E_S41.tmp\" /EF \"HKCU\""
.
Completion time: 2008-06-04 22:06:15
ComboFix-quarantined-files.txt 2008-06-04 19:05:49
ComboFix2.txt 2008-06-04 18:50:45
ComboFix3.txt 2008-06-04 18:32:44
ComboFix4.txt 2008-06-04 17:14:53

Pre-Run: 1,585,025,024 tavua vapaana
Post-Run: 1,575,247,872 tavua vapaana

153 --- E O F --- 2008-05-28 19:45:23

______________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:17, on 4.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [\VISTA\EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\DOCUME~1\Henna\LOCALS~1\Temp\E_S41.tmp" /EF "HKCU"
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = henna
O17 - HKLM\Software\..\Telephony: DomainName = henna
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = henna
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = henna
O23 - Service: FSGKHS (f-secure gatekeeper handler starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (fsaua) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (fsdfwd) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (fsma) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4524 bytes
[ + lainaa]
Mainos
_ 		__
 
_
Hujo
Suspended permanently
_ 		4. kesäkuuta 2008 @ 22:19 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lataa TÄSTÄ VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Fix Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

[ + lainaa]
Voiko tietsikka koskaan toimia?
 
Sivu:12>
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > koneessa joku virus/haittaohjelma, ilmeisesti messengeristä
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy