AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
sunnuntai 16.11.2025 / 05:48
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > hjt logi, vnrblock, ppcbooster ja p2pmax jotain vielä vikana
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
HJT logi, VnrBlock, ppcbooster ja p2pmax jotain vielä vikana
  Siirry:
 
Kirjoittaja Viesti
Sivu:12>
CNiba
Newbie
_ 		9. joulukuuta 2008 @ 19:25 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:59, on 9.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\drivers\services.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Personal Firewall\kpf4ss.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Sunbelt Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\drivers\services.exe
C:\Documents and Settings\Disassembler\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\drivers\services.exe
C:\Documents and Settings\Disassembler\svchost.exe
C:\Program Files\yodm3D\Yodm3D.exe
G:\Security\Muita\PeerGuardian2\pg2.exe
G:\DC++\DCPlusPlus.exe
C:\Documents and Settings\Disassembler\Käynnistä-valikko\Ohjelmat\Käynnistys\userinit.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
G:\Mozilla Firefox\firefox.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: C:\WINDOWS\system32\jsdf768wude.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\Disassembler\svchost.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "G:\Security\Isot ohjelmat\Norton Antivirus\osCheck.exe"
O4 - HKLM\..\Run: [PromoReg] C:\DOCUME~1\DISASS~1\LOCALS~1\Temp\1E6.tmp
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\Disassembler\svchost.exe
O4 - HKCU\..\Run: [Yodm3D] C:\Program Files\yodm3D\Yodm3D.exe
O4 - HKCU\..\Run: [BitTorrent] "G:\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [PeerGuardian] G:\Security\Muita\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DC++.lnk = G:\DC++\DCPlusPlus.exe
O4 - Startup: userinit.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: NordicBet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\NordicBetMPP\MPPoker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1207723355703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1207827973140
O16 - DPF: {9522589E-57B9-46C5-9A77-1F1C1CCBE550} (F-Secure Online Scanner 2.1 (CD version)) - file:///C:/Documents%20and%20Settings/Disassembler/Local%20Settings/Temp/OnlineScanner/is2007ols/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB645E0A-1A85-4ED2-BE71-3F06E79D9824}: NameServer = 192.168.0.254
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O22 - SharedTaskScheduler: KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - G:\Security\Isot ohjelmat\Norton Antivirus\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - G:\Security\Firewalls\Sygate Personal Firewall\smc.exe (file missing)
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Personal Firewall\kpf4ss.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8885 bytes


Käynnistykset ja tiedostot kyseisistä tai sitten vain osa niistä poistettu kyseisistä VnrBlock, ppcbooster ja p2pmax mutta jotain vielä jäänyt. Ajettu kone läpi Norton Antiviruksella, F-Secure Online Scannerilla ja AVG 8:lla. SDfixiä en saanut asennettua. Viaksi jäi samantyylinen kuin VnrBlock21:n vika että googlen antamat linkin avaus ei onnistu ja selain ei pääse kaikille sivuille. Myöskin koneen käynnistys ei toimi normaalisti, joutuu käynnistämään "Viimeinen toimiva kokoonpano" jotta winukka käynnistyisi.

PS. Ei onnistu asentaa Combofixiä, koska linkit eivät avaudu eikä saa ladattua muualtakaan mitä yrittänyt. Ja Malwarebytes' Anti-Malware:n asennus ei onnistu, linkki ei toimi tässäkään mutta sain haettua muualta mutta ei suostu asentamaan ja olen lukenut: keskustelu.afterdawn.com/thread_view.cfm/726882
[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 9. joulukuuta 2008 @ 19:47
Hujo
Suspended permanently
_ 		9. joulukuuta 2008 @ 20:56 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

===============

että sitä peliä :(

===============

scannaa hjt:llä merkkaa paina Fix checked

Running processes:
C:\WINDOWS\system32\drivers\services.exe
C:\Documents and Settings\Disassembler\svchost.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: C:\WINDOWS\system32\jsdf768wude.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\Disassembler\svchost.exe
O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\Disassembler\svchost.exe
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O22 - SharedTaskScheduler: KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)
[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 9. joulukuuta 2008 @ 21:39
CNiba
Newbie
_ 		9. joulukuuta 2008 @ 23:12 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tuota riviä ei enää löytynyt: "O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll". Ja sitten pitäisiköhän toi C:\WINDOWS\system32\ntos.exe poistaa manuaalisesti? Esim Unlocker:illa?


SDFix: Version 1.230
Run by Disassembler on ti 09.12.2008 at 22:19

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\Documents and Settings\Disassembler\Ty?p?yt?\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Schedule Service Path

Rebooting


Checking Files :

No Trojan Files Found

C:\-18776~1 - Deleted
C:\Documents and Settings\Disassembler\svchost.exe - Deleted
C:\Documents and Settings\LocalService\svchost.exe - Deleted
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll - Deleted
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll - Deleted
C:\Documents and Settings\Disassembler\Local Settings\Temp\utt22.tmp.exe - Deleted
C:\Documents and Settings\Disassembler\Local Settings\Temp\utt5C3.tmp.exe - Deleted
C:\Documents and Settings\Disassembler\svchost.exe - Deleted
C:\DOCUME~1\DISASS~1\LOCALS~1\Temp\removalfile.bat - Deleted
C:\userinit.exe - Deleted
C:\WINDOWS\system32\crypts.dll - Deleted
C:\WINDOWS\system32\drivers\services.exe - Deleted


Could Not Remove C:\WINDOWS\system32\ntos.exe

Folder C:\Documents and Settings\LocalService\Application Data\wsnpoem - Removed
Folder C:\Documents and Settings\NetworkService\Application Data\wsnpoem - Removed


Removing Temp Files

ADS Check :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:44, on 9.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Personal Firewall\kpf4ss.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Sunbelt Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\yodm3D\Yodm3D.exe
G:\Security\Muita\PeerGuardian2\pg2.exe
G:\DC++\DCPlusPlus.exe
C:\Documents and Settings\Disassembler\Käynnistä-valikko\Ohjelmat\Käynnistys\userinit.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "G:\Security\Isot ohjelmat\Norton Antivirus\osCheck.exe"
O4 - HKLM\..\Run: [SDFix] C:\DOCUME~1\DISASS~1\TYPYT~1\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\Program Files\yodm3D\Yodm3D.exe
O4 - HKCU\..\Run: [BitTorrent] "G:\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [PeerGuardian] G:\Security\Muita\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DC++.lnk = G:\DC++\DCPlusPlus.exe
O4 - Startup: userinit.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: NordicBet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\NordicBetMPP\MPPoker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1207723355703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1207827973140
O16 - DPF: {9522589E-57B9-46C5-9A77-1F1C1CCBE550} (F-Secure Online Scanner 2.1 (CD version)) - file:///C:/Documents%20and%20Settings/Disassembler/Local%20Settings/Temp/OnlineScanner/is2007ols/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB645E0A-1A85-4ED2-BE71-3F06E79D9824}: NameServer = 192.168.0.254
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - G:\Security\Isot ohjelmat\Norton Antivirus\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - G:\Security\Firewalls\Sygate Personal Firewall\smc.exe (file missing)
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Personal Firewall\kpf4ss.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7734 bytes
[ + lainaa]
CNiba
Newbie
_ 		9. joulukuuta 2008 @ 23:21 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Mietin tässä että toi " O4 - Startup: userinit.exe " voisi olla joku joka aiheuttaa ongelmia? On koko ajan kytkeytymässä mitä ihmeellisimmille palvelimille....
[ + lainaa]
Hujo
Suspended permanently
_ 		9. joulukuuta 2008 @ 23:30 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Vedä se fixsaten

O4 - Startup: userinit.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Koitas nyt tuota saada tehtyä

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi
[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 9. joulukuuta 2008 @ 23:36
CNiba
Newbie
_ 		10. joulukuuta 2008 @ 00:07 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
En tiedä miksei käynnisty kunnolla toi Malwarebytes' Anti-Malware mutta siis tuolla Winukan tehtävien hallinnassa se näkyy prosessit välilehdellä (mbam.exe) muuta ei sitten tapahdukkaan :(
[ + lainaa]
Hujo
Suspended permanently
_ 		10. joulukuuta 2008 @ 00:14 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Otetaas sitten

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

================

Niitaas toi pois koneelta

Sunbelt Personal Firewall

C:\Program Files\Sunbelt Personal Firewall
[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 10. joulukuuta 2008 @ 00:18
CNiba
Newbie
_ 		10. joulukuuta 2008 @ 00:29 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Ähh sama homma tälläkin kertaa. Näkyy tuolla tehtävien hallinnassa prosesseissa. Huomasin yhtäläisyyden kuitenkin muistin käytössä, käyttävät saman verran muistia (2212kt)

Mitäs palomuuriksi tuon Sunbeltin poiston jälkeen?
[ + lainaa]
Hujo
Suspended permanently
_ 		10. joulukuuta 2008 @ 00:54 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Pistä toi vintoosan oma päälle.

==============================

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

siintä alimaisesta luukusta ne virukset vain
[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 10. joulukuuta 2008 @ 00:55
CNiba
Newbie
_ 		10. joulukuuta 2008 @ 18:07 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Virus Log Information

File C:\WINDOWS\system32\drivers\services.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\DOCUME~1\DISASS~1\svchost.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\DOCUME~1\DISASS~1\KYNNIS~1\Ohjelmat\KYNNIS~1\userinit.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\WINDOWS\c20232.exe infected by "P2P-Worm.Win32.Small.au" Virus. Action Taken: File Deleted.
File C:\WINDOWS\gbg033414.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\WINDOWS\gncyq5.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\WINDOWS\gu58826.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\WINDOWS\hw5305.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\WINDOWS\nohh06760.exe infected by "Trojan.Win32.Agent.asjk" Virus. Action Taken: File Deleted.
File C:\WINDOWS\vtj708346.exe infected by "Trojan-Downloader.Win32.Agent.aswp" Virus. Action Taken: File Deleted.
File C:\WINDOWS\wuan364443.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\WINDOWS\ykgee3362.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\WINDOWS\system32\TDSSbrsr.dll infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\WINDOWS\system32\TDSSofxo.dll infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\WINDOWS\system32\TDSSqynh.dll infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\All Users\Tiedostot\Counter-Strike KeyGen.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\DivX 5.0 Pro KeyGen.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\FTP Cracker.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\IP Nuker.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\Keylogger.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\L0pht 4.0 Windows Password Cracker.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\Microsoft Visual Basic KeyGen.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\Microsoft Visual C++ KeyGen.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\Microsoft Visual Studio KeyGen.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\Norton Anti-Virus 2005 Enterprise Crack.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\Password Cracker.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\sdbot with NetBIOS Spread.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\Sub7 2.3 Private.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\UT 2003 KeyGen.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Disassembler\Local Settings\Temporary Internet Files\Content.IE5\W6JEOO7C\wssl712fro[1].exe infected by "Backdoor.Win32.KeyStart.k" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Disassembler\Työpöytä\catchme.zip infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Disassembler\Työpöytä\SDFix\backups\backups.zip infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\svchost.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\gnhfi.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Program Files\Trend Micro\HijackThis\backups\backup-20081209-235601-802-userinit.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Program Files\Trend Micro\HijackThis\backups\backup-20081209-235616-450-userinit.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031641.sys infected by "Backdoor.Win32.TDSS.bkw" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031711.dll infected by "Trojan.Win32.Agent.arvz" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031712.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031713.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031714.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031775.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031777.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031778.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031796.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031802.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031803.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031804.exe infected by "P2P-Worm.Win32.Small.au" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031805.exe infected by "Trojan-Downloader.Win32.VB.iqv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031806.exe infected by "Trojan-Downloader.Win32.VB.iqv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031807.exe infected by "Trojan-Downloader.Win32.VB.iqv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031808.exe infected by "Trojan-Downloader.Win32.VB.iqv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031809.exe infected by "Trojan.Win32.Agent.asjk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031810.exe infected by "Trojan-Downloader.Win32.Agent.aswp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031811.exe infected by "Trojan-Downloader.Win32.VB.iqv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031812.exe infected by "Trojan-Downloader.Win32.VB.iqv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031813.dll infected by "Backdoor.Win32.TDSS.asz" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031814.dll infected by "Backdoor.Win32.TDSS.blh" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031815.dll infected by "Backdoor.Win32.TDSS.atb" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031816.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031817.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031818.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031819.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031820.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031821.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031822.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031823.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031824.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031825.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\userinit.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Temp\TDSSc0bb.tmp infected by "BkCln.Unknown" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Temp\TDSSc771.tmp infected by "BkCln.Unknown" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Temp\TDSScc24.tmp infected by "BkCln.Unknown" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Temp\TDSSd339.tmp infected by "BkCln.Unknown" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Temp\TDSSd992.tmp infected by "BkCln.Unknown" Virus. Action Taken: File Deleted.
File G:\RegCleaner\Backups\userinit.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File H:\CD-Keys\Keymaker for Norton Antivirus 2005\tmg-nav2k5.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Musiikki\Bartos\01.Brak Pradu - Rah & Mini (PFK Kompany).mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Musiikki\Bartos\03.Spisz Juz - Siv-Kakaroto (PFK Kompany).mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Musiikki\Bartos\10.Nieme Kimo - Sliwka Tuitam (PFK Kompany).mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Musiikki\Bartos\14.Gdzie Robie Blad - Evah (FCS Records).mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Musiikki\Bartos\15.Obluda - O.S.T.R. (Tabasko).mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Musiikki\Bartos\16.Póltora - Bit-Bak (EBS).mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Musiikki\Bartos\17.Sciezka Dzwiekowa - Haem (PFK Kompany).mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Musiikki\Bartos\Borixon - A mialo byc tak pieknie.mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Musiikki\Bartos\HaKa (Onar, Borixon) - krec Dupa.mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Musiikki\Bartos\Sweet Noise & Peja - Jeden taki dzien.mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Ohjelmia\setup regclean 2008.exe tagged as not-a-virus:FraudTool.Win32.SpywareStop.fl. No Action Taken.
[ + lainaa]
Hujo
Suspended permanently
_ 		10. joulukuuta 2008 @ 19:54 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
ajas nyt toi Malwarebytes' Anti-Malware päivitä ensin
lähteekö pelaan


[ + lainaa]
Voiko tietsikka koskaan toimia?
CNiba
Newbie
_ 		10. joulukuuta 2008 @ 22:07 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lähti toimimaan. Mitäs seuraavaksi?

Malwarebytes' Anti-Malware 1.31
Tietokantaversio: 1482
Windows 5.1.2600 Service Pack 3

10.12.2008 22:05:29
mbam-log-2008-12-10 (22-05-22).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|G:\|H:\|)
Tarkistetut kohteet: 163652
Kulunut aika: 1 hour(s), 41 minute(s), 42 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 5
Saastuneita rekisteriarvoja: 4
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 1
Saastuneita tiedostoja: 8

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6c350dfc-885f-4296-82e3-6428dd982099} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> No action taken.

Saastuneita tiedostoja:
C:\Documents and Settings\Disassembler\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSlxar.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\TDSSb6a8.tmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Disassembler\Local Settings\Temp\TDSSbade.tmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Disassembler\Local Settings\Temp\TDSSbc17.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\TDSStktu.log (Trojan.TDSS) -> No action taken.
[ + lainaa]
Hujo
Suspended permanently
_ 		10. joulukuuta 2008 @ 22:13 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected

mahtokohan poistaa

=================

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

[ + lainaa]
Voiko tietsikka koskaan toimia?
CNiba
Newbie
_ 		10. joulukuuta 2008 @ 23:05 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Raportti poistojen jälkeen:


Malwarebytes' Anti-Malware 1.31
Tietokantaversio: 1482
Windows 5.1.2600 Service Pack 3

10.12.2008 22:39:38
mbam-log-2008-12-10 (22-39-38).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|G:\|H:\|)
Tarkistetut kohteet: 163652
Kulunut aika: 1 hour(s), 41 minute(s), 42 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 5
Saastuneita rekisteriarvoja: 4
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 1
Saastuneita tiedostoja: 8

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6c350dfc-885f-4296-82e3-6428dd982099} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
C:\Documents and Settings\Disassembler\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSlxar.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSb6a8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Disassembler\Local Settings\Temp\TDSSbade.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Disassembler\Local Settings\Temp\TDSSbc17.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSStktu.log (Trojan.TDSS) -> Quarantined and deleted successfully.


ComboFix 08-12-09.03 - Disassembler 2008-12-10 22:42:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.87 [GMT 2:00]
Running from: c:\documents and settings\Disassembler\Omat tiedostot\Mozilla lautaukset\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\npf.sys
c:\windows\system32\packet.dll
c:\windows\system32\TDSSmmvj.dat
c:\windows\system32\UCddMUtv.ini
c:\windows\system32\UCddMUtv.ini2
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-10 22:40 . 2008-12-10 22:40 <KANSIO> d-------- C:\32788R22FWJFW
2008-12-10 20:17 . 2008-12-10 20:17 <KANSIO> d-------- c:\documents and settings\Disassembler\Application Data\Malwarebytes
2008-12-10 20:17 . 2008-12-10 20:17 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-10 20:17 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-10 20:17 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-10 18:01 . 2008-12-10 18:01 0 --a------ C:\23990098.$$$
2008-12-10 11:10 . 2008-12-10 11:13 <KANSIO> d-------- C:\Downloads
2008-12-10 11:10 . 2008-12-10 11:13 <KANSIO> d-------- C:\Bases
2008-12-10 01:43 . 2008-12-10 18:08 <KANSIO> d-------- C:\Kaspersky
2008-12-10 01:32 . 2008-12-10 02:29 10,671 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-10 01:32 . 2008-12-10 02:29 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-12-10 01:06 . 2008-12-10 01:06 116,736 --a------ c:\windows\system32\nvsvc32.dll
2008-12-10 00:57 . 2008-04-14 18:12 1,034,240 --a--c--- c:\windows\system32\dllcache\explorer.exe
2008-12-10 00:57 . 2008-12-10 00:57 116,736 --a------ c:\windows\system32\ntos.dll
2008-12-09 22:16 . 2008-12-09 22:16 579,072 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-12-09 22:06 . 2008-12-09 22:07 <KANSIO> d-------- c:\windows\ERUNT
2008-12-09 17:48 . 2008-12-09 17:48 <KANSIO> dr------- c:\documents and settings\NetworkService\Suosikit
2008-12-09 16:58 . 2008-12-09 17:36 16 --a------ c:\windows\system32\coh.cache
2008-12-09 16:46 . 2008-12-10 02:29 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-09 16:46 . 2008-12-10 02:29 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2008-12-09 16:45 . 2008-12-10 02:29 <KANSIO> d-------- c:\program files\Symantec
2008-12-09 16:44 . 2008-12-10 02:32 <KANSIO> d-------- c:\program files\Common Files\Symantec Shared
2008-12-09 16:44 . 2008-12-10 02:28 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-12-09 16:39 . 2008-12-09 16:39 89,088 --a------ c:\windows\system32\atl71.dll
2008-12-09 15:22 . 2008-12-10 22:39 <KANSIO> d-------- c:\documents and settings\Disassembler\Application Data\Desktopicon
2008-12-09 15:18 . 2008-12-09 15:18 <KANSIO> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-09 15:15 . 2008-12-09 15:15 <KANSIO> d-------- c:\program files\Trend Micro
2008-12-08 22:50 . 2008-12-09 02:19 <KANSIO> d--h----- C:\$AVG8.VAULT$
2008-12-08 22:43 . 2008-12-09 15:25 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-08 20:35 . 2008-12-08 20:35 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
2008-11-27 16:02 . 2008-11-27 16:15 <KANSIO> d-------- c:\documents and settings\Disassembler\Application Data\vlc
2008-11-25 19:16 . 2008-11-25 19:16 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-21 13:00 . 2008-11-21 13:00 <KANSIO> d-------- c:\documents and settings\Disassembler\Application Data\Microsoft Games
2008-11-21 12:43 . 2008-11-21 12:43 32 --a------ c:\windows\CD_Start.INI
2008-11-12 06:08 . 2008-09-04 19:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 06:08 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 23:08 --------- d-----w c:\documents and settings\Disassembler\Application Data\BitTorrent
2008-12-09 22:57 361,600 ----a-w c:\windows\system32\drivers\tcpip.sys
2008-12-09 22:33 --------- d-----w c:\program files\Sunbelt Personal Firewall
2008-12-09 20:01 52,825 ----a-w c:\windows\system32\drivers\fwdrv.err
2008-12-09 14:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-09 13:27 --------- d-----w c:\program files\PeerGuardian2
2008-12-08 23:57 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-08 19:43 --------- d-----w c:\program files\DNA
2008-12-08 19:43 --------- d-----w c:\documents and settings\Disassembler\Application Data\DNA
2008-12-08 17:06 --------- d-----w c:\program files\Windows Desktop Search
2008-12-08 13:38 --------- d-----w c:\documents and settings\All Users\Application Data\eboostr
2008-12-07 22:09 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-07 20:29 --------- d-----w c:\documents and settings\Disassembler\Application Data\dvdcss
2008-12-03 22:14 138,512 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-27 14:15 --------- d-----w c:\documents and settings\Disassembler\Application Data\vlc
2008-11-25 17:16 --------- d-----w c:\program files\Java
2008-11-11 22:20 --------- d-----w c:\documents and settings\Disassembler\Application Data\Microgaming
2008-11-01 02:42 2,829 ----a-w c:\windows\War3Unin.pif
2008-11-01 02:42 139,264 ----a-w c:\windows\War3Unin.exe
2008-10-27 20:02 --------- d-----w c:\program files\yodm3D
2008-10-27 11:18 --------- d-----w c:\program files\Mplayer
2008-10-26 18:01 --------- d-----w c:\documents and settings\Disassembler\Application Data\mIRC
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 15:26 --------- d-----w c:\program files\MSXML 4.0
2008-10-21 19:57 --------- d-----w c:\documents and settings\All Users\Application Data\Age of Empires 3
2008-10-21 19:44 --------- d-----w c:\program files\Microsoft Silverlight
2008-09-08 06:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008090820080909\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Yodm3D"="c:\program files\yodm3D\Yodm3D.exe" [2007-04-21 2343936]
"PeerGuardian"="g:\security\Muita\PeerGuardian2\pg2.exe" [2005-09-18 1382400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-12-09 84640]
"osCheck"="g:\security\Isot ohjelmat\Norton Antivirus\osCheck.exe" [2008-12-09 26248]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"RivaTuner"="g:\rivatuner v2.20\RivaTuner.exe" [2008-11-19 2727936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"g:\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"g:\\Games\\AoE3\\age3.exe"=
"g:\\Games\\Settlers III\\Settlers3\\s3.exe"=
"g:\\DC++\\DCPlusPlus.exe"=
"g:\\Games\\Quake III Arena\\quake3.exe"=
"g:\\Namo WebEditor 2006\\bin\\WebEditor.exe"=
"g:\\Games\\Wolfenstein - Enemy Territory\\ET.exe"=
"g:\\Lancraft\\lancraft.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"32251:TCP"= 32251:TCP:BT1
"32251:UDP"= 32251:UDP:BT2
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{147a4870-9ef4-11dd-904f-00138f0cc8da}]
\Shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7192aee-962b-11dd-9048-00138f0cc8da}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7192aef-962b-11dd-9048-00138f0cc8da}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7192af2-962b-11dd-9048-00138f0cc8da}]
\Shell\AutoRun\command - I:\AutoRun.exe

*Newly Created Service* - ERASERSVC10824
.
Contents of the 'Scheduled Tasks' folder

2008-12-09 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Disassembler.job
- g:\security\ISOTOH~1\NORTON~1\Navw32.exe [2008-12-09 16:12]

2008-12-08 c:\windows\Tasks\RegClean Scheduled Scan.job
- g:\regclean\RegClean.exe []

2008-12-08 c:\windows\Tasks\RegClean Scheduled Scan.job
- G:\RegClean []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
HKU-Default-Run-[system] - c:\windows\system32\drivers\services.exe
HKU-Default-Run-winlogon - c:\documents and settings\LocalService\svchost.exe


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - g:\micros~1\Office12\EXCEL.EXE/3000
TCP: {AB645E0A-1A85-4ED2-BE71-3F06E79D9824} = 192.168.0.254

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\fscax.dll - O16 -: {9522589E-57B9-46C5-9A77-1F1C1CCBE550}
file:///C:/Documents%20and%20Settings/Disassembler/Local%20Settings/Temp/OnlineScanner/is2007ols/fscax.cab
FireFox -: Profile - c:\documents and settings\Disassembler\Application Data\Mozilla\Firefox\Profiles\x6fci580.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.trukz.com/login.asp
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
FF -: plugin - g:\mozilla firefox\plugins\np32dsw.dll
FF -: plugin - g:\mozilla firefox\plugins\npbittorrent.dll
FF -: plugin - g:\mozilla firefox\plugins\npdeploytk.dll
FF -: plugin - g:\mozilla firefox\plugins\npnul32.dll
FF -: plugin - g:\videolan vlc\npvlc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 22:48:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-12-10 23:00:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-10 21:00:44

Pre-Run: 11ÿ685ÿ638ÿ144 tavua vapaana
Post-Run: 11,661,959,168 tavua vapaana

225 --- E O F --- 2008-11-12 06:07:38
[ + lainaa]
Hujo
Suspended permanently
_ 		10. joulukuuta 2008 @ 23:09 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Ota uudestaan tuo sdfix ajo
[ + lainaa]
Voiko tietsikka koskaan toimia?
CNiba
Newbie
_ 		11. joulukuuta 2008 @ 00:03 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
SDFix: Version 1.230
Run by Disassembler on ke 10.12.2008 at 23:35

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\Documents and Settings\Disassembler\Ty?p?yt?\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 23:50:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSkqlg.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSkqlg.sys"
"TDSSl"="\systemroot\system32\TDSSofxo.dll"
"tdssservers"="\systemroot\system32\TDSSmmvj.dat"
"tdssmain"="\systemroot\system32\TDSSbrsr.dll"
"tdsslog"="\systemroot\system32\TDSSqynh.dll"
"tdssadw"="\systemroot\system32\TDSSxfic.dll"
"tdssinit"="\systemroot\system32\TDSSlxar.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSmphc.dll"
"tdsserrors"="\systemroot\system32\TDSSohxm.log"
"TDSSproc"="\systemroot\system32\TDSStktu.log"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSkqlg.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSkqlg.sys"
"TDSSl"="\systemroot\system32\TDSSofxo.dll"
"tdssservers"="\systemroot\system32\TDSSmmvj.dat"
"tdssmain"="\systemroot\system32\TDSSbrsr.dll"
"tdsslog"="\systemroot\system32\TDSSqynh.dll"
"tdssadw"="\systemroot\system32\TDSSxfic.dll"
"tdssinit"="\systemroot\system32\TDSSlxar.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSmphc.dll"
"tdsserrors"="\systemroot\system32\TDSSohxm.log"
"TDSSproc"="\systemroot\system32\TDSStktu.log"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSkqlg.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSkqlg.sys"
"TDSSl"="\systemroot\system32\TDSSofxo.dll"
"tdssservers"="\systemroot\system32\TDSSmmvj.dat"
"tdssmain"="\systemroot\system32\TDSSbrsr.dll"
"tdsslog"="\systemroot\system32\TDSSqynh.dll"
"tdssadw"="\systemroot\system32\TDSSxfic.dll"
"tdssinit"="\systemroot\system32\TDSSlxar.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSmphc.dll"
"tdsserrors"="\systemroot\system32\TDSSohxm.log"
"TDSSproc"="\systemroot\system32\TDSStktu.log"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E2871CFB-4094-7869-04E0-29E9F1D21B99}]
"abolcpchnpiefmiegklghaphknjdnpajbj"=hex:61,61,00,00
"bbolcpchnpiefmiegkggllfnpgfgedcjjoao"=hex:61,61,00,00

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"G:\\Microsoft Office\\Office12\\OUTLOOK.EXE"="G:\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"G:\\BitTorrent\\bittorrent.exe"="G:\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"G:\\Games\\AoE3\\age3.exe"="G:\\Games\\AoE3\\age3.exe:*:Enabled:Age of Empires 3"
"G:\\Games\\Settlers III\\Settlers3\\s3.exe"="G:\\Games\\Settlers III\\Settlers3\\s3.exe:*:Enabled:Siedler3"
"G:\\DC++\\DCPlusPlus.exe"="G:\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"G:\\Games\\Quake III Arena\\quake3.exe"="G:\\Games\\Quake III Arena\\quake3.exe:*:Enabled:quake3"
"G:\\Namo WebEditor 2006\\bin\\WebEditor.exe"="G:\\Namo WebEditor 2006\\bin\\WebEditor.exe:*:Enabled:Namo WebEditor 2006"
"G:\\Games\\Wolfenstein - Enemy Territory\\ET.exe"="G:\\Games\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"G:\\Lancraft\\lancraft.exe"="G:\\Lancraft\\lancraft.exe:*:Enabled:lancraft"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Mon 14 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Fri 18 Apr 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 21 Nov 2008 3,415,049 ...H. --- "C:\WINDOWS\SoftwareDistribution\Download\185eef7943a91504d68ff066bb71d0d4\BIT20F1.tmp"
Fri 14 Nov 2008 612,208 ...H. --- "C:\WINDOWS\SoftwareDistribution\Download\2766600936dfbf9e803279c3aa191b90\BIT20F0.tmp"
Fri 14 Nov 2008 246,351 ...H. --- "C:\WINDOWS\SoftwareDistribution\Download\4c49813f8f29dd0bae08c912ee93f282\BIT20EF.tmp"
Wed 10 Dec 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4f48480c3bff7fa275c02353aba158bb\BIT20F7.tmp"
Thu 10 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BITB.tmp"
Wed 10 Dec 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\541a242ef5b0244099b5f8fe5f67e56d\BIT20F5.tmp"
Wed 10 Dec 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7510764a379c454f8a63fd524057d801\BIT20F6.tmp"
Wed 10 Dec 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\84a238717dc2465f6fd0051d97281ba0\BIT20F4.tmp"
Fri 21 Nov 2008 2,131,121 ...H. --- "C:\WINDOWS\SoftwareDistribution\Download\916bfa969481cdaef14e1805a5f36838\BIT20EE.tmp"
Wed 10 Dec 2008 6,484,368 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a230a05628551da48a4372a7fdd80354\BIT20F2.tmp"
Thu 10 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\afa5528a2269b5106016bdbc1ea3037f\BITA.tmp"
Wed 10 Dec 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cfda6a5f0253f13aa506464213273105\BIT20F3.tmp"
Sun 20 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1d01f188c8132c12d35c3222b7723a4\BIT3.tmp"

Finished!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:02:07, on 11.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\RivaTuner v2.20\RivaTuner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\yodm3D\Yodm3D.exe
G:\Security\Muita\PeerGuardian2\pg2.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
G:\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "G:\Security\Isot ohjelmat\Norton Antivirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [RivaTuner] "G:\RivaTuner v2.20\RivaTuner.exe" /T
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\Program Files\yodm3D\Yodm3D.exe
O4 - HKCU\..\Run: [PeerGuardian] G:\Security\Muita\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DC++.lnk = G:\DC++\DCPlusPlus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: NordicBet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\NordicBetMPP\MPPoker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1207723355703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1207827973140
O16 - DPF: {9522589E-57B9-46C5-9A77-1F1C1CCBE550} (F-Secure Online Scanner 2.1 (CD version)) - file:///C:/Documents%20and%20Settings/Disassembler/Local%20Settings/Temp/OnlineScanner/is2007ols/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB645E0A-1A85-4ED2-BE71-3F06E79D9824}: NameServer = 192.168.0.254
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - G:\Security\Isot ohjelmat\Norton Antivirus\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - G:\Security\Firewalls\Sygate Personal Firewall\smc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 6973 bytes
[ + lainaa]
Hujo
Suspended permanently
_ 		11. joulukuuta 2008 @ 00:11 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

Älä tee muuta sillä voi aiheuttaa koneen jumiutumisen

[ + lainaa]
Voiko tietsikka koskaan toimia?
CNiba
Newbie
_ 		11. joulukuuta 2008 @ 01:44 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ G:\ H:\
Result: 3 malware found
TrackingCookie.Atdmt (spyware)

* System

TrackingCookie.Tradedoubler (spyware)

* System

Vundo.FBW (virus)

* C:\WINDOWS\SYSTEM32\KINKSXET.INI (Submitted)

Statistics
Scanned:

* Files: 44755
* System: 3481
* Not scanned: 7

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 3
* Submitted: 1

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
[ + lainaa]
Hujo
Suspended permanently
_ 		11. joulukuuta 2008 @ 05:57 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
ei olut F-Securen online skannerin säädöt niinkuin alla


* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna
[ + lainaa]
Voiko tietsikka koskaan toimia?
CNiba
Newbie
_ 		11. joulukuuta 2008 @ 15:40 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Scanning Report


Thursday, December 11, 2008 09:13:34 - 15:32:28

Computer name: HOMETUS
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ G:\ H:\

------------------------------------------------------------------------


Result: 2 malware found

TrackingCookie.Atdmt
<http://cgi.f-secure.com/cgi-bin/websearch/vsearch.cgi?q=TrackingCookie.Atdmt&orig='disk'>
(spyware)

* System

Vundo.FBW
<http://cgi.f-secure.com/cgi-bin/websearch/vsearch.cgi?q=Vundo.FBW&orig='disk'>
(virus)

* C:\WINDOWS\system32\kinksxet.ini (Submitted)

------------------------------------------------------------------------


Statistics

Scanned:

* Files: 260540
* System: 3474
* Not scanned: 60

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 2
* Submitted: 1

Files not scanned:

�-�

------------------------------------------------------------------------


Options

Scanning engines:

* F-Secure USS: 2.40.0
* F-Secure Blacklight: 2.4.1093
* F-Secure Hydra: 2.8.8110, 2008-12-11
* F-Secure Pegasus: 1.20.0, 2008-11-10
* F-Secure AVP: 7.0.171, 2008-12-11

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics

------------------------------------------------------------------------
[ + lainaa]
Hujo
Suspended permanently
_ 		12. joulukuuta 2008 @ 05:18 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
scannaa uusi hjtn loki

==========

katos nyt toi nortoni onko siinä palomuuria

==========

Mikäs on koneen tila
[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 12. joulukuuta 2008 @ 05:22
CNiba
Newbie
_ 		12. joulukuuta 2008 @ 15:36 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Ei ole nortonissa palomuuria. Jotain palomuuria jos vaikka viitsisit suositella? Ja nyt tuntuisi kone toimivan taas =)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:34:33, on 12.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\RivaTuner v2.20\RivaTuner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\yodm3D\Yodm3D.exe
G:\Security\Muita\PeerGuardian2\pg2.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\DC++\DCPlusPlus.exe
G:\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "G:\Security\Isot ohjelmat\Norton Antivirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [RivaTuner] "G:\RivaTuner v2.20\RivaTuner.exe" /T
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\Program Files\yodm3D\Yodm3D.exe
O4 - HKCU\..\Run: [PeerGuardian] G:\Security\Muita\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DC++.lnk = G:\DC++\DCPlusPlus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: NordicBet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\NordicBetMPP\MPPoker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1207723355703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1207827973140
O16 - DPF: {9522589E-57B9-46C5-9A77-1F1C1CCBE550} (F-Secure Online Scanner 2.1 (CD version)) - file:///C:/Documents%20and%20Settings/Disassembler/Local%20Settings/Temp/OnlineScanner/is2007ols/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB645E0A-1A85-4ED2-BE71-3F06E79D9824}: NameServer = 192.168.0.254
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - G:\Security\Isot ohjelmat\Norton Antivirus\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - G:\Security\Firewalls\Sygate Personal Firewall\smc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7066 bytes
[ + lainaa]
Hujo
Suspended permanently
_ 		12. joulukuuta 2008 @ 16:00 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Outpost Firewall http://www.agnitum.com/products/outpostfree/download.php

=================

ajas tuo

Trojan Remover
[ + lainaa]
Voiko tietsikka koskaan toimia?
CNiba
Newbie
_ 		12. joulukuuta 2008 @ 16:30 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.4.2551. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 16:23:55 12 joulu 2008
Using Database v7226
Operating System: Windows XP SP3 [Windows XP Home Edition Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Disassembler\Application Data\Simply Super Software\Trojan Remover\
Database directory: G:\Security\Muita\Trojan Remover\
Logfile directory: C:\Documents and Settings\Disassembler\Omat tiedostot\Simply Super Software\Trojan Remover Logfiles\
Program directory: G:\Security\Muita\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Nortons Anti-Virus

************************************************************


************************************************************
16:23:55: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
16:23:55: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
16:23:55: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
16:23:55: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1034240 bytes
Created: 9.4.2008
Modified: 14.4.2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515072 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
13574144 bytes
Created: 5.12.2007
Modified: 17.9.2008
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 5.12.2007
Modified: 17.9.2008
Company: NVIDIA Corporation
--------------------
Value Name: ccApp
Value Data: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
84640 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
--------------------
Value Name: osCheck
Value Data: "G:\Security\Isot ohjelmat\Norton Antivirus\osCheck.exe"
G:\Security\Isot ohjelmat\Norton Antivirus\osCheck.exe
26248 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
--------------------
Value Name: Symantec PIF AlertEng
Value Data: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created: 29.1.2008
Modified: 29.1.2008
Company: Symantec Corporation
--------------------
Value Name: RivaTuner
Value Data: "G:\RivaTuner v2.20\RivaTuner.exe" /T
G:\RivaTuner v2.20\RivaTuner.exe
2727936 bytes
Created: 19.11.2008
Modified: 19.11.2008
Company:
--------------------
Value Name: TrojanScanner
Value Data: G:\Security\Muita\Trojan Remover\Trjscan.exe /boot
G:\Security\Muita\Trojan Remover\Trjscan.exe
1233800 bytes
Created: 12.12.2008
Modified: 8.11.2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 18.10.2007
Modified: 18.10.2007
Company: Microsoft Corporation
--------------------
Value Name: Yodm3D
Value Data: C:\Program Files\yodm3D\Yodm3D.exe
C:\Program Files\yodm3D\Yodm3D.exe
2343936 bytes
Created: 27.10.2008
Modified: 21.4.2007
Company: Christian SALMON
--------------------
Value Name: PeerGuardian
Value Data: G:\Security\Muita\PeerGuardian2\pg2.exe
G:\Security\Muita\PeerGuardian2\pg2.exe
1382400 bytes
Created: 9.12.2008
Modified: 18.9.2005
Company: Methlabs
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty

************************************************************
16:23:58: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
16:23:58: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
16:23:58: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
16:23:58: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
16:23:59: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: 6to4
Path: %SystemRoot%\System32\6to4svc.dll
C:\WINDOWS\System32\6to4svc.dll
100352 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
--------------------
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
409088 bytes
Created: 9.4.2008
Modified: 14.4.2008
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: NwSapAgent
Path: %SystemRoot%\System32\ipxsap.dll
C:\WINDOWS\System32\ipxsap.dll
66560 bytes
Created: 16.9.2002
Modified: 16.9.2002
Company: Microsoft Corporation
--------------------

************************************************************
16:24:00: Scanning ----- SERVICES REGISTRY KEYS -----
Key: Adobe LM Service
ImagePath: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
72704 bytes
Created: 9.4.2008
Modified: 9.4.2008
Company: Adobe Systems
----------
Key: AmdK7
ImagePath: System32\DRIVERS\amdk7.sys
C:\WINDOWS\System32\DRIVERS\amdk7.sys
41728 bytes
Created: 9.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------
Key: Autodesk Licensing Service
ImagePath: "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
85096 bytes
Created: 6.9.2008
Modified: 6.9.2008
Company: Autodesk
----------
Key: Automatic LiveUpdate Scheduler
ImagePath: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
198336 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\DISASS~1\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: ccEvtMgr
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
105632 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: ccSetMgr
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
105632 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: CLTNetCnService
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
105632 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: cmuda
ImagePath: system32\drivers\cmuda.sys
C:\WINDOWS\system32\drivers\cmuda.sys
1368000 bytes
Created: 15.12.2005
Modified: 15.12.2005
Company: C-Media Inc
----------
Key: eeCtrl
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
371248 bytes
Created: 9.12.2008
Modified: 20.11.2008
Company: Symantec Corporation
----------
Key: EraserUtilRebootDrv
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
99376 bytes
Created: 10.12.2008
Modified: 20.11.2008
Company: Symantec Corporation
----------
Key: hwdatacard
ImagePath: system32\DRIVERS\ewusbmdm.sys
C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [file not found to scan]
----------
Key: IDriverT
ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created: 3.4.2005
Modified: 3.4.2005
Company: Macrovision Corporation
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------
Key: ISPwdSvc
ImagePath: "G:\Security\Isot ohjelmat\Norton Antivirus\isPwdSvc.exe"
G:\Security\Isot ohjelmat\Norton Antivirus\isPwdSvc.exe
79496 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 25.11.2008
Modified: 25.11.2008
Company: Sun Microsystems, Inc.
----------
Key: LiveUpdate
ImagePath: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
2528960 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: LiveUpdate Notice Ex
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
105632 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: LiveUpdate Notice Service
ImagePath: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created: 29.1.2008
Modified: 29.1.2008
Company: Symantec Corporation
----------
Key: msvsmon90
ImagePath: "G:\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90
G:\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
3004416 bytes
Created: 7.11.2007
Modified: 7.11.2007
Company: Microsoft Corporation
----------
Key: NAVENG
ImagePath: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081211.048\NAVENG.SYS
C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081211.048\NAVENG.SYS
89104 bytes
Created: 12.12.2008
Modified: 20.11.2008
Company: Symantec Corporation
----------
Key: NAVEX15
ImagePath: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081211.048\NAVEX15.SYS
C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081211.048\NAVEX15.SYS
876112 bytes
Created: 12.12.2008
Modified: 20.11.2008
Company: Symantec Corporation
----------
Key: NwlnkIpx
ImagePath: System32\DRIVERS\nwlnkipx.sys
C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys
88320 bytes
Created: 16.9.2002
Modified: 13.4.2008
Company: Microsoft Corporation
----------
Key: NwlnkNb
ImagePath: System32\DRIVERS\nwlnknb.sys
C:\WINDOWS\System32\DRIVERS\nwlnknb.sys
63232 bytes
Created: 16.9.2002
Modified: 16.9.2002
Company: Microsoft Corporation
----------
Key: NwlnkSpx
ImagePath: System32\DRIVERS\nwlnkspx.sys
C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys
55936 bytes
Created: 16.9.2002
Modified: 16.9.2002
Company: Microsoft Corporation
----------
Key: PnkBstrA
ImagePath: C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrA.exe
66872 bytes
Created: 3.11.2008
Modified: 3.11.2008
Company:
----------
Key: RivaTuner32
ImagePath: \??\G:\RivaTuner v2.20\RivaTuner32.sys
G:\RivaTuner v2.20\RivaTuner32.sys
9088 bytes
Created: 19.11.2008
Modified: 19.11.2008
Company:
----------
Key: SmcService
ImagePath: G:\Security\Firewalls\Sygate Personal Firewall\smc.exe
G:\Security\Firewalls\Sygate Personal Firewall\smc.exe [file not found to scan]
----------
Key: SPBBCDrv
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
406672 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: SRTSP
ImagePath: System32\Drivers\SRTSP.SYS
C:\WINDOWS\System32\Drivers\SRTSP.SYS
279088 bytes
Created: 30.11.2007
Modified: 30.11.2007
Company: Symantec Corporation
----------
Key: SRTSPL
ImagePath: System32\Drivers\SRTSPL.SYS
C:\WINDOWS\System32\Drivers\SRTSPL.SYS
317616 bytes
Created: 30.11.2007
Modified: 30.11.2007
Company: Symantec Corporation
----------
Key: SRTSPX
ImagePath: System32\Drivers\SRTSPX.SYS
C:\WINDOWS\System32\Drivers\SRTSPX.SYS
43696 bytes
Created: 30.11.2007
Modified: 30.11.2007
Company: Symantec Corporation
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{F5D74478-F400-433B-BBB4-E5DC5C085FCC}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------
Key: Symantec Core LC
ImagePath: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
1251720 bytes
Created: 9.12.2008
Modified: 10.12.2008
Company:
----------
Key: SymAppCore
ImagePath: "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
46736 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: SYMDNS
ImagePath: \SystemRoot\System32\Drivers\SYMDNS.SYS
C:\WINDOWS\System32\Drivers\SYMDNS.SYS
12848 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: SymEvent
ImagePath: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
123952 bytes
Created: 9.12.2008
Modified: 10.12.2008
Company: Symantec Corporation
----------
Key: SYMFW
ImagePath: \SystemRoot\System32\Drivers\SYMFW.SYS
C:\WINDOWS\System32\Drivers\SYMFW.SYS
146096 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: SYMIDS
ImagePath: \SystemRoot\System32\Drivers\SYMIDS.SYS
C:\WINDOWS\System32\Drivers\SYMIDS.SYS
39984 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: SYMIDSCO
ImagePath: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20081210.002\SymIDSCo.sys
C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20081210.002\SymIDSCo.sys
250224 bytes
Created: 10.12.2008
Modified: 5.12.2008
Company: Symantec Corporation
----------
Key: SYMNDIS
ImagePath: \SystemRoot\System32\Drivers\SYMNDIS.SYS
C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
35120 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: SYMREDRV
ImagePath: \SystemRoot\System32\Drivers\SYMREDRV.SYS
C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
27696 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: SYMTDI
ImagePath: \SystemRoot\System32\Drivers\SYMTDI.SYS
C:\WINDOWS\System32\Drivers\SYMTDI.SYS
187952 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: Tcpip6
ImagePath: System32\DRIVERS\tcpip6.sys
C:\WINDOWS\System32\DRIVERS\tcpip6.sys
225856 bytes
Created: 16.9.2002
Modified: 20.6.2008
Company: Microsoft Corporation
----------
Key: Teefer
ImagePath: SYSTEM32\Drivers\Teefer.sys
C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys [file not found to scan]
----------
Key: UnlockerDriver5
ImagePath: \??\G:\Security\Muita\Unlocker\UnlockerDriver5.sys
G:\Security\Muita\Unlocker\UnlockerDriver5.sys
4096 bytes
Created: 2.5.2008
Modified: 2.5.2008
Company:
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18.10.2007
Modified: 18.10.2007
Company: Microsoft Corporation
----------
Key: wg3n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg3n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [file not found to scan]
----------
Key: wg4n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg4n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [file not found to scan]
----------
Key: wg5n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg5n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [file not found to scan]
----------
Key: wg6n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg6n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [file not found to scan]
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25.10.2007
Modified: 25.10.2007
Company: Microsoft Corporation
----------
Key: wpsdrvnt
ImagePath: \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
C:\WINDOWS\system32\drivers\wpsdrvnt.sys [file not found to scan]
----------

************************************************************
16:24:07: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 9.4.2008
Modified: 28.2.2003
Company:
VxD Key = JAVASUP
----------
----------

************************************************************
16:24:07: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
16:24:08: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Autodesk.DWF.ContextMenu
CLSID: {6C18531F-CA85-45F7-8278-FF33CF0A5964}
Path: C:\Program Files\Common Files\Autodesk Shared\dwf Common\DWFShellExtension.dll
C:\Program Files\Common Files\Autodesk Shared\dwf Common\DWFShellExtension.dll
2915896 bytes
Created: 9.11.2006
Modified: 9.11.2006
Company: Autodesk, Inc.
----------
Key: PowerISO
CLSID: {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
File: [CLSID does not appear to reference a file]
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: Symantec.Norton.Antivirus.IEContextMenu
CLSID: {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
Path: G:\Security\ISOTOH~1\NORTON~1\NavShExt.dll
G:\Security\ISOTOH~1\NORTON~1\NavShExt.dll
173728 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path: G:\Security\Muita\TROJAN~1\Trshlex.dll
G:\Security\Muita\TROJAN~1\Trshlex.dll
467552 bytes
Created: 12.12.2008
Modified: 5.2.2007
Company: Simply Super Software
----------
Key: WinRAR
CLSID: {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Path: G:\WinRaR\rarext.dll
G:\WinRaR\rarext.dll
129024 bytes
Created: 9.4.2008
Modified: 20.9.2007
Company:
----------
Key: WS_FTP
CLSID: {797F3885-5429-11D4-8823-0050DA59922B}
Path: G:\Ipswitch WS_FTP Professional\wsftpsi.dll
G:\Ipswitch WS_FTP Professional\wsftpsi.dll
245760 bytes
Created: 9.4.2008
Modified: 22.6.2006
Company: Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421
----------

************************************************************
16:24:08: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {8A0BC933-7552-42E2-A228-3BE055777227}
File: C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
103016 bytes
Created: 12.2.2007
Modified: 12.2.2007
Company: Autodesk
----------

************************************************************
16:24:08: Scanning ----- BROWSER HELPER OBJECTS -----
No Browser Helper Objects found to scan

************************************************************
16:24:08: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
121856 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------

************************************************************
16:24:08: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
16:24:09: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
16:24:09: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
16:24:09: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
16:24:09: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\desktop.ini
-HS- 84 bytes
Created: 9.4.2008
Modified: 9.4.2008
Company:
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
16:24:09: Scanning ----- SCHEDULED TASKS -----
Taskname: Norton AntiVirus - Run Full System Scan - Disassembler.job
File: G:\Security\ISOTOH~1\NORTON~1\Navw32.exe
G:\Security\ISOTOH~1\NORTON~1\Navw32.exe
214688 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
Parameters: /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"
Next Run Time: 13.12.2008 3:00:00
Status: Tehtävää ei ole vielä suoritettu
Creator: Disassembler
Comments: This is a schedule scan task from Norton AntiVirus.
----------
Taskname: RegClean Scheduled Scan.job
File: G:\RegClean\RegClean.exe
Parameters: scheduled
Next Run Time: 13.12.2008 3:30:00
Status: Tehtävää ei ole vielä suoritettu
Creator: Disassembler
Comments: Runs RegClean to optimize your registry.
G:\RegClean\RegClean.exe [file not found to scan]
----------

************************************************************
16:24:09: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
Key: AutoCAD Digital Signatures Icon Overlay Handler
CLSID: {36A21736-36C2-4C11-8ACB-D4136F2B57BD}
File: C:\WINDOWS\system32\AcSignIcon.dll
C:\WINDOWS\system32\AcSignIcon.dll
44648 bytes
Created: 12.2.2007
Modified: 12.2.2007
Company: Autodesk, Inc.
----------

************************************************************
16:24:09: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Program Files\yodm3D\desktopwallpaper0.bmp
C:\Program Files\yodm3D\desktopwallpaper0.bmp
5760054 bytes
Created: 27.10.2008
Modified: 22.10.2008
Company:
----------
Web Desktop Wallpaper: %ProgramFiles%\yodm3D\desktopwallpaper0.bmp
C:\Program Files\yodm3D\desktopwallpaper0.bmp
5760054 bytes
Created: 27.10.2008
Modified: 22.10.2008
Company:
----------
Additional checks completed

************************************************************
16:24:10: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
--------------------
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
--------------------
C:\WINDOWS\system32\nvsvc32.exe
--------------------
C:\WINDOWS\system32\PnkBstrA.exe - file already scanned
--------------------
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
--------------------
C:\WINDOWS\system32\wdfmgr.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\system32\RUNDLL32.EXE
--------------------
C:\Program Files\Common Files\Symantec Shared\ccApp.exe - file already scanned
--------------------
G:\RivaTuner v2.20\RivaTuner.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe - file already scanned
--------------------
C:\Program Files\yodm3D\Yodm3D.exe - file already scanned
--------------------
G:\Security\Muita\PeerGuardian2\pg2.exe - file already scanned
--------------------
G:\DC++\DCPlusPlus.exe
--------------------
C:\Program Files\Windows Live\Messenger\usnsvc.exe - file already scanned
--------------------
C:\Program Files\Windows Live\Mail\wlmail.exe
--------------------
G:\Mozilla Firefox\firefox.exe
--------------------
C:\Documents and Settings\Disassembler\Application Data\Simply Super Software\Trojan Remover\acm9.exe
FileSize: 2888568
[This is a Trojan Remover component]
--------------------
--------------------

************************************************************
16:24:16: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
16:24:16: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
16:24:16: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=fi
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 16:24:16 12 joulu 2008
Total Scan time: 00:00:21
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.4.2551. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 16:10:05 12 joulu 2008
Using Database v7226
Operating System: Windows XP SP3 [Windows XP Home Edition Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Disassembler\Application Data\Simply Super Software\Trojan Remover\
Database directory: G:\Security\Muita\Trojan Remover\
Logfile directory: C:\Documents and Settings\Disassembler\Omat tiedostot\Simply Super Software\Trojan Remover Logfiles\
Program directory: G:\Security\Muita\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Nortons Anti-Virus

************************************************************


************************************************************
16:10:05: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
16:10:05: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
16:10:05: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
16:10:06: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1034240 bytes
Created: 9.4.2008
Modified: 14.4.2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515072 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
13574144 bytes
Created: 5.12.2007
Modified: 17.9.2008
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 5.12.2007
Modified: 17.9.2008
Company: NVIDIA Corporation
--------------------
Value Name: ccApp
Value Data: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
84640 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
--------------------
Value Name: osCheck
Value Data: "G:\Security\Isot ohjelmat\Norton Antivirus\osCheck.exe"
G:\Security\Isot ohjelmat\Norton Antivirus\osCheck.exe
26248 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
--------------------
Value Name: Symantec PIF AlertEng
Value Data: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created: 29.1.2008
Modified: 29.1.2008
Company: Symantec Corporation
--------------------
Value Name: RivaTuner
Value Data: "G:\RivaTuner v2.20\RivaTuner.exe" /T
G:\RivaTuner v2.20\RivaTuner.exe
2727936 bytes
Created: 19.11.2008
Modified: 19.11.2008
Company:
--------------------
Value Name: TrojanScanner
Value Data: G:\Security\Muita\Trojan Remover\Trjscan.exe /boot
G:\Security\Muita\Trojan Remover\Trjscan.exe
1233800 bytes
Created: 12.12.2008
Modified: 8.11.2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 18.10.2007
Modified: 18.10.2007
Company: Microsoft Corporation
--------------------
Value Name: Yodm3D
Value Data: C:\Program Files\yodm3D\Yodm3D.exe
C:\Program Files\yodm3D\Yodm3D.exe
2343936 bytes
Created: 27.10.2008
Modified: 21.4.2007
Company: Christian SALMON
--------------------
Value Name: PeerGuardian
Value Data: G:\Security\Muita\PeerGuardian2\pg2.exe
G:\Security\Muita\PeerGuardian2\pg2.exe
1382400 bytes
Created: 9.12.2008
Modified: 18.9.2005
Company: Methlabs
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty

************************************************************
16:10:10: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
16:10:10: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
16:10:10: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
16:10:10: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
16:10:10: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: 6to4
Path: %SystemRoot%\System32\6to4svc.dll
C:\WINDOWS\System32\6to4svc.dll
100352 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
--------------------
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
409088 bytes
Created: 9.4.2008
Modified: 14.4.2008
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: NwSapAgent
Path: %SystemRoot%\System32\ipxsap.dll
C:\WINDOWS\System32\ipxsap.dll
66560 bytes
Created: 16.9.2002
Modified: 16.9.2002
Company: Microsoft Corporation
--------------------

************************************************************
16:10:12: Scanning ----- SERVICES REGISTRY KEYS -----
Key: Adobe LM Service
ImagePath: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
72704 bytes
Created: 9.4.2008
Modified: 9.4.2008
Company: Adobe Systems
----------
Key: AmdK7
ImagePath: System32\DRIVERS\amdk7.sys
C:\WINDOWS\System32\DRIVERS\amdk7.sys
41728 bytes
Created: 9.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------
Key: Autodesk Licensing Service
ImagePath: "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
85096 bytes
Created: 6.9.2008
Modified: 6.9.2008
Company: Autodesk
----------
Key: Automatic LiveUpdate Scheduler
ImagePath: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
198336 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\DISASS~1\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: ccEvtMgr
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
105632 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: ccSetMgr
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
105632 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: CLTNetCnService
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
105632 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: cmuda
ImagePath: system32\drivers\cmuda.sys
C:\WINDOWS\system32\drivers\cmuda.sys
1368000 bytes
Created: 15.12.2005
Modified: 15.12.2005
Company: C-Media Inc
----------
Key: eeCtrl
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
371248 bytes
Created: 9.12.2008
Modified: 20.11.2008
Company: Symantec Corporation
----------
Key: EraserUtilRebootDrv
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
99376 bytes
Created: 10.12.2008
Modified: 20.11.2008
Company: Symantec Corporation
----------
Key: hwdatacard
ImagePath: system32\DRIVERS\ewusbmdm.sys
C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [file not found to scan]
----------
Key: IDriverT
ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created: 3.4.2005
Modified: 3.4.2005
Company: Macrovision Corporation
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------
Key: ISPwdSvc
ImagePath: "G:\Security\Isot ohjelmat\Norton Antivirus\isPwdSvc.exe"
G:\Security\Isot ohjelmat\Norton Antivirus\isPwdSvc.exe
79496 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 25.11.2008
Modified: 25.11.2008
Company: Sun Microsystems, Inc.
----------
Key: LiveUpdate
ImagePath: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
2528960 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: LiveUpdate Notice Ex
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
105632 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: LiveUpdate Notice Service
ImagePath: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created: 29.1.2008
Modified: 29.1.2008
Company: Symantec Corporation
----------
Key: msvsmon90
ImagePath: "G:\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90
G:\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
3004416 bytes
Created: 7.11.2007
Modified: 7.11.2007
Company: Microsoft Corporation
----------
Key: NAVENG
ImagePath: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081211.048\NAVENG.SYS
C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081211.048\NAVENG.SYS
89104 bytes
Created: 12.12.2008
Modified: 20.11.2008
Company: Symantec Corporation
----------
Key: NAVEX15
ImagePath: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081211.048\NAVEX15.SYS
C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081211.048\NAVEX15.SYS
876112 bytes
Created: 12.12.2008
Modified: 20.11.2008
Company: Symantec Corporation
----------
Key: NwlnkIpx
ImagePath: System32\DRIVERS\nwlnkipx.sys
C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys
88320 bytes
Created: 16.9.2002
Modified: 13.4.2008
Company: Microsoft Corporation
----------
Key: NwlnkNb
ImagePath: System32\DRIVERS\nwlnknb.sys
C:\WINDOWS\System32\DRIVERS\nwlnknb.sys
63232 bytes
Created: 16.9.2002
Modified: 16.9.2002
Company: Microsoft Corporation
----------
Key: NwlnkSpx
ImagePath: System32\DRIVERS\nwlnkspx.sys
C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys
55936 bytes
Created: 16.9.2002
Modified: 16.9.2002
Company: Microsoft Corporation
----------
Key: PnkBstrA
ImagePath: C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrA.exe
66872 bytes
Created: 3.11.2008
Modified: 3.11.2008
Company:
----------
Key: RivaTuner32
ImagePath: \??\G:\RivaTuner v2.20\RivaTuner32.sys
G:\RivaTuner v2.20\RivaTuner32.sys
9088 bytes
Created: 19.11.2008
Modified: 19.11.2008
Company:
----------
Key: SmcService
ImagePath: G:\Security\Firewalls\Sygate Personal Firewall\smc.exe
G:\Security\Firewalls\Sygate Personal Firewall\smc.exe [file not found to scan]
----------
Key: SPBBCDrv
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
406672 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: SRTSP
ImagePath: System32\Drivers\SRTSP.SYS
C:\WINDOWS\System32\Drivers\SRTSP.SYS
279088 bytes
Created: 30.11.2007
Modified: 30.11.2007
Company: Symantec Corporation
----------
Key: SRTSPL
ImagePath: System32\Drivers\SRTSPL.SYS
C:\WINDOWS\System32\Drivers\SRTSPL.SYS
317616 bytes
Created: 30.11.2007
Modified: 30.11.2007
Company: Symantec Corporation
----------
Key: SRTSPX
ImagePath: System32\Drivers\SRTSPX.SYS
C:\WINDOWS\System32\Drivers\SRTSPX.SYS
43696 bytes
Created: 30.11.2007
Modified: 30.11.2007
Company: Symantec Corporation
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{F5D74478-F400-433B-BBB4-E5DC5C085FCC}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------
Key: Symantec Core LC
ImagePath: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
1251720 bytes
Created: 9.12.2008
Modified: 10.12.2008
Company:
----------
Key: SymAppCore
ImagePath: "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
46736 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: SYMDNS
ImagePath: \SystemRoot\System32\Drivers\SYMDNS.SYS
C:\WINDOWS\System32\Drivers\SYMDNS.SYS
12848 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: SymEvent
ImagePath: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
123952 bytes
Created: 9.12.2008
Modified: 10.12.2008
Company: Symantec Corporation
----------
Key: SYMFW
ImagePath: \SystemRoot\System32\Drivers\SYMFW.SYS
C:\WINDOWS\System32\Drivers\SYMFW.SYS
146096 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: SYMIDS
ImagePath: \SystemRoot\System32\Drivers\SYMIDS.SYS
C:\WINDOWS\System32\Drivers\SYMIDS.SYS
39984 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: SYMIDSCO
ImagePath: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20081210.002\SymIDSCo.sys
C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20081210.002\SymIDSCo.sys
250224 bytes
Created: 10.12.2008
Modified: 5.12.2008
Company: Symantec Corporation
----------
Key: SYMNDIS
ImagePath: \SystemRoot\System32\Drivers\SYMNDIS.SYS
C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
35120 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: SYMREDRV
ImagePath: \SystemRoot\System32\Drivers\SYMREDRV.SYS
C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
27696 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: SYMTDI
ImagePath: \SystemRoot\System32\Drivers\SYMTDI.SYS
C:\WINDOWS\System32\Drivers\SYMTDI.SYS
187952 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: Tcpip6
ImagePath: System32\DRIVERS\tcpip6.sys
C:\WINDOWS\System32\DRIVERS\tcpip6.sys
225856 bytes
Created: 16.9.2002
Modified: 20.6.2008
Company: Microsoft Corporation
----------
Key: Teefer
ImagePath: SYSTEM32\Drivers\Teefer.sys
C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys [file not found to scan]
----------
Key: UnlockerDriver5
ImagePath: \??\G:\Security\Muita\Unlocker\UnlockerDriver5.sys
G:\Security\Muita\Unlocker\UnlockerDriver5.sys
4096 bytes
Created: 2.5.2008
Modified: 2.5.2008
Company:
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18.10.2007
Modified: 18.10.2007
Company: Microsoft Corporation
----------
Key: wg3n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg3n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [file not found to scan]
----------
Key: wg4n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg4n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [file not found to scan]
----------
Key: wg5n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg5n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [file not found to scan]
----------
Key: wg6n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg6n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [file not found to scan]
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25.10.2007
Modified: 25.10.2007
Company: Microsoft Corporation
----------
Key: wpsdrvnt
ImagePath: \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
C:\WINDOWS\system32\drivers\wpsdrvnt.sys [file not found to scan]
----------

************************************************************
16:10:20: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 9.4.2008
Modified: 28.2.2003
Company:
VxD Key = JAVASUP
----------
----------

************************************************************
16:10:20: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
16:10:21: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Autodesk.DWF.ContextMenu
CLSID: {6C18531F-CA85-45F7-8278-FF33CF0A5964}
Path: C:\Program Files\Common Files\Autodesk Shared\dwf Common\DWFShellExtension.dll
C:\Program Files\Common Files\Autodesk Shared\dwf Common\DWFShellExtension.dll
2915896 bytes
Created: 9.11.2006
Modified: 9.11.2006
Company: Autodesk, Inc.
----------
Key: PowerISO
CLSID: {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
File: [CLSID does not appear to reference a file]
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: Symantec.Norton.Antivirus.IEContextMenu
CLSID: {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
Path: G:\Security\ISOTOH~1\NORTON~1\NavShExt.dll
G:\Security\ISOTOH~1\NORTON~1\NavShExt.dll
173728 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path: G:\Security\Muita\TROJAN~1\Trshlex.dll
G:\Security\Muita\TROJAN~1\Trshlex.dll
467552 bytes
Created: 12.12.2008
Modified: 5.2.2007
Company: Simply Super Software
----------
Key: WinRAR
CLSID: {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Path: G:\WinRaR\rarext.dll
G:\WinRaR\rarext.dll
129024 bytes
Created: 9.4.2008
Modified: 20.9.2007
Company:
----------
Key: WS_FTP
CLSID: {797F3885-5429-11D4-8823-0050DA59922B}
Path: G:\Ipswitch WS_FTP Professional\wsftpsi.dll
G:\Ipswitch WS_FTP Professional\wsftpsi.dll
245760 bytes
Created: 9.4.2008
Modified: 22.6.2006
Company: Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421
----------

************************************************************
16:10:21: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {8A0BC933-7552-42E2-A228-3BE055777227}
File: C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
103016 bytes
Created: 12.2.2007
Modified: 12.2.2007
Company: Autodesk
----------

************************************************************
16:10:21: Scanning ----- BROWSER HELPER OBJECTS -----
No Browser Helper Objects found to scan

************************************************************
16:10:21: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
121856 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------

************************************************************
16:10:21: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
16:10:22: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
16:10:22: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
16:10:23: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
16:10:23: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\desktop.ini
-HS- 84 bytes
Created: 9.4.2008
Modified: 9.4.2008
Company:
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
16:10:24: Scanning ----- SCHEDULED TASKS -----
Taskname: Norton AntiVirus - Run Full System Scan - Disassembler.job
File: G:\Security\ISOTOH~1\NORTON~1\Navw32.exe
G:\Security\ISOTOH~1\NORTON~1\Navw32.exe
214688 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
Parameters: /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"
Next Run Time: 13.12.2008 3:00:00
Status: Tehtävää ei ole vielä suoritettu
Creator: Disassembler
Comments: This is a schedule scan task from Norton AntiVirus.
----------
Taskname: RegClean Scheduled Scan.job
File: G:\RegClean\RegClean.exe
Parameters: scheduled
Next Run Time: 13.12.2008 3:30:00
Status: Tehtävää ei ole vielä suoritettu
Creator: Disassembler
Comments: Runs RegClean to optimize your registry.
G:\RegClean\RegClean.exe [file not found to scan]
----------

************************************************************
16:10:24: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
Key: AutoCAD Digital Signatures Icon Overlay Handler
CLSID: {36A21736-36C2-4C11-8ACB-D4136F2B57BD}
File: C:\WINDOWS\system32\AcSignIcon.dll
C:\WINDOWS\system32\AcSignIcon.dll
44648 bytes
Created: 12.2.2007
Modified: 12.2.2007
Company: Autodesk, Inc.
----------

************************************************************
16:10:24: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
==============================
Restrictive Windows Explorer Policies found in force on this computer:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: NoSMHelp
All Policy Values listed have been removed
==============================
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Program Files\yodm3D\desktopwallpaper0.bmp
C:\Program Files\yodm3D\desktopwallpaper0.bmp
5760054 bytes
Created: 27.10.2008
Modified: 22.10.2008
Company:
----------
Web Desktop Wallpaper: %ProgramFiles%\yodm3D\desktopwallpaper0.bmp
C:\Program Files\yodm3D\desktopwallpaper0.bmp
5760054 bytes
Created: 27.10.2008
Modified: 22.10.2008
Company:
----------
Additional checks completed

************************************************************
16:10:50: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
--------------------
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
--------------------
C:\WINDOWS\system32\nvsvc32.exe
--------------------
C:\WINDOWS\system32\PnkBstrA.exe - file already scanned
--------------------
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
--------------------
C:\WINDOWS\system32\wdfmgr.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\Program Files\Common Files\Symantec Shared\ccApp.exe - file already scanned
--------------------
G:\RivaTuner v2.20\RivaTuner.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe - file already scanned
--------------------
C:\Program Files\yodm3D\Yodm3D.exe - file already scanned
--------------------
G:\Security\Muita\PeerGuardian2\pg2.exe - file already scanned
--------------------
C:\Program Files\Windows Live\Messenger\usnsvc.exe - file already scanned
--------------------
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe - file already scanned
--------------------
G:\DC++\DCPlusPlus.exe
--------------------
G:\Mozilla Firefox\firefox.exe
--------------------
C:\Program Files\Windows Live\Mail\wlmail.exe
--------------------
C:\Documents and Settings\Disassembler\Application Data\Simply Super Software\Trojan Remover\eqsC9.exe
FileSize: 2888568
[This is a Trojan Remover component]
--------------------
--------------------

************************************************************
16:10:55: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
16:10:55: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
16:10:55: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=fi
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 16:10:55 12 joulu 2008
Total Scan time: 00:00:49
************************************************************
[ + lainaa]
Mainos
_ 		__
 
_
Hujo
Suspended permanently
_ 		12. joulukuuta 2008 @ 18:03 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Ei muuta kuin Poistelet koneelta
SDFix
Combofix
C:\Bases
C:\Kaspersky

Kirjoita suorita luukkuun

Combofix /u

paina enter

Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

=======

Ootetaan uusia mörköjä koneelle :D



[ + lainaa]
Voiko tietsikka koskaan toimia?
 
Sivu:12>
Aiheeseen liittyviä linkkejä
Lataa uusin versio HijackThis-ohjelmasta täältä!
 
Aiheeseen liittyviä viestiketjuja Viestejä Viimeisin viesti Keskustelualue
HJT Logi 2 3. kesäkuuta 2014 Virukset ja haittaohjelmat - HijackThis -logit
HJT-logi ja vale-firefox ongelmia....virus koneella ? 4 6. toukokuuta 2014 Virukset ja haittaohjelmat - HijackThis -logit
HJT logi, kone jumittaa 1 3. huhtikuuta 2014 Virukset ja haittaohjelmat - HijackThis -logit
Näppäimistö sekoilee hjt log 1 2. huhtikuuta 2014 Virukset ja haittaohjelmat - HijackThis -logit
HJT-log ja Malwarebytes- log, Troijalainen? Apu tarpeen! 2 10. maaliskuuta 2014 Virukset ja haittaohjelmat - HijackThis -logit
HJT-loki, kone valtavan hidas ja perusskannereiden läpi ajamisella ei vaikutusta 1 19. helmikuuta 2014 Virukset ja haittaohjelmat - HijackThis -logit
probook 445 hjt-logit 1 19. tammikuuta 2014 Virukset ja haittaohjelmat - HijackThis -logit
HJT loki tarkastukseen 1 19. tammikuuta 2014 Virukset ja haittaohjelmat - HijackThis -logit
Win7 + HJT ongelma ja kummitteleva Mass effect 2 1 11. tammikuuta 2014 Windows -ongelmat
HJT-logia.. 1 9. tammikuuta 2014 Virukset ja haittaohjelmat - HijackThis -logit

 
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > hjt logi, vnrblock, ppcbooster ja p2pmax jotain vielä vikana
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy