AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
torstai 13.11.2025 / 22:49
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > mesevirus+muuta+hjt logi
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
Mesevirus+muuta+hjt logi
  Siirry:
 
Kirjoittaja Viesti
Garnet
Newbie
_ 		3. kesäkuuta 2008 @ 06:15 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Minäkin menin siis tunaroimaan ja hommasin sen pahuksen messenger viruksen koneelleni muutama päivä sitten. Olen kokeillut poistaa virusta koneeltani, mutta en sitten ole varma onko vaara oikeasti hävinnyt, vähän kun näistä asioista tiedän. Olen siis aloittelija joten tällaisiin asioihin käytetyt ohjelmat on minulle lähinnä utopiaa. Muutakin roskaa koneella varmasti on sillä en todellakaan osaa vahtia konetta ja tätä käyttävät muutkin kuin minä. Mutta siis tässä logi (toivottavasti oikealla ohjelmalla). Ja vielä lyhyesti: mitä kaikkea roskaa tuolta vielä löytyy ja miten päästä niistä eroon?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:45, on 3.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Windows\mservice.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00000000-0023-0000-5400-320020040070} - http://www.storage-tasp.com/gs/gsa1435.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
[ + lainaa]
yaht
Senior Member

4 tuotearviota
_ 		3. kesäkuuta 2008 @ 10:13 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Lainaus:
File::
C:\WINDOWS\service.exe
C:\WINDOWS\winudspm.exe
C:\Windows\mservice.exe


Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)





Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*
[ + lainaa]
Hujo
Suspended permanently
_ 		3. kesäkuuta 2008 @ 12:29 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
scannaa hjt:llä merkkaa paina Fix checked

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab

Koneella vielä nortonin rääpeitä



[ + lainaa]
Voiko tietsikka koskaan toimia?
Garnet
Newbie
_ 		3. kesäkuuta 2008 @ 18:24 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
En löytänyt "O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe " riviä hjt:sta. Mutta tässä nyt kuitenkin ne lokit:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:24, on 3.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0023-0000-5400-320020040070} - http://www.storage-tasp.com/gs/gsa1435.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--


ComboFix 08-06-01.6 - NOORA 2008-06-03 17:41:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.153 [GMT 3:00]
Running from: C:\Documents and Settings\NOORA\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\NOORA\Työpöytä\CFScript.txt
* Created a new restore point

FILE ::
C:\Windows\mservice.exe
C:\WINDOWS\service.exe
C:\WINDOWS\winudspm.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\NOORA\new.txt
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\Windows\mservice.exe
C:\WINDOWS\system32\Update.exe
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://sync.avustaja.sonera.fi
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-03 to 2008-06-03 )))))))))))))))))
.

2008-06-03 05:40 . 2008-06-03 05:40 <KANSIO> dr------- C:\Documents and Settings\NetworkService\Suosikit
2008-06-03 05:33 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-06-03 05:33 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-06-03 05:33 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-06-03 05:32 . 2008-06-03 05:32 <KANSIO> d-------- C:\Program Files\Sygate
2008-06-03 05:31 . 2008-06-03 05:31 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 01:01 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-06-02 22:31 . 2008-06-02 22:31 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-06-02 21:28 . 2008-06-02 21:28 96,950 --a------ C:\stupx.exe
2008-06-02 21:23 . 2008-06-02 21:23 96,950 --a------ C:\stup.exe
2008-06-02 20:37 . 2008-06-02 20:37 <KANSIO> d-------- C:\Documents and Settings\NOORA\Application Data\Malwarebytes
2008-06-02 20:36 . 2008-06-02 20:37 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 20:36 . 2008-06-02 20:36 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-02 20:36 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-02 20:36 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-02 19:06 . 2008-06-02 19:06 2 --a------ C:\-1531052656
2008-06-02 19:04 . 2008-06-02 19:05 6,144 --a------ C:\abhwevhi.exe
2008-06-02 19:03 . 2008-06-02 19:04 5,120 --a------ C:\uucn.exe
2008-06-02 19:02 . 2008-06-02 19:03 11,264 --a------ C:\vieiiy.exe
2008-06-02 19:00 . 2008-06-02 19:00 1,024 --a------ C:\hldtlwe.exe
2008-06-02 18:36 . 2008-06-02 18:36 <KANSIO> d-------- C:\SAV32CLI
2008-06-02 18:29 . 2008-06-03 17:20 60,114 --a------ C:\bot1.exe
2008-06-02 06:27 . 2008-06-02 20:12 <KANSIO> d-------- C:\SDFix
2008-06-02 06:27 . 2008-06-02 06:27 1,438,932 --a------ C:\SDFix.exe
2008-06-02 05:14 . 2008-06-02 05:14 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-24 15:44 . 2008-05-24 15:44 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-05-16 06:04 . 2008-06-03 17:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-16 06:04 . 2008-05-16 06:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-03 17:29 . 2008-05-03 17:29 <KANSIO> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 14:20 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-06-03 14:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-06-02 03:34 --------- d-----w C:\Program Files\Webteh
2008-05-30 21:21 --------- d-----w C:\Documents and Settings\NOORA\Application Data\Skype
2008-05-30 21:02 --------- d-----w C:\Documents and Settings\NOORA\Application Data\skypePM
2008-05-29 12:09 --------- d-----w C:\Program Files\StepMania
2008-05-24 16:52 --------- d-----w C:\Program Files\Sonera Tietoturva
2008-05-24 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure
2008-05-24 16:44 --------- d-----w C:\Program Files\Symantec
2008-05-24 16:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-24 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-03 14:31 --------- d-----w C:\Program Files\Safari
2008-04-25 15:11 --------- d-----w C:\Program Files\Maxis
2008-04-13 00:38 --------- d-----w C:\Program Files\iTunes
2008-04-13 00:36 --------- d-----w C:\Program Files\iPod
2008-04-13 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-13 00:23 --------- d-----w C:\Program Files\QuickTime
2008-04-09 18:37 --------- d-----w C:\Documents and Settings\NOORA\Application Data\Uniblue
2008-04-06 17:06 --------- d-----w C:\Program Files\Winamp
2008-04-05 11:31 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-03 14:17 --------- d-----w C:\Documents and Settings\NOORA\Application Data\F-Secure
2008-02-18 18:00 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-10-22 19:45 9,367 -c--a-w C:\Program Files\INSTALL.LOG
2005-03-07 19:57 81,136 -c--a-w C:\Documents and Settings\NOORA\Application Data\GDIPFONTCACHEV1.DAT
2005-03-06 18:17 81,136 -c--a-w C:\Documents and Settings\SANNA\Application Data\GDIPFONTCACHEV1.DAT
2005-02-22 15:16 81,136 -c--a-w C:\Documents and Settings\Niinan\Application Data\GDIPFONTCACHEV1.DAT
2005-02-11 10:28 34,360 -c--a-w C:\Documents and Settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2004-03-11 11:27 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
2001-09-28 14:00 164,864 -c--a-w C:\Program Files\UNWISE.EXE
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 19:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 19:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 19:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-02 23:19 835654 C:\WINDOWS\system32\nview.dll]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-01-03 12:41 1385472]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-03-12 22:43 81920]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:31 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-10-30 13:16 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 22:39 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 22:39 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 22:39 455168]
"Sonera"="C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" [2007-08-19 11:47 197880]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"VMware hqtray"="C:\Program Files\VMware\VMware Player\hqtray.exe" [2007-10-08 09:21 55856]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-26 21:24 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

C:\Documents and Settings\Default User\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 07:11:14 27136]

C:\Documents and Settings\Default User\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 07:11:14 27136]

C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-07-07 02:20:40 233472]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-02-06 11:33:07 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashFXP\\flashfxp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20767:TCP"= 20767:TCP:BitComet 20767 TCP
"20767:UDP"= 20767:UDP:BitComet 20767 UDP

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 23:41]
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 23:41]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 aswArKrn;aswArKrn;C:\DOCUME~1\NOORA\LOCALS~1\Temp\aswArKrn.sys []
S3 dtvBDADEV;Digital TV stick USB 2.0 BDA;C:\WINDOWS\system32\Drivers\dtvbdadrv.sys [2005-07-21 20:50]
S3 dtvLOAD;Digital TV stick Firmware Loader;C:\WINDOWS\system32\DRIVERS\dtvloadp.sys [2005-07-21 20:20]
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2003-02-24 10:36]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2004-05-17 09:15]

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-30 14:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-05-03 14:29:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-03 14:30:56 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-03 14:20:11 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D8AA3B8F-2A61-48FD-875B-AB8056345360}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 17:49:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMware hqtray"="\"C:\\Program Files\\VMware\\VMware Player\\hqtray.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-06-03 17:57:35
ComboFix-quarantined-files.txt 2008-06-03 14:57:31

Pre-Run: 1,236,402,176 tavua vapaana
Post-Run: 3,101,433,856 tavua vapaana

215 --- E O F --- 2008-05-28 04:11:54
[ + lainaa]
Hujo
Suspended permanently
_ 		3. kesäkuuta 2008 @ 18:52 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Poista tuo C:\bot1.exe


Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

[ + lainaa]
Voiko tietsikka koskaan toimia?
Garnet
Newbie
_ 		3. kesäkuuta 2008 @ 21:28 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tässä Malwarebytesin loki:

Malwarebytes' Anti-Malware 1.14
Tietokantaversio: 818

21:27:04 3.6.2008
mbam-log-6-3-2008 (21-27-03).txt

Tarkistustyyppi: Täysi tarkistus (A:\|C:\|D:\|E:\|F:\|G:\|)
Tarkistetut kohteet: 214643
Kulunut aika: 1 hour(s), 57 minute(s), 2 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 19

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\bot1.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\stup.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\stupx.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\mservice.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CEF41DF-82C9-4E63-A209-CEBBD45BE4B5}\RP809\A0870623.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CEF41DF-82C9-4E63-A209-CEBBD45BE4B5}\RP809\A0870625.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CEF41DF-82C9-4E63-A209-CEBBD45BE4B5}\RP809\A0870626.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CEF41DF-82C9-4E63-A209-CEBBD45BE4B5}\RP809\A0870627.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CEF41DF-82C9-4E63-A209-CEBBD45BE4B5}\RP809\A0870628.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CEF41DF-82C9-4E63-A209-CEBBD45BE4B5}\RP809\A0870629.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CEF41DF-82C9-4E63-A209-CEBBD45BE4B5}\RP809\A0870630.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CEF41DF-82C9-4E63-A209-CEBBD45BE4B5}\RP809\A0870631.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CEF41DF-82C9-4E63-A209-CEBBD45BE4B5}\RP809\A0870633.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CEF41DF-82C9-4E63-A209-CEBBD45BE4B5}\RP809\A0870654.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CEF41DF-82C9-4E63-A209-CEBBD45BE4B5}\RP809\A0870665.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CEF41DF-82C9-4E63-A209-CEBBD45BE4B5}\RP810\A0870684.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CEF41DF-82C9-4E63-A209-CEBBD45BE4B5}\RP810\A0870708.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CEF41DF-82C9-4E63-A209-CEBBD45BE4B5}\RP812\A0870774.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CEF41DF-82C9-4E63-A209-CEBBD45BE4B5}\RP812\A0870781.exe (Backdoor.Bot) -> Quarantined and deleted successfully.


Saatiinhan kaikki poistettua?
[ + lainaa]
Hujo
Suspended permanently
_ 		3. kesäkuuta 2008 @ 21:43 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

[ + lainaa]
Voiko tietsikka koskaan toimia?
Garnet
Newbie
_ 		4. kesäkuuta 2008 @ 06:23 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tehty. Ja nyt on sitten ok?
[ + lainaa]
Hujo
Suspended permanently
_ 		4. kesäkuuta 2008 @ 19:58 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Lainaus:
File::
C:\bot1.exe

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

[ + lainaa]
Voiko tietsikka koskaan toimia?
Garnet
Newbie
_ 		5. kesäkuuta 2008 @ 18:45 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tässä on Combofixin logi:


ComboFix 08-06-01.6 - NOORA 2008-06-05 18:29:34.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.228 [GMT 3:00]
Running from: C:\Documents and Settings\NOORA\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\NOORA\Työpöytä\CFScript.txt
* Created a new restore point

FILE ::
C:\bot1.exe
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-05 to 2008-06-03 )))))))))))))))))
.

2008-06-03 05:40 . 2008-06-03 05:40 <KANSIO> dr------- C:\Documents and Settings\NetworkService\Suosikit
2008-06-03 05:33 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-06-03 05:33 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-06-03 05:33 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-06-03 05:32 . 2008-06-03 05:32 <KANSIO> d-------- C:\Program Files\Sygate
2008-06-03 05:31 . 2008-06-03 05:31 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 01:01 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-06-02 22:31 . 2008-06-02 22:31 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-06-02 20:37 . 2008-06-02 20:37 <KANSIO> d-------- C:\Documents and Settings\NOORA\Application Data\Malwarebytes
2008-06-02 20:36 . 2008-06-03 19:15 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 20:36 . 2008-06-02 20:36 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-02 20:36 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-02 20:36 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-02 19:06 . 2008-06-02 19:06 2 --a------ C:\-1531052656
2008-06-02 19:04 . 2008-06-02 19:05 6,144 --a------ C:\abhwevhi.exe
2008-06-02 19:03 . 2008-06-02 19:04 5,120 --a------ C:\uucn.exe
2008-06-02 19:02 . 2008-06-02 19:03 11,264 --a------ C:\vieiiy.exe
2008-06-02 19:00 . 2008-06-02 19:00 1,024 --a------ C:\hldtlwe.exe
2008-06-02 18:36 . 2008-06-02 18:36 <KANSIO> d-------- C:\SAV32CLI
2008-06-02 06:27 . 2008-06-02 20:12 <KANSIO> d-------- C:\SDFix
2008-06-02 06:27 . 2008-06-02 06:27 1,438,932 --a------ C:\SDFix.exe
2008-06-02 05:14 . 2008-06-02 05:14 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-24 15:44 . 2008-05-24 15:44 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-05-16 06:04 . 2008-06-05 11:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-16 06:04 . 2008-05-16 06:04 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 10:47 --------- d-----w C:\Program Files\StepMania
2008-06-05 08:15 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-06-05 08:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-06-02 03:34 --------- d-----w C:\Program Files\Webteh
2008-05-30 21:21 --------- d-----w C:\Documents and Settings\NOORA\Application Data\Skype
2008-05-30 21:02 --------- d-----w C:\Documents and Settings\NOORA\Application Data\skypePM
2008-05-24 16:52 --------- d-----w C:\Program Files\Sonera Tietoturva
2008-05-24 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure
2008-05-24 16:44 --------- d-----w C:\Program Files\Symantec
2008-05-24 16:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-24 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-03 14:31 --------- d-----w C:\Program Files\Safari
2008-05-03 14:29 --------- d-----w C:\Program Files\Apple Software Update
2008-04-25 15:11 --------- d-----w C:\Program Files\Maxis
2008-04-13 00:38 --------- d-----w C:\Program Files\iTunes
2008-04-13 00:36 --------- d-----w C:\Program Files\iPod
2008-04-13 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-13 00:23 --------- d-----w C:\Program Files\QuickTime
2008-04-09 18:37 --------- d-----w C:\Documents and Settings\NOORA\Application Data\Uniblue
2008-04-06 17:06 --------- d-----w C:\Program Files\Winamp
2008-04-05 11:31 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-18 18:00 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-10-22 19:45 9,367 -c--a-w C:\Program Files\INSTALL.LOG
2005-03-07 19:57 81,136 -c--a-w C:\Documents and Settings\NOORA\Application Data\GDIPFONTCACHEV1.DAT
2005-03-06 18:17 81,136 -c--a-w C:\Documents and Settings\SANNA\Application Data\GDIPFONTCACHEV1.DAT
2005-02-22 15:16 81,136 -c--a-w C:\Documents and Settings\Niinan\Application Data\GDIPFONTCACHEV1.DAT
2005-02-11 10:28 34,360 -c--a-w C:\Documents and Settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2004-03-11 11:27 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
2001-09-28 14:00 164,864 -c--a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2008-06-03_17.57.17,57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 14:18:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 08:13:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 08:15:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_40c.dat
+ 2008-06-05 08:13:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_78c.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 19:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 19:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 19:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-02 23:19 835654 C:\WINDOWS\system32\nview.dll]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-01-03 12:41 1385472]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-03-12 22:43 81920]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:31 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-10-30 13:16 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 22:39 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 22:39 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 22:39 455168]
"Sonera"="C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" [2007-08-19 11:47 197880]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"VMware hqtray"="C:\Program Files\VMware\VMware Player\hqtray.exe" [2007-10-08 09:21 55856]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-26 21:24 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

C:\Documents and Settings\Default User\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 07:11:14 27136]

C:\Documents and Settings\Default User\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 07:11:14 27136]

C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-07-07 02:20:40 233472]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-02-06 11:33:07 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashFXP\\flashfxp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20767:TCP"= 20767:TCP:BitComet 20767 TCP
"20767:UDP"= 20767:UDP:BitComet 20767 UDP

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 23:41]
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 23:41]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 aswArKrn;aswArKrn;C:\DOCUME~1\NOORA\LOCALS~1\Temp\aswArKrn.sys []
S3 dtvBDADEV;Digital TV stick USB 2.0 BDA;C:\WINDOWS\system32\Drivers\dtvbdadrv.sys [2005-07-21 20:50]
S3 dtvLOAD;Digital TV stick Firmware Loader;C:\WINDOWS\system32\DRIVERS\dtvloadp.sys [2005-07-21 20:20]
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2003-02-24 10:36]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2004-05-17 09:15]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-30 14:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-05-03 14:29:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-05 15:31:39 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-05 08:23:07 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D8AA3B8F-2A61-48FD-875B-AB8056345360}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 18:35:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMware hqtray"="\"C:\\Program Files\\VMware\\VMware Player\\hqtray.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-06-05 18:40:39
ComboFix-quarantined-files.txt 2008-06-05 15:39:48
ComboFix2.txt 2008-06-03 14:57:36

Pre-Run: 4,086,841,344 tavua vapaana
Post-Run: 4,348,440,576 tavua vapaana

220 --- E O F --- 2008-05-28 04:11:54
[ + lainaa]
Hujo
Suspended permanently
_ 		5. kesäkuuta 2008 @ 19:34 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Poista lisää poista sovelutuksesta

AdVantage

*****

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Lainaus:
File::
C:\-1531052656
C:\abhwevhi.exe
C:\uucn.exe
C:\vieiiy.exe
C:\hldtlwe.exe

Folder::
C:\SDFix
C:\SDFix.exe

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.


[ + lainaa]
Voiko tietsikka koskaan toimia?
Garnet
Newbie
_ 		6. kesäkuuta 2008 @ 07:23 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tässä taas uusi logi:

ComboFix 08-06-01.6 - NOORA 2008-06-06 6:59:46.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.186 [GMT 3:00]
Running from: C:\Documents and Settings\NOORA\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\NOORA\Työpöytä\CFScript.txt
* Created a new restore point

FILE ::
C:\-1531052656
C:\abhwevhi.exe
C:\hldtlwe.exe
C:\uucn.exe
C:\vieiiy.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1531052656
C:\abhwevhi.exe
C:\f.exe
C:\hldtlwe.exe
C:\SDFix
C:\SDFix.exe\
C:\SDFix\a2cmd.exe
C:\SDFix\a2cmd.zip
C:\SDFix\a2cmd_readme.txt
C:\SDFix\a2framework.dll
C:\SDFix\a2heur.dat
C:\SDFix\a2service.exe
C:\SDFix\a2update.dll
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\HPFix8.reg
C:\SDFix\apps\HPFix9.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\asquared_Report.txt
C:\SDFix\cabinet.dll
C:\SDFix\catchme.exe
C:\SDFix\dummy.sys
C:\SDFix\engine.dll
C:\SDFix\IDE\adcli-et.ide
C:\SDFix\IDE\agen-glt.ide
C:\SDFix\IDE\agen-gmy.ide
C:\SDFix\IDE\agen-gpc.ide
C:\SDFix\IDE\agen-gph.ide
C:\SDFix\IDE\agen-gpp.ide
C:\SDFix\IDE\agen-gpr.ide
C:\SDFix\IDE\agen-gpv.ide
C:\SDFix\IDE\agen-gpx.ide
C:\SDFix\IDE\agen-gpz.ide
C:\SDFix\IDE\agen-gqo.ide
C:\SDFix\IDE\agen-gqv.ide
C:\SDFix\IDE\agen-grd.ide
C:\SDFix\IDE\agen-gre.ide
C:\SDFix\IDE\agen-grg.ide
C:\SDFix\IDE\agen-gri.ide
C:\SDFix\IDE\agen-grj.ide
C:\SDFix\IDE\agen-grk.ide
C:\SDFix\IDE\agen-grl.ide
C:\SDFix\IDE\agen-grq.ide
C:\SDFix\IDE\agen-grr.ide
C:\SDFix\IDE\agen-grt.ide
C:\SDFix\IDE\agen-gsb.ide
C:\SDFix\IDE\agen-gsh.ide
C:\SDFix\IDE\agen-gsj.ide
C:\SDFix\IDE\agen-gst.ide
C:\SDFix\IDE\agen-gsv.ide
C:\SDFix\IDE\agen-gtb.ide
C:\SDFix\IDE\agen-gti.ide
C:\SDFix\IDE\agen-gtr.ide
C:\SDFix\IDE\agen-gum.ide
C:\SDFix\IDE\agen-guo.ide
C:\SDFix\IDE\agen-gup.ide
C:\SDFix\IDE\agen-gus.ide
C:\SDFix\IDE\agen-guu.ide
C:\SDFix\IDE\agen-guv.ide
C:\SDFix\IDE\agen-gwa.ide
C:\SDFix\IDE\agen-gvf.ide
C:\SDFix\IDE\agen-gvk.ide
C:\SDFix\IDE\agen-gvl.ide
C:\SDFix\IDE\agen-gvw.ide
C:\SDFix\IDE\agen-gvx.ide
C:\SDFix\IDE\agen-gxf.ide
C:\SDFix\IDE\agen-gxg.ide
C:\SDFix\IDE\agen-gxq.ide
C:\SDFix\IDE\agen-gxz.ide
C:\SDFix\IDE\agen-gyd.ide
C:\SDFix\IDE\agen-gys.ide
C:\SDFix\IDE\agen-gyt.ide
C:\SDFix\IDE\agen-gyy.ide
C:\SDFix\IDE\agen-gzj.ide
C:\SDFix\IDE\agen-gzq.ide
C:\SDFix\IDE\agen-gzv.ide
C:\SDFix\IDE\agen-had.ide
C:\SDFix\IDE\agen-han.ide
C:\SDFix\IDE\agen-har.ide
C:\SDFix\IDE\agent-e.ide
C:\SDFix\IDE\alimik-a.ide
C:\SDFix\IDE\alman-e.ide
C:\SDFix\IDE\ambler-e.ide
C:\SDFix\IDE\angel-c.ide
C:\SDFix\IDE\anpir-a.ide
C:\SDFix\IDE\anuir-a.ide
C:\SDFix\IDE\aspshe-a.ide
C:\SDFix\IDE\autoin-j.ide
C:\SDFix\IDE\autoin-k.ide
C:\SDFix\IDE\autoit-h.ide
C:\SDFix\IDE\autom-d.ide
C:\SDFix\IDE\autome-a.ide
C:\SDFix\IDE\autor-bc.ide
C:\SDFix\IDE\autor-bd.ide
C:\SDFix\IDE\autor-be.ide
C:\SDFix\IDE\autor-bg.ide
C:\SDFix\IDE\autor-bk.ide
C:\SDFix\IDE\autor-bo.ide
C:\SDFix\IDE\autor-bp.ide
C:\SDFix\IDE\autor-by.ide
C:\SDFix\IDE\autor-bz.ide
C:\SDFix\IDE\autor-ca.ide
C:\SDFix\IDE\autor-cd.ide
C:\SDFix\IDE\autor-ce.ide
C:\SDFix\IDE\autor-ch.ide
C:\SDFix\IDE\autor-cn.ide
C:\SDFix\IDE\autor-cw.ide
C:\SDFix\IDE\autor-cx.ide
C:\SDFix\IDE\autor-cz.ide
C:\SDFix\IDE\autor-de.ide
C:\SDFix\IDE\autor-dg.ide
C:\SDFix\IDE\autor-dh.ide
C:\SDFix\IDE\autor-di.ide
C:\SDFix\IDE\autor-dj.ide
C:\SDFix\IDE\autor-dk.ide
C:\SDFix\IDE\autor-dl.ide
C:\SDFix\IDE\autor-do.ide
C:\SDFix\IDE\autor-dw.ide
C:\SDFix\IDE\autor-dy.ide
C:\SDFix\IDE\autor-ea.ide
C:\SDFix\IDE\autor-eb.ide
C:\SDFix\IDE\autor-ee.ide
C:\SDFix\IDE\autor-eg.ide
C:\SDFix\IDE\autor-eh.ide
C:\SDFix\IDE\autor-ei.ide
C:\SDFix\IDE\autor-ek.ide
C:\SDFix\IDE\autor-en.ide
C:\SDFix\IDE\autor-eo.ide
C:\SDFix\IDE\backdr-s.ide
C:\SDFix\IDE\badmid-a.ide
C:\SDFix\IDE\badsrc-a.ide
C:\SDFix\IDE\bagle-tm.ide
C:\SDFix\IDE\bagle-tq.ide
C:\SDFix\IDE\bagle-tr.ide
C:\SDFix\IDE\bagle-ts.ide
C:\SDFix\IDE\bagle-tt.ide
C:\SDFix\IDE\bagz-j.ide
C:\SDFix\IDE\bakave-a.ide
C:\SDFix\IDE\baload-a.ide
C:\SDFix\IDE\banc-bdy.ide
C:\SDFix\IDE\banc-beb.ide
C:\SDFix\IDE\banhos-i.ide
C:\SDFix\IDE\banhos-n.ide
C:\SDFix\IDE\bank-c.ide
C:\SDFix\IDE\bank-ekz.ide
C:\SDFix\IDE\bank-ele.ide
C:\SDFix\IDE\bank-elf.ide
C:\SDFix\IDE\bank-eli.ide
C:\SDFix\IDE\bank-elo.ide
C:\SDFix\IDE\bankd-dg.ide
C:\SDFix\IDE\banlo-b.ide
C:\SDFix\IDE\banlo-ex.ide
C:\SDFix\IDE\banlo-fb.ide
C:\SDFix\IDE\banlo-fe.ide
C:\SDFix\IDE\banlo-fh.ide
C:\SDFix\IDE\banspy-e.ide
C:\SDFix\IDE\banspy-f.ide
C:\SDFix\IDE\batsec-a.ide
C:\SDFix\IDE\bckd-qlw.ide
C:\SDFix\IDE\bckd-qly.ide
C:\SDFix\IDE\bckd-qmd.ide
C:\SDFix\IDE\bckd-qme.ide
C:\SDFix\IDE\bckd-qmk.ide
C:\SDFix\IDE\bckd-qml.ide
C:\SDFix\IDE\bckd-qmo.ide
C:\SDFix\IDE\bckd-qmu.ide
C:\SDFix\IDE\bckd-qmv.ide
C:\SDFix\IDE\bckd-qnf.ide
C:\SDFix\IDE\bckd-qnh.ide
C:\SDFix\IDE\bckd-qnp.ide
C:\SDFix\IDE\bckd-qnq.ide
C:\SDFix\IDE\bdoo-ajn.ide
C:\SDFix\IDE\bdoo-alb.ide
C:\SDFix\IDE\bho-ez.ide
C:\SDFix\IDE\bho-ff.ide
C:\SDFix\IDE\bifro-vn.ide
C:\SDFix\IDE\bifro-vq.ide
C:\SDFix\IDE\bifro-vt.ide
C:\SDFix\IDE\bifro-vu.ide
C:\SDFix\IDE\bifros-j.ide
C:\SDFix\IDE\bizv-zla.ide
C:\SDFix\IDE\bkdoor-j.ide
C:\SDFix\IDE\bobax-eh.ide
C:\SDFix\IDE\boost-a.ide
C:\SDFix\IDE\braban-h.ide
C:\SDFix\IDE\bront-ds.ide
C:\SDFix\IDE\bront-dt.ide
C:\SDFix\IDE\bront-du.ide
C:\SDFix\IDE\bronto-x.ide
C:\SDFix\IDE\buzus-a.ide
C:\SDFix\IDE\cabat-d.ide
C:\SDFix\IDE\calif-a.ide
C:\SDFix\IDE\cashgr-u.ide
C:\SDFix\IDE\cblade-h.ide
C:\SDFix\IDE\cheuko-d.ide
C:\SDFix\IDE\chir-b.ide
C:\SDFix\IDE\chmdro-b.ide
C:\SDFix\IDE\cimuz-cv.ide
C:\SDFix\IDE\clagg-be.ide
C:\SDFix\IDE\click-es.ide
C:\SDFix\IDE\click-eu.ide
C:\SDFix\IDE\codeba-a.ide
C:\SDFix\IDE\conho-am.ide
C:\SDFix\IDE\corefl-m.ide
C:\SDFix\IDE\crypdr-a.ide
C:\SDFix\IDE\cyberl-a.ide
C:\SDFix\IDE\danmec-y.ide
C:\SDFix\IDE\daymay-a.ide
C:\SDFix\IDE\defusx-a.ide
C:\SDFix\IDE\delf-fad.ide
C:\SDFix\IDE\delf-fah.ide
C:\SDFix\IDE\deltre-x.ide
C:\SDFix\IDE\detna-ad.ide
C:\SDFix\IDE\dloa-bim.ide
C:\SDFix\IDE\dloa-bio.ide
C:\SDFix\IDE\dloa-biz.ide
C:\SDFix\IDE\dloa-bjc.ide
C:\SDFix\IDE\dloa-bjk.ide
C:\SDFix\IDE\dloa-bjm.ide
C:\SDFix\IDE\dloa-bjo.ide
C:\SDFix\IDE\dloa-bkf.ide
C:\SDFix\IDE\dloa-bla.ide
C:\SDFix\IDE\dloa-bli.ide
C:\SDFix\IDE\dloa-blt.ide
C:\SDFix\IDE\dloa-blu.ide
C:\SDFix\IDE\dloa-blx.ide
C:\SDFix\IDE\dloa-bmd.ide
C:\SDFix\IDE\dload-bl.ide
C:\SDFix\IDE\dload-br.ide
C:\SDFix\IDE\dload-bu.ide
C:\SDFix\IDE\dnsch-mg.ide
C:\SDFix\IDE\dnsch-mh.ide
C:\SDFix\IDE\dorf-aw.ide
C:\SDFix\IDE\dorf-ba.ide
C:\SDFix\IDE\dorf-bc.ide
C:\SDFix\IDE\dorf-bd.ide
C:\SDFix\IDE\dorf-be.ide
C:\SDFix\IDE\dorf-bg.ide
C:\SDFix\IDE\dorf-bl.ide
C:\SDFix\IDE\dorfht-c.ide
C:\SDFix\IDE\dowadv-c.ide
C:\SDFix\IDE\downld-p.ide
C:\SDFix\IDE\downld-t.ide
C:\SDFix\IDE\downld-y.ide
C:\SDFix\IDE\downld-z.ide
C:\SDFix\IDE\dref-b.ide
C:\SDFix\IDE\drop-l.ide
C:\SDFix\IDE\drop-n.ide
C:\SDFix\IDE\drop-zlb.ide
C:\SDFix\IDE\dropp-tv.ide
C:\SDFix\IDE\dwnl-hav.ide
C:\SDFix\IDE\dwnl-hba.ide
C:\SDFix\IDE\dwnl-hbk.ide
C:\SDFix\IDE\dwnl-hbl.ide
C:\SDFix\IDE\dwnl-hbu.ide
C:\SDFix\IDE\dwnl-hce.ide
C:\SDFix\IDE\dwnl-hck.ide
C:\SDFix\IDE\dwnl-hcp.ide
C:\SDFix\IDE\dwnl-hcq.ide
C:\SDFix\IDE\dwnl-hcx.ide
C:\SDFix\IDE\dwnl-hdr.ide
C:\SDFix\IDE\dwnl-zll.ide
C:\SDFix\IDE\dzan-e.ide
C:\SDFix\IDE\dzan-f.ide
C:\SDFix\IDE\dzan-g.ide
C:\SDFix\IDE\encloa-b.ide
C:\SDFix\IDE\encpk-cy.ide
C:\SDFix\IDE\espole-a.ide
C:\SDFix\IDE\exchan-b.ide
C:\SDFix\IDE\exepag-a.ide
C:\SDFix\IDE\fakea-ax.ide
C:\SDFix\IDE\fakea-az.ide
C:\SDFix\IDE\fakea-ba.ide
C:\SDFix\IDE\fakea-bs.ide
C:\SDFix\IDE\fakeav-j.ide
C:\SDFix\IDE\fakeav-n.ide
C:\SDFix\IDE\fakeav-p.ide
C:\SDFix\IDE\fakeav-r.ide
C:\SDFix\IDE\fakev-ar.ide
C:\SDFix\IDE\fakev-aw.ide
C:\SDFix\IDE\fakev-az.ide
C:\SDFix\IDE\fakev-bb.ide
C:\SDFix\IDE\fakev-be.ide
C:\SDFix\IDE\fakev-bg.ide
C:\SDFix\IDE\fakev-bh.ide
C:\SDFix\IDE\fakev-bj.ide
C:\SDFix\IDE\fakev-bm.ide
C:\SDFix\IDE\fanbot-g.ide
C:\SDFix\IDE\farf-gen.ide
C:\SDFix\IDE\flood-im.ide
C:\SDFix\IDE\fomur-a.ide
C:\SDFix\IDE\forbo-gv.ide
C:\SDFix\IDE\fujac-at.ide
C:\SDFix\IDE\fujac-au.ide
C:\SDFix\IDE\fursto-a.ide
C:\SDFix\IDE\gampas-q.ide
C:\SDFix\IDE\gampas-r.ide
C:\SDFix\IDE\gina-al.ide
C:\SDFix\IDE\glupzy-c.ide
C:\SDFix\IDE\goldu-gf.ide
C:\SDFix\IDE\graybi-p.ide
C:\SDFix\IDE\grum-i.ide
C:\SDFix\IDE\grumbl-a.ide
C:\SDFix\IDE\he4hoo-e.ide
C:\SDFix\IDE\heular-a.ide
C:\SDFix\IDE\honk-g.ide
C:\SDFix\IDE\hoplit-a.ide
C:\SDFix\IDE\hupig-sz.ide
C:\SDFix\IDE\hupig-ta.ide
C:\SDFix\IDE\hupig-tb.ide
C:\SDFix\IDE\hupig-tc.ide
C:\SDFix\IDE\hupigo-n.ide
C:\SDFix\IDE\iespy-f.ide
C:\SDFix\IDE\ifram-aa.ide
C:\SDFix\IDE\ifram-ab.ide
C:\SDFix\IDE\inja-gen.ide
C:\SDFix\IDE\injec-cb.ide
C:\SDFix\IDE\injec-cc.ide
C:\SDFix\IDE\injec-cd.ide
C:\SDFix\IDE\injec-ch.ide
C:\SDFix\IDE\ircb-aaq.ide
C:\SDFix\IDE\ircb-abb.ide
C:\SDFix\IDE\ircb-abc.ide
C:\SDFix\IDE\ircb-abi.ide
C:\SDFix\IDE\ircb-abj.ide
C:\SDFix\IDE\ircb-abk.ide
C:\SDFix\IDE\ircb-abm.ide
C:\SDFix\IDE\ircb-abp.ide
C:\SDFix\IDE\ircb-abu.ide
C:\SDFix\IDE\ircb-abw.ide
C:\SDFix\IDE\irrita-a.ide
C:\SDFix\IDE\isetsp-c.ide
C:\SDFix\IDE\iyus-v.ide
C:\SDFix\IDE\joom-a.ide
C:\SDFix\IDE\jshell-a.ide
C:\SDFix\IDE\jshlex-a.ide
C:\SDFix\IDE\kapuce-c.ide
C:\SDFix\IDE\kbot-a.ide
C:\SDFix\IDE\keylo-jn.ide
C:\SDFix\IDE\keylo-jz.ide
C:\SDFix\IDE\keylo-kc.ide
C:\SDFix\IDE\keylo-ke.ide
C:\SDFix\IDE\killa-el.ide
C:\SDFix\IDE\killa-ep.ide
C:\SDFix\IDE\killa-er.ide
C:\SDFix\IDE\killf-bt.ide
C:\SDFix\IDE\killfi-j.ide
C:\SDFix\IDE\kobak-a.ide
C:\SDFix\IDE\ldpin-ro.ide
C:\SDFix\IDE\ldpin-rq.ide
C:\SDFix\IDE\legm-ars.ide
C:\SDFix\IDE\liger-a.ide
C:\SDFix\IDE\linea-dl.ide
C:\SDFix\IDE\lingos-e.ide
C:\SDFix\IDE\looke-ec.ide
C:\SDFix\IDE\looke-ed.ide
C:\SDFix\IDE\looke-ee.ide
C:\SDFix\IDE\looke-ef.ide
C:\SDFix\IDE\looke-eg.ide
C:\SDFix\IDE\lowzo-ea.ide
C:\SDFix\IDE\loxar-l.ide
C:\SDFix\IDE\lydra-ad.ide
C:\SDFix\IDE\macswp-b.ide
C:\SDFix\IDE\maha-t.ide
C:\SDFix\IDE\mailb-ck.ide
C:\SDFix\IDE\malas-b.ide
C:\SDFix\IDE\malas-e.ide
C:\SDFix\IDE\marif-a.ide
C:\SDFix\IDE\mariof-a.ide
C:\SDFix\IDE\mariof-b.ide
C:\SDFix\IDE\mats-gen.ide
C:\SDFix\IDE\mdro-bqg.ide
C:\SDFix\IDE\mdro-bre.ide
C:\SDFix\IDE\mdro-brh.ide
C:\SDFix\IDE\mdro-bri.ide
C:\SDFix\IDE\mdro-bro.ide
C:\SDFix\IDE\mdro-brq.ide
C:\SDFix\IDE\mdro-brr.ide
C:\SDFix\IDE\mdro-brt.ide
C:\SDFix\IDE\mdro-brw.ide
C:\SDFix\IDE\mdro-bry.ide
C:\SDFix\IDE\mdro-brz.ide
C:\SDFix\IDE\mdro-bsc.ide
C:\SDFix\IDE\mdro-bsj.ide
C:\SDFix\IDE\mdro-bsk.ide
C:\SDFix\IDE\mdro-bsv.ide
C:\SDFix\IDE\meiti-a.ide
C:\SDFix\IDE\melt-gen.ide
C:\SDFix\IDE\merc-a.ide
C:\SDFix\IDE\messy-a.ide
C:\SDFix\IDE\msnemy-a.ide
C:\SDFix\IDE\mumawo-a.ide
C:\SDFix\IDE\munfor-b.ide
C:\SDFix\IDE\myspch-a.ide
C:\SDFix\IDE\myspch-b.ide
C:\SDFix\IDE\namor-a.ide
C:\SDFix\IDE\netsk-bs.ide
C:\SDFix\IDE\nitfun-a.ide
C:\SDFix\IDE\norege-a.ide
C:\SDFix\IDE\ntroo-cv.ide
C:\SDFix\IDE\ntroo-cz.ide
C:\SDFix\IDE\ntroo-da.ide
C:\SDFix\IDE\ntroo-dd.ide
C:\SDFix\IDE\ntroo-dg.ide
C:\SDFix\IDE\ntroo-di.ide
C:\SDFix\IDE\ntroo-dn.ide
C:\SDFix\IDE\nymod-a.ide
C:\SDFix\IDE\obfjs-b.ide
C:\SDFix\IDE\ole2dr-b.ide
C:\SDFix\IDE\onlin-an.ide
C:\SDFix\IDE\onlin-ar.ide
C:\SDFix\IDE\onlin-at.ide
C:\SDFix\IDE\oscor-m.ide
C:\SDFix\IDE\otakbo-a.ide
C:\SDFix\IDE\pakabo-a.ide
C:\SDFix\IDE\pasala-a.ide
C:\SDFix\IDE\passte-a.ide
C:\SDFix\IDE\pccli-lj.ide
C:\SDFix\IDE\pccli-ll.ide
C:\SDFix\IDE\pccli-lx.ide
C:\SDFix\IDE\pdfex-e.ide
C:\SDFix\IDE\pdfex-f.ide
C:\SDFix\IDE\pdfex-g.ide
C:\SDFix\IDE\petbot-a.ide
C:\SDFix\IDE\piltot-a.ide
C:\SDFix\IDE\poison-r.ide
C:\SDFix\IDE\poison-t.ide
C:\SDFix\IDE\poison-v.ide
C:\SDFix\IDE\poluma-a.ide
C:\SDFix\IDE\popupp-a.ide
C:\SDFix\IDE\porpup-a.ide
C:\SDFix\IDE\prora-do.ide
C:\SDFix\IDE\prora-dq.ide
C:\SDFix\IDE\proxy-ig.ide
C:\SDFix\IDE\psw-es.ide
C:\SDFix\IDE\psw-et.ide
C:\SDFix\IDE\psws-gen.ide
C:\SDFix\IDE\psyme-hm.ide
C:\SDFix\IDE\psyme-ht.ide
C:\SDFix\IDE\psyme-hx.ide
C:\SDFix\IDE\psyme-ib.ide
C:\SDFix\IDE\psyme-id.ide
C:\SDFix\IDE\psyme-iy.ide
C:\SDFix\IDE\push-gen.ide
C:\SDFix\IDE\pushdo-h.ide
C:\SDFix\IDE\pushdo-i.ide
C:\SDFix\IDE\pushdo-j.ide
C:\SDFix\IDE\pushin-a.ide
C:\SDFix\IDE\pushu-h.ide
C:\SDFix\IDE\pws-aqb.ide
C:\SDFix\IDE\pws-aqf.ide
C:\SDFix\IDE\pws-aqp.ide
C:\SDFix\IDE\pws-aqq.ide
C:\SDFix\IDE\pws-aqz.ide
C:\SDFix\IDE\rbot-gwj.ide
C:\SDFix\IDE\rbot-gwl.ide
C:\SDFix\IDE\rbot-gwn.ide
C:\SDFix\IDE\rbot-gwt.ide
C:\SDFix\IDE\rbot-gwv.ide
C:\SDFix\IDE\rbot-gww.ide
C:\SDFix\IDE\renos-ap.ide
C:\SDFix\IDE\repet-a.ide
C:\SDFix\IDE\rexplo-b.ide
C:\SDFix\IDE\rieve-a.ide
C:\SDFix\IDE\rjump-j.ide
C:\SDFix\IDE\rkagen-e.ide
C:\SDFix\IDE\rkdrop-a.ide
C:\SDFix\IDE\rkmail-a.ide
C:\SDFix\IDE\rootk-cd.ide
C:\SDFix\IDE\rootk-ck.ide
C:\SDFix\IDE\rootk-cn.ide
C:\SDFix\IDE\salit-ao.ide
C:\SDFix\IDE\salit-ap.ide
C:\SDFix\IDE\sanji-a.ide
C:\SDFix\IDE\satin-a.ide
C:\SDFix\IDE\scrapk-a.ide
C:\SDFix\IDE\sdbo-djz.ide
C:\SDFix\IDE\sdbo-dkb.ide
C:\SDFix\IDE\sdbo-dkd.ide
C:\SDFix\IDE\sdbo-dkg.ide
C:\SDFix\IDE\sdbo-dkk.ide
C:\SDFix\IDE\servu-fg.ide
C:\SDFix\IDE\servu-fh.ide
C:\SDFix\IDE\servu-fj.ide
C:\SDFix\IDE\shahro-a.ide
C:\SDFix\IDE\shark-d.ide
C:\SDFix\IDE\sheldo-a.ide
C:\SDFix\IDE\shlbac-a.ide
C:\SDFix\IDE\shodi-i.ide
C:\SDFix\IDE\shutdo-h.ide
C:\SDFix\IDE\silly-bu.ide
C:\SDFix\IDE\silly-bw.ide
C:\SDFix\IDE\silly-by.ide
C:\SDFix\IDE\silly-bz.ide
C:\SDFix\IDE\silly-cb.ide
C:\SDFix\IDE\silly-cc.ide
C:\SDFix\IDE\silly-ce.ide
C:\SDFix\IDE\silly-cf.ide
C:\SDFix\IDE\silly-cg.ide
C:\SDFix\IDE\silly-ci.ide
C:\SDFix\IDE\sillyw-a.ide
C:\SDFix\IDE\skintr-a.ide
C:\SDFix\IDE\slolan-a.ide
C:\SDFix\IDE\smal-eld.ide
C:\SDFix\IDE\smal-ele.ide
C:\SDFix\IDE\smal-eli.ide
C:\SDFix\IDE\socks-d.ide
C:\SDFix\IDE\socks-f.ide
C:\SDFix\IDE\sohan-as.ide
C:\SDFix\IDE\sohan-av.ide
C:\SDFix\IDE\sohan-ax.ide
C:\SDFix\IDE\sohan-ay.ide
C:\SDFix\IDE\sohan-az.ide
C:\SDFix\IDE\spambo-b.ide
C:\SDFix\IDE\spar-a.ide
C:\SDFix\IDE\spwa-gen.ide
C:\SDFix\IDE\spy-aj.ide
C:\SDFix\IDE\spy-am.ide
C:\SDFix\IDE\spyage-i.ide
C:\SDFix\IDE\spycor-a.ide
C:\SDFix\IDE\spywa-ax.ide
C:\SDFix\IDE\srizbi-a.ide
C:\SDFix\IDE\starte-h.ide
C:\SDFix\IDE\swfdld-a.ide
C:\SDFix\IDE\swfexp-a.ide
C:\SDFix\IDE\swfexp-c.ide
C:\SDFix\IDE\swfexp-d.ide
C:\SDFix\IDE\swfexp-e.ide
C:\SDFix\IDE\swizz-nq.ide
C:\SDFix\IDE\swizzo-c.ide
C:\SDFix\IDE\sysloc-a.ide
C:\SDFix\IDE\tanto-i.ide
C:\SDFix\IDE\tehni-a.ide
C:\SDFix\IDE\thili-a.ide
C:\SDFix\IDE\tibs-ub.ide
C:\SDFix\IDE\tibs-uc.ide
C:\SDFix\IDE\tibs-ud.ide
C:\SDFix\IDE\tibs-uf.ide
C:\SDFix\IDE\tibs-uj.ide
C:\SDFix\IDE\tileb-kt.ide
C:\SDFix\IDE\tileb-ku.ide
C:\SDFix\IDE\tileb-kv.ide
C:\SDFix\IDE\tiny-dc.ide
C:\SDFix\IDE\tinydl-r.ide
C:\SDFix\IDE\tiotua-p.ide
C:\SDFix\IDE\traf-a.ide
C:\SDFix\IDE\tvido-a.ide
C:\SDFix\IDE\tvido-b.ide
C:\SDFix\IDE\vanbot-s.ide
C:\SDFix\IDE\vb-dyr.ide
C:\SDFix\IDE\vb-dys.ide
C:\SDFix\IDE\vb-dyv.ide
C:\SDFix\IDE\vb-dyy.ide
C:\SDFix\IDE\vb-dyz.ide
C:\SDFix\IDE\vb-dzc.ide
C:\SDFix\IDE\vb-dze.ide
C:\SDFix\IDE\vb-dzh.ide
C:\SDFix\IDE\vb-dzi.ide
C:\SDFix\IDE\vb-dzk.ide
C:\SDFix\IDE\vb-dzo.ide
C:\SDFix\IDE\vb-dzq.ide
C:\SDFix\IDE\vbbot-ao.ide
C:\SDFix\IDE\vbdrop-f.ide
C:\SDFix\IDE\vbsmai-a.ide
C:\SDFix\IDE\wiessy-a.ide
C:\SDFix\IDE\wimad-e.ide
C:\SDFix\IDE\vimes-a.ide
C:\SDFix\IDE\winsat-b.ide
C:\SDFix\IDE\virfir-a.ide
C:\SDFix\IDE\virut-x.ide
C:\SDFix\IDE\wlload-a.ide
C:\SDFix\IDE\volume-a.ide
C:\SDFix\IDE\xiao-a.ide
C:\SDFix\IDE\xorer-d.ide
C:\SDFix\IDE\zaap-a.ide
C:\SDFix\IDE\zapch-dz.ide
C:\SDFix\IDE\zapch-ea.ide
C:\SDFix\IDE\zbot-d.ide
C:\SDFix\IDE\zbot-e.ide
C:\SDFix\IDE\zbot-h.ide
C:\SDFix\IDE\zbot-j.ide
C:\SDFix\IDE\zbot-n.ide
C:\SDFix\IDE\zbot-q.ide
C:\SDFix\IDE\zbot-t.ide
C:\SDFix\IDE\zipmal-a.ide
C:\SDFix\IDE\zipwir-a.ide
C:\SDFix\IDE\zlob-ail.ide
C:\SDFix\IDE\zlob-aiw.ide
C:\SDFix\IDE\zlob-aiz.ide
C:\SDFix\IDE\zlob-aja.ide
C:\SDFix\IDE\zlob-ajn.ide
C:\SDFix\IDE\zlob-aka.ide
C:\SDFix\IDE\zlob-akd.ide
C:\SDFix\IDE\zlob-ako.ide
C:\SDFix\IDE\zlob-akp.ide
C:\SDFix\IDE\zlob-akv.ide
C:\SDFix\IDE\zlob-j.ide
C:\SDFix\IDE\zlobar-b.ide
C:\SDFix\IDE\zlobdr-h.ide
C:\SDFix\IDE\zonie-a.ide
C:\SDFix\Norman_Malware_Cleaner.exe
C:\SDFix\Quarantine_Report.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\SDFix\Signatures\20071115.sig
C:\SDFix\Signatures\20071115.trc
C:\SDFix\Signatures\20071116.sig
C:\SDFix\Signatures\20071116.trc
C:\SDFix\Signatures\20071117.sig
C:\SDFix\Signatures\20071117.trc
C:\SDFix\Signatures\20071118.sig
C:\SDFix\Signatures\20071118.trc
C:\SDFix\Signatures\20071120.sig
C:\SDFix\Signatures\20071120.trc
C:\SDFix\Signatures\20071121.sig
C:\SDFix\Signatures\20071121.trc
C:\SDFix\Signatures\20071122.sig
C:\SDFix\Signatures\20071122.trc
C:\SDFix\Signatures\20071123.sig
C:\SDFix\Signatures\20071123.trc
C:\SDFix\Signatures\20071126.sig
C:\SDFix\Signatures\20071126.trc
C:\SDFix\Signatures\20071127.sig
C:\SDFix\Signatures\20071127.trc
C:\SDFix\Signatures\20071129.sig
C:\SDFix\Signatures\20071129.trc
C:\SDFix\Signatures\20071203.sig
C:\SDFix\Signatures\20071203.trc
C:\SDFix\Signatures\20071204.sig
C:\SDFix\Signatures\20071204.trc
C:\SDFix\Signatures\20071205.sig
C:\SDFix\Signatures\20071205.trc
C:\SDFix\Signatures\20071206.sig
C:\SDFix\Signatures\20071206.trc
C:\SDFix\Signatures\20071207.sig
C:\SDFix\Signatures\20071207.trc
C:\SDFix\Signatures\20071208.trc
C:\SDFix\Signatures\20071209.trc
C:\SDFix\Signatures\20071210.sig
C:\SDFix\Signatures\20071211.sig
C:\SDFix\Signatures\20071211.trc
C:\SDFix\Signatures\20071212.sig
C:\SDFix\Signatures\20071213.sig
C:\SDFix\Signatures\20071213.trc
C:\SDFix\Signatures\20071214.sig
C:\SDFix\Signatures\20071217.sig
C:\SDFix\Signatures\20071217.trc
C:\SDFix\Signatures\20071218.sig
C:\SDFix\Signatures\20071219.sig
C:\SDFix\Signatures\20071220.sig
C:\SDFix\Signatures\20071220.trc
C:\SDFix\Signatures\20071221.sig
C:\SDFix\Signatures\20071223.trc
C:\SDFix\Signatures\20071224.sig
C:\SDFix\Signatures\20071226.sig
C:\SDFix\Signatures\20071226.trc
C:\SDFix\Signatures\20071227.sig
C:\SDFix\Signatures\20071227.trc
C:\SDFix\Signatures\20071228.sig
C:\SDFix\Signatures\20071228.trc
C:\SDFix\Signatures\20071230.trc
C:\SDFix\Signatures\20071231.sig
C:\SDFix\Signatures\20080102.sig
C:\SDFix\Signatures\20080102.trc
C:\SDFix\Signatures\20080103.sig
C:\SDFix\Signatures\20080103.trc
C:\SDFix\Signatures\20080104.sig
C:\SDFix\Signatures\20080106.trc
C:\SDFix\Signatures\20080107.sig
C:\SDFix\Signatures\20080107.trc
C:\SDFix\Signatures\20080108.sig
C:\SDFix\Signatures\20080109.sig
C:\SDFix\Signatures\20080109.trc
C:\SDFix\Signatures\20080110.sig
C:\SDFix\Signatures\20080110.trc
C:\SDFix\Signatures\20080112.trc
C:\SDFix\Signatures\20080113.sig
C:\SDFix\Signatures\20080113.trc
C:\SDFix\Signatures\20080114.sig
C:\SDFix\Signatures\20080115.sig
C:\SDFix\Signatures\20080115.trc
C:\SDFix\Signatures\20080116.sig
C:\SDFix\Signatures\20080116.trc
C:\SDFix\Signatures\20080117.sig
C:\SDFix\Signatures\20080117.trc
C:\SDFix\Signatures\20080118.sig
C:\SDFix\Signatures\20080118.trc
C:\SDFix\Signatures\20080119.trc
C:\SDFix\Signatures\20080121.sig
C:\SDFix\Signatures\20080122.sig
C:\SDFix\Signatures\20080122.trc
C:\SDFix\Signatures\20080123.sig
C:\SDFix\Signatures\20080123.trc
C:\SDFix\Signatures\20080124.sig
C:\SDFix\Signatures\20080125.sig
C:\SDFix\Signatures\20080125.trc
C:\SDFix\Signatures\20080127.trc
C:\SDFix\Signatures\20080128.sig
C:\SDFix\Signatures\20080128.trc
C:\SDFix\Signatures\20080129.sig
C:\SDFix\Signatures\20080130.sig
C:\SDFix\Signatures\20080130.trc
C:\SDFix\Signatures\20080131.sig
C:\SDFix\Signatures\20080131.trc
C:\SDFix\Signatures\20080201.sig
C:\SDFix\Signatures\20080201.trc
C:\SDFix\Signatures\20080204.sig
C:\SDFix\Signatures\20080205.sig
C:\SDFix\Signatures\20080205.trc
C:\SDFix\Signatures\20080206.sig
C:\SDFix\Signatures\20080206.trc
C:\SDFix\Signatures\20080207.sig
C:\SDFix\Signatures\20080207.trc
C:\SDFix\Signatures\20080208.sig
C:\SDFix\Signatures\20080208.trc
C:\SDFix\Signatures\20080209.trc
C:\SDFix\Signatures\20080210.trc
C:\SDFix\Signatures\20080211.sig
C:\SDFix\Signatures\20080212.sig
C:\SDFix\Signatures\20080212.trc
C:\SDFix\Signatures\20080213.sig
C:\SDFix\Signatures\20080213.trc
C:\SDFix\Signatures\20080214.sig
C:\SDFix\Signatures\20080214.trc
C:\SDFix\Signatures\20080215.sig
C:\SDFix\Signatures\20080215.trc
C:\SDFix\Signatures\20080217.trc
C:\SDFix\Signatures\20080218.sig
C:\SDFix\Signatures\20080219.sig
C:\SDFix\Signatures\20080219.trc
C:\SDFix\Signatures\20080220.sig
C:\SDFix\Signatures\20080220.trc
C:\SDFix\Signatures\20080221.sig
C:\SDFix\Signatures\20080221.trc
C:\SDFix\Signatures\20080222.sig
C:\SDFix\Signatures\20080224.trc
C:\SDFix\Signatures\20080225.sig
C:\SDFix\Signatures\20080226.sig
C:\SDFix\Signatures\20080226.trc
C:\SDFix\Signatures\20080227.sig
C:\SDFix\Signatures\20080227.trc
C:\SDFix\Signatures\20080229.sig
C:\SDFix\Signatures\20080229.trc
C:\SDFix\Signatures\20080302.trc
C:\SDFix\Signatures\20080303.sig
C:\SDFix\Signatures\20080304.sig
C:\SDFix\Signatures\20080304.trc
C:\SDFix\Signatures\20080305.sig
C:\SDFix\Signatures\20080305.trc
C:\SDFix\Signatures\20080306.sig
C:\SDFix\Signatures\20080307.sig
C:\SDFix\Signatures\20080307.trc
C:\SDFix\Signatures\20080310.sig
C:\SDFix\Signatures\20080310.trc
C:\SDFix\Signatures\20080311.sig
C:\SDFix\Signatures\20080311.trc
C:\SDFix\Signatures\20080312.sig
C:\SDFix\Signatures\20080312.trc
C:\SDFix\Signatures\20080313.sig
C:\SDFix\Signatures\20080313.trc
C:\SDFix\Signatures\20080314.sig
C:\SDFix\Signatures\20080314.trc
C:\SDFix\Signatures\20080317.sig
C:\SDFix\Signatures\20080317.trc
C:\SDFix\Signatures\20080318.sig
C:\SDFix\Signatures\20080319.sig
C:\SDFix\Signatures\20080319.trc
C:\SDFix\Signatures\20080320.sig
C:\SDFix\Signatures\20080320.trc
C:\SDFix\Signatures\20080321.sig
C:\SDFix\Signatures\20080321.trc
C:\SDFix\Signatures\20080324.sig
C:\SDFix\Signatures\20080325.sig
C:\SDFix\Signatures\20080326.sig
C:\SDFix\Signatures\20080326.trc
C:\SDFix\Signatures\20080327.sig
C:\SDFix\Signatures\20080327.trc
C:\SDFix\Signatures\20080328.sig
C:\SDFix\Signatures\20080328.trc
C:\SDFix\Signatures\20080330.trc
C:\SDFix\Signatures\20080331.sig
C:\SDFix\Signatures\20080401.sig
C:\SDFix\Signatures\20080401.trc
C:\SDFix\Signatures\20080403.sig
C:\SDFix\Signatures\20080403.trc
C:\SDFix\Signatures\20080404.sig
C:\SDFix\Signatures\20080404.trc
C:\SDFix\Signatures\20080407.sig
C:\SDFix\Signatures\20080408.sig
C:\SDFix\Signatures\20080408.trc
C:\SDFix\Signatures\20080409.sig
C:\SDFix\Signatures\20080410.sig
C:\SDFix\Signatures\20080410.trc
C:\SDFix\Signatures\20080411.sig
C:\SDFix\Signatures\20080411.trc
C:\SDFix\Signatures\20080412.sig
C:\SDFix\Signatures\20080412.trc
C:\SDFix\Signatures\20080414.sig
C:\SDFix\Signatures\20080415.sig
C:\SDFix\Signatures\20080415.trc
C:\SDFix\Signatures\20080416.sig
C:\SDFix\Signatures\20080416.trc
C:\SDFix\Signatures\20080418.sig
C:\SDFix\Signatures\20080418.trc
C:\SDFix\Signatures\20080420.trc
C:\SDFix\Signatures\20080421.sig
C:\SDFix\Signatures\20080422.sig
C:\SDFix\Signatures\20080423.sig
C:\SDFix\Signatures\20080424.sig
C:\SDFix\Signatures\20080424.trc
C:\SDFix\Signatures\20080425.sig
C:\SDFix\Signatures\20080425.trc
C:\SDFix\Signatures\20080427.trc
C:\SDFix\Signatures\20080428.sig
C:\SDFix\Signatures\20080429.sig
C:\SDFix\Signatures\20080429.trc
C:\SDFix\Signatures\20080430.sig
C:\SDFix\Signatures\20080430.trc
C:\SDFix\Signatures\20080501.sig
C:\SDFix\Signatures\20080501.trc
C:\SDFix\Signatures\20080502.sig
C:\SDFix\Signatures\20080505.sig
C:\SDFix\Signatures\20080505.trc
C:\SDFix\Signatures\20080506.sig
C:\SDFix\Signatures\20080506.trc
C:\SDFix\Signatures\20080507.sig
C:\SDFix\Signatures\20080507.trc
C:\SDFix\Signatures\20080508.sig
C:\SDFix\Signatures\20080508.trc
C:\SDFix\Signatures\20080509.sig
C:\SDFix\Signatures\20080509.trc
C:\SDFix\Signatures\20080512.sig
C:\SDFix\Signatures\20080512.trc
C:\SDFix\Signatures\20080513.sig
C:\SDFix\Signatures\20080514.sig
C:\SDFix\Signatures\20080514.trc
C:\SDFix\Signatures\20080515.sig
C:\SDFix\Signatures\20080515.trc
C:\SDFix\Signatures\20080516.sig
C:\SDFix\Signatures\20080516.trc
C:\SDFix\Signatures\20080519.sig
C:\SDFix\Signatures\20080519.trc
C:\SDFix\Signatures\20080520.sig
C:\SDFix\Signatures\20080520.trc
C:\SDFix\Signatures\20080521.sig
C:\SDFix\Signatures\20080521.trc
C:\SDFix\Signatures\20080522.sig
C:\SDFix\Signatures\20080522.trc
C:\SDFix\Signatures\20080523.sig
C:\SDFix\Signatures\20080523.trc
C:\SDFix\Signatures\20080525.trc
C:\SDFix\Signatures\20080526.sig
C:\SDFix\Signatures\20080527.sig
C:\SDFix\Signatures\20080527.trc
C:\SDFix\Signatures\20080528.sig
C:\SDFix\Signatures\20080528.trc
C:\SDFix\Signatures\20080529.sig
C:\SDFix\Signatures\20080530.sig
C:\SDFix\Signatures\20080530.trc
C:\SDFix\Signatures\20080601.trc
C:\SDFix\Signatures\20080602.sig
C:\SDFix\SystemReport.txt
C:\SDFix\unrar.dll
C:\SDFix\W2K_CodecRepair.inf
C:\SDFix\XP_CodecRepair.inf
C:\uucn.exe
C:\vieiiy.exe
C:\WINDOWS\service.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-06 to 2008-06-06 )))))))))))))))))
.

2008-06-04 12:19 . 2008-06-04 12:19 3,423 --a------ C:\WINDOWS\is154890.exe
2008-06-03 05:40 . 2008-06-03 05:40 <KANSIO> dr------- C:\Documents and Settings\NetworkService\Suosikit
2008-06-03 05:33 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-06-03 05:33 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-06-03 05:33 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-06-03 05:32 . 2008-06-03 05:32 <KANSIO> d-------- C:\Program Files\Sygate
2008-06-03 05:31 . 2008-06-03 05:31 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 01:01 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-06-02 22:31 . 2008-06-02 22:31 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-06-02 20:37 . 2008-06-02 20:37 <KANSIO> d-------- C:\Documents and Settings\NOORA\Application Data\Malwarebytes
2008-06-02 20:36 . 2008-06-03 19:15 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 20:36 . 2008-06-02 20:36 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-02 20:36 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-02 20:36 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-02 18:36 . 2008-06-02 18:36 <KANSIO> d-------- C:\SAV32CLI
2008-06-02 06:27 . 2008-06-02 06:27 1,438,932 --a------ C:\SDFix.exe
2008-06-02 05:14 . 2008-06-02 05:14 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-24 15:44 . 2008-05-24 15:44 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-05-16 06:04 . 2008-06-06 06:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-16 06:04 . 2008-05-16 06:04 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 03:54 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-06-06 03:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-06-05 18:20 --------- d-----w C:\Program Files\StepMania
2008-06-05 16:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-05 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-02 03:34 --------- d-----w C:\Program Files\Webteh
2008-05-30 21:21 --------- d-----w C:\Documents and Settings\NOORA\Application Data\Skype
2008-05-30 21:02 --------- d-----w C:\Documents and Settings\NOORA\Application Data\skypePM
2008-05-24 16:52 --------- d-----w C:\Program Files\Sonera Tietoturva
2008-05-24 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure
2008-05-24 16:44 --------- d-----w C:\Program Files\Symantec
2008-05-24 16:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-24 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-03 14:31 --------- d-----w C:\Program Files\Safari
2008-05-03 14:29 --------- d-----w C:\Program Files\Apple Software Update
2008-04-25 15:11 --------- d-----w C:\Program Files\Maxis
2008-04-13 00:38 --------- d-----w C:\Program Files\iTunes
2008-04-13 00:36 --------- d-----w C:\Program Files\iPod
2008-04-13 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-13 00:23 --------- d-----w C:\Program Files\QuickTime
2008-04-09 18:37 --------- d-----w C:\Documents and Settings\NOORA\Application Data\Uniblue
2008-04-06 17:06 --------- d-----w C:\Program Files\Winamp
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-18 18:00 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-10-22 19:45 9,367 -c--a-w C:\Program Files\INSTALL.LOG
2005-03-07 19:57 81,136 -c--a-w C:\Documents and Settings\NOORA\Application Data\GDIPFONTCACHEV1.DAT
2005-03-06 18:17 81,136 -c--a-w C:\Documents and Settings\SANNA\Application Data\GDIPFONTCACHEV1.DAT
2005-02-22 15:16 81,136 -c--a-w C:\Documents and Settings\Niinan\Application Data\GDIPFONTCACHEV1.DAT
2005-02-11 10:28 34,360 -c--a-w C:\Documents and Settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2004-03-11 11:27 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
2001-09-28 14:00 164,864 -c--a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2008-06-03_17.57.17,57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 14:18:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-06 03:53:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 16:55:51 29,926 ----a-r C:\WINDOWS\Installer\{A9174A72-1B46-445B-B3CF-90ED2C63D83B}\MsblIco.Exe
+ 2008-06-05 16:14:54 2,022 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{86B73F86-8EEE-4FE1-8100-8973487B6E11}.bin
+ 2007-10-18 08:31:46 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2008-06-06 03:53:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_79c.dat
+ 2008-06-06 03:54:40 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_c40.dat
+ 2006-06-05 11:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 11:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 11:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 19:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 19:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 19:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-02 23:19 835654 C:\WINDOWS\system32\nview.dll]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-01-03 12:41 1385472]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-03-12 22:43 81920]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:31 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-10-30 13:16 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 22:39 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 22:39 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 22:39 455168]
"Sonera"="C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" [2007-08-19 11:47 197880]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"VMware hqtray"="C:\Program Files\VMware\VMware Player\hqtray.exe" [2007-10-08 09:21 55856]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-26 21:24 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"Windows svchost"="service.exe" []

C:\Documents and Settings\Default User\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 07:11:14 27136]

C:\Documents and Settings\Default User\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 07:11:14 27136]

C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-07-07 02:20:40 233472]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-02-06 11:33:07 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashFXP\\flashfxp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20767:TCP"= 20767:TCP:BitComet 20767 TCP
"20767:UDP"= 20767:UDP:BitComet 20767 UDP

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 23:41]
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 23:41]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 aswArKrn;aswArKrn;C:\DOCUME~1\NOORA\LOCALS~1\Temp\aswArKrn.sys []
S3 dtvBDADEV;Digital TV stick USB 2.0 BDA;C:\WINDOWS\system32\Drivers\dtvbdadrv.sys [2005-07-21 20:50]
S3 dtvLOAD;Digital TV stick Firmware Loader;C:\WINDOWS\system32\DRIVERS\dtvloadp.sys [2005-07-21 20:20]
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2003-02-24 10:36]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2004-05-17 09:15]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-30 14:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-05-03 14:29:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-05 18:37:31 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-05 08:23:07 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D8AA3B8F-2A61-48FD-875B-AB8056345360}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 07:07:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMware hqtray"="\"C:\\Program Files\\VMware\\VMware Player\\hqtray.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-06-06 7:13:48
ComboFix-quarantined-files.txt 2008-06-06 04:13:44
ComboFix2.txt 2008-06-05 15:40:40
ComboFix3.txt 2008-06-03 14:57:36

Pre-Run: 4,054,798,336 tavua vapaana
Post-Run: 4,027,715,584 tavua vapaana

1164 --- E O F --- 2008-05-28 04:11:54
[ + lainaa]
Hujo
Suspended permanently
_ 		6. kesäkuuta 2008 @ 17:12 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
scannaa uusi hjt:n loki
[ + lainaa]
Voiko tietsikka koskaan toimia?
Garnet
Newbie
_ 		6. kesäkuuta 2008 @ 18:24 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Sisko näköjään teki koneelle tänään jotain, joten en tiedä onko sinne ilmestynyt jotain uutta. Tässä kuteinkin hjt logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:02, on 6.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0023-0000-5400-320020040070} - http://www.storage-tasp.com/gs/gsa1435.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
[ + lainaa]
Hujo
Suspended permanently
_ 		6. kesäkuuta 2008 @ 18:47 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
scannaa hjt:llä merkkaa paina Fix checked

O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

===============




Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ?all Files? ja tallenna se Poisto.bat. nimisenä
työpöydällesi.

@echo off
sc stop CLTNetCnService
sc delete CLTNetCnService


Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.
[ + lainaa]
Voiko tietsikka koskaan toimia?
Garnet
Newbie
_ 		6. kesäkuuta 2008 @ 19:14 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Ok nuo on tehty. Voiko Poisto-tiedoston nyt heittää roskakoriin?
[ + lainaa]
Hujo
Suspended permanently
_ 		6. kesäkuuta 2008 @ 19:21 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Voipi viskata
combofix loki uusi
scannaa uusi hjt;n loki
[ + lainaa]
Voiko tietsikka koskaan toimia?
Garnet
Newbie
_ 		7. kesäkuuta 2008 @ 09:40 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Mitä meinaat? Siis pitäisikö tänne heittää uusi combofix loki? Mitenkäs se onnistuu jos ei aja sillä mitään läpi ja kuvaketta ei saa klikkailla?
Tässä hjt loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:11, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0023-0000-5400-320020040070} - http://www.storage-tasp.com/gs/gsa1435.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
[ + lainaa]
Hujo
Suspended permanently
_ 		7. kesäkuuta 2008 @ 10:23 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
juu scannaa se uusi combofix loki
[ + lainaa]
Voiko tietsikka koskaan toimia?
Garnet
Newbie
_ 		7. kesäkuuta 2008 @ 10:58 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tässä on uusi loki:

ComboFix 08-06-01.6 - NOORA 2008-06-07 10:41:36.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.232 [GMT 3:00]Running from: C:\Documents and Settings\NOORA\Työpöytä\ComboFix.exe
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-07 to 2008-06-07 )))))))))))))))))
.

2008-06-04 12:19 . 2008-06-04 12:19 3,423 --a------ C:\WINDOWS\is154890.exe
2008-06-03 05:40 . 2008-06-03 05:40 <KANSIO> dr------- C:\Documents and Settings\NetworkService\Suosikit
2008-06-03 05:33 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-06-03 05:33 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-06-03 05:33 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-06-03 05:32 . 2008-06-03 05:32 <KANSIO> d-------- C:\Program Files\Sygate
2008-06-03 05:31 . 2008-06-03 05:31 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 01:01 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-06-02 22:31 . 2008-06-02 22:31 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-06-02 20:37 . 2008-06-02 20:37 <KANSIO> d-------- C:\Documents and Settings\NOORA\Application Data\Malwarebytes
2008-06-02 20:36 . 2008-06-03 19:15 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 20:36 . 2008-06-02 20:36 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-02 20:36 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-02 20:36 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-02 18:36 . 2008-06-02 18:36 <KANSIO> d-------- C:\SAV32CLI
2008-06-02 06:27 . 2008-06-02 06:27 1,438,932 --a------ C:\SDFix.exe
2008-06-02 05:14 . 2008-06-02 05:14 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-24 15:44 . 2008-05-24 15:44 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-05-16 06:04 . 2008-06-07 09:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-16 06:04 . 2008-05-16 06:04 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 06:31 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-06-07 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-06-06 10:22 --------- d-----w C:\Program Files\StepMania
2008-06-05 16:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-05 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-02 03:34 --------- d-----w C:\Program Files\Webteh
2008-05-30 21:21 --------- d-----w C:\Documents and Settings\NOORA\Application Data\Skype
2008-05-30 21:02 --------- d-----w C:\Documents and Settings\NOORA\Application Data\skypePM
2008-05-24 16:52 --------- d-----w C:\Program Files\Sonera Tietoturva
2008-05-24 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure
2008-05-24 16:44 --------- d-----w C:\Program Files\Symantec
2008-05-24 16:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-24 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-03 14:31 --------- d-----w C:\Program Files\Safari
2008-05-03 14:29 --------- d-----w C:\Program Files\Apple Software Update
2008-04-25 15:11 --------- d-----w C:\Program Files\Maxis
2008-04-13 00:38 --------- d-----w C:\Program Files\iTunes
2008-04-13 00:36 --------- d-----w C:\Program Files\iPod
2008-04-13 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-13 00:23 --------- d-----w C:\Program Files\QuickTime
2008-04-09 18:37 --------- d-----w C:\Documents and Settings\NOORA\Application Data\Uniblue
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-18 18:00 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-10-22 19:45 9,367 -c--a-w C:\Program Files\INSTALL.LOG
2005-03-07 19:57 81,136 -c--a-w C:\Documents and Settings\NOORA\Application Data\GDIPFONTCACHEV1.DAT
2005-03-06 18:17 81,136 -c--a-w C:\Documents and Settings\SANNA\Application Data\GDIPFONTCACHEV1.DAT
2005-02-22 15:16 81,136 -c--a-w C:\Documents and Settings\Niinan\Application Data\GDIPFONTCACHEV1.DAT
2005-02-11 10:28 34,360 -c--a-w C:\Documents and Settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2004-03-11 11:27 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
2001-09-28 14:00 164,864 -c--a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2008-06-03_17.57.17,57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 14:18:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-07 06:29:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 16:55:51 29,926 ----a-r C:\WINDOWS\Installer\{A9174A72-1B46-445B-B3CF-90ED2C63D83B}\MsblIco.Exe
+ 2008-06-05 16:14:54 2,022 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{86B73F86-8EEE-4FE1-8100-8973487B6E11}.bin
+ 2007-10-18 08:31:46 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2008-06-07 06:31:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_718.dat
+ 2008-06-07 06:30:01 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7a0.dat
+ 2006-06-05 11:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 11:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 11:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 19:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 19:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 19:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-02 23:19 835654 C:\WINDOWS\system32\nview.dll]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-01-03 12:41 1385472]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-03-12 22:43 81920]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:31 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-10-30 13:16 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 22:39 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 22:39 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 22:39 455168]
"Sonera"="C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" [2007-08-19 11:47 197880]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"VMware hqtray"="C:\Program Files\VMware\VMware Player\hqtray.exe" [2007-10-08 09:21 55856]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

C:\Documents and Settings\Default User\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 07:11:14 27136]

C:\Documents and Settings\Default User\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 07:11:14 27136]

C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-07-07 02:20:40 233472]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-02-06 11:33:07 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashFXP\\flashfxp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20767:TCP"= 20767:TCP:BitComet 20767 TCP
"20767:UDP"= 20767:UDP:BitComet 20767 UDP

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 23:41]
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 23:41]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 aswArKrn;aswArKrn;C:\DOCUME~1\NOORA\LOCALS~1\Temp\aswArKrn.sys []
S3 dtvBDADEV;Digital TV stick USB 2.0 BDA;C:\WINDOWS\system32\Drivers\dtvbdadrv.sys [2005-07-21 20:50]
S3 dtvLOAD;Digital TV stick Firmware Loader;C:\WINDOWS\system32\DRIVERS\dtvloadp.sys [2005-07-21 20:20]
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2003-02-24 10:36]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2004-05-17 09:15]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-06 14:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-06-06 08:22:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-07 07:38:57 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-06 10:19:23 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D8AA3B8F-2A61-48FD-875B-AB8056345360}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 10:47:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMware hqtray"="\"C:\\Program Files\\VMware\\VMware Player\\hqtray.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-06-07 10:52:50
ComboFix-quarantined-files.txt 2008-06-07 07:52:33
ComboFix2.txt 2008-06-06 04:13:50
ComboFix3.txt 2008-06-05 15:40:40
ComboFix4.txt 2008-06-03 14:57:36

Pre-Run: 4,042,919,936 tavua vapaana
Post-Run: 4,026,945,536 tavua vapaana

214 --- E O F --- 2008-05-28 04:11:54
[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 7. kesäkuuta 2008 @ 11:02
Hujo
Suspended permanently
_ 		7. kesäkuuta 2008 @ 11:44 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Lainaus:
File::
C:\WINDOWS\is154890.exe

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

[ + lainaa]
Voiko tietsikka koskaan toimia?
Garnet
Newbie
_ 		7. kesäkuuta 2008 @ 23:56 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Uusi loki:

ComboFix 08-06-01.6 - NOORA 2008-06-07 23:41:17.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.275 [GMT 3:00]
Running from: C:\Documents and Settings\NOORA\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\NOORA\Työpöytä\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\is154890.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\is154890.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-07 to 2008-06-07 )))))))))))))))))
.

2008-06-03 05:40 . 2008-06-03 05:40 <KANSIO> dr------- C:\Documents and Settings\NetworkService\Suosikit
2008-06-03 05:33 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-06-03 05:33 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-06-03 05:33 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-06-03 05:32 . 2008-06-03 05:32 <KANSIO> d-------- C:\Program Files\Sygate
2008-06-03 05:31 . 2008-06-03 05:31 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 01:01 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-06-02 22:31 . 2008-06-02 22:31 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-06-02 20:37 . 2008-06-02 20:37 <KANSIO> d-------- C:\Documents and Settings\NOORA\Application Data\Malwarebytes
2008-06-02 20:36 . 2008-06-03 19:15 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 20:36 . 2008-06-02 20:36 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-02 20:36 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-02 20:36 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-02 18:36 . 2008-06-02 18:36 <KANSIO> d-------- C:\SAV32CLI
2008-06-02 06:27 . 2008-06-02 06:27 1,438,932 --a------ C:\SDFix.exe
2008-06-02 05:14 . 2008-06-02 05:14 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-24 15:44 . 2008-05-24 15:44 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-05-16 06:04 . 2008-06-07 09:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-16 06:04 . 2008-05-16 06:04 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 20:13 --------- d-----w C:\Program Files\StepMania
2008-06-07 06:31 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-06-07 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-06-05 16:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-05 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-02 03:34 --------- d-----w C:\Program Files\Webteh
2008-05-30 21:21 --------- d-----w C:\Documents and Settings\NOORA\Application Data\Skype
2008-05-30 21:02 --------- d-----w C:\Documents and Settings\NOORA\Application Data\skypePM
2008-05-24 16:52 --------- d-----w C:\Program Files\Sonera Tietoturva
2008-05-24 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure
2008-05-24 16:44 --------- d-----w C:\Program Files\Symantec
2008-05-24 16:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-24 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-03 14:31 --------- d-----w C:\Program Files\Safari
2008-05-03 14:29 --------- d-----w C:\Program Files\Apple Software Update
2008-04-25 15:11 --------- d-----w C:\Program Files\Maxis
2008-04-13 00:38 --------- d-----w C:\Program Files\iTunes
2008-04-13 00:36 --------- d-----w C:\Program Files\iPod
2008-04-13 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-13 00:23 --------- d-----w C:\Program Files\QuickTime
2008-04-09 18:37 --------- d-----w C:\Documents and Settings\NOORA\Application Data\Uniblue
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-18 18:00 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-10-22 19:45 9,367 -c--a-w C:\Program Files\INSTALL.LOG
2005-03-07 19:57 81,136 -c--a-w C:\Documents and Settings\NOORA\Application Data\GDIPFONTCACHEV1.DAT
2005-03-06 18:17 81,136 -c--a-w C:\Documents and Settings\SANNA\Application Data\GDIPFONTCACHEV1.DAT
2005-02-22 15:16 81,136 -c--a-w C:\Documents and Settings\Niinan\Application Data\GDIPFONTCACHEV1.DAT
2005-02-11 10:28 34,360 -c--a-w C:\Documents and Settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2004-03-11 11:27 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
2001-09-28 14:00 164,864 -c--a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2008-06-03_17.57.17,57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 14:18:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-07 06:29:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 16:55:51 29,926 ----a-r C:\WINDOWS\Installer\{A9174A72-1B46-445B-B3CF-90ED2C63D83B}\MsblIco.Exe
+ 2008-06-05 16:14:54 2,022 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{86B73F86-8EEE-4FE1-8100-8973487B6E11}.bin
+ 2007-10-18 08:31:46 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2008-06-07 06:31:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_718.dat
+ 2008-06-07 06:30:01 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7a0.dat
+ 2006-06-05 11:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 11:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 11:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 19:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 19:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 19:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-02 23:19 835654 C:\WINDOWS\system32\nview.dll]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-01-03 12:41 1385472]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-03-12 22:43 81920]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:31 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-10-30 13:16 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 22:39 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 22:39 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 22:39 455168]
"Sonera"="C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" [2007-08-19 11:47 197880]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"VMware hqtray"="C:\Program Files\VMware\VMware Player\hqtray.exe" [2007-10-08 09:21 55856]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

C:\Documents and Settings\Default User\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 07:11:14 27136]

C:\Documents and Settings\Default User\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 07:11:14 27136]

C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-07-07 02:20:40 233472]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-02-06 11:33:07 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashFXP\\flashfxp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20767:TCP"= 20767:TCP:BitComet 20767 TCP
"20767:UDP"= 20767:UDP:BitComet 20767 UDP

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 23:41]
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 23:41]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 aswArKrn;aswArKrn;C:\DOCUME~1\NOORA\LOCALS~1\Temp\aswArKrn.sys []
S3 dtvBDADEV;Digital TV stick USB 2.0 BDA;C:\WINDOWS\system32\Drivers\dtvbdadrv.sys [2005-07-21 20:50]
S3 dtvLOAD;Digital TV stick Firmware Loader;C:\WINDOWS\system32\DRIVERS\dtvloadp.sys [2005-07-21 20:20]
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2003-02-24 10:36]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2004-05-17 09:15]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-06 14:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-06-06 08:22:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-07 20:37:22 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-07 10:56:16 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D8AA3B8F-2A61-48FD-875B-AB8056345360}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 23:46:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMware hqtray"="\"C:\\Program Files\\VMware\\VMware Player\\hqtray.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-06-07 23:51:32
ComboFix-quarantined-files.txt 2008-06-07 20:50:33
ComboFix2.txt 2008-06-07 07:52:50
ComboFix3.txt 2008-06-06 04:13:50
ComboFix4.txt 2008-06-05 15:40:40
ComboFix5.txt 2008-06-03 14:57:36

Pre-Run: 3,985,526,784 tavua vapaana
Post-Run: 3,984,891,904 tavua vapaana

223 --- E O F --- 2008-05-28 04:11:54
[ + lainaa]
Mainos
_ 		__
 
_
Hujo
Suspended permanently
_ 		8. kesäkuuta 2008 @ 00:18 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Loki ok..
[ + lainaa]
Voiko tietsikka koskaan toimia?
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > mesevirus+muuta+hjt logi
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy