Isukin koneen tarkistus HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:21, on 28.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\WINDOWS\system32\atwtusb.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\WINDOWS\vsnpstd.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Macrogaming\SweetIM\SweetIM.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Canon\CAL\CALMAIN.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {697F9823-9DD1-4F0D-9038-CF58B328D22E} - D:\WINDOWS\system32\vturs.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {51c16f14-bedc-7faa-1784-50061f86641f} - {f14668f1-6005-4871-aaf7-cdeb41f61c15} - D:\WINDOWS\system32\ukmlmrcl.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvMixerTray] D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [snpstd] D:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhenUSave] "D:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [SysProtect] D:\Program Files\SysProtect Free\USYP.exe /scan
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Rainlendar2] D:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Policies\Explorer\Run: [{B43830FD-07D0-1035-0818-040409100166}] "D:\Program Files\Common Files\{B43830FD-07D0-1035-0818-040409100166}\Update.exe" mc-110-12-0000272
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://D:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?38917062c73749c0a3d2fce43624c6e1
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://D:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?38917062c73749c0a3d2fce43624c6e1
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1213179095671
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EDB7EF4-95F4-4B43-86CE-DF06DEA4A964}: NameServer = 212.50.211.242 212.50.192.226
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rqRHyyYs - rqRHyyYs.dll (file missing)
O20 - Winlogon Notify: vturs - D:\WINDOWS\system32\vturs.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - D:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - file:///D:/DOCUME~1/Joonas/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 11672 bytes

Näkyykö mörköjä?

 

Kyllä täällä Näkyy !!!

-----------------
En tunnistanut palomuuria koneeltasi.
Asennukset on syytä tehdä Järjestelmänvalvojan tunnuksilla
Asenna koneellesi YKSI palomuuriohjelma NYT:

1) ZoneAlarm
2) Agnitum
3) Sunbelt/Kerio
4) Comodo

Jos käytät sisäänrakennettua Windowsin palomuuria, se ei ole suositeltua sillä se ei estä koneelta ulosmeneviä yhteyksiä.
Muista käyttää vain yhtä palomuuria kerrallaan.

-----------------------------------------------------------------------------

Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
Vistassa Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:

WhenUSave
SweetIM

--------------------------------------------------------

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

------------------------------------------------------------------

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe


Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)



Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

-----------------------------------------------------------------

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {697F9823-9DD1-4F0D-9038-CF58B328D22E} - D:\WINDOWS\system32\vturs.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: {51c16f14-bedc-7faa-1784-50061f86641f} - {f14668f1-6005-4871-aaf7-cdeb41f61c15} - D:\WINDOWS\system32\ukmlmrcl.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [WhenUSave] "D:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Policies\Explorer\Run: [{B43830FD-07D0-1035-0818-040409100166}] "D:\Program Files\Common Files\{B43830FD-07D0-1035-0818-040409100166}\Update.exe" mc-110-12-0000272
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: rqRHyyYs - rqRHyyYs.dll (file missing)
O20 - Winlogon Notify: vturs - D:\WINDOWS\system32\vturs.dll (file missing)

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
* Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
*

 

COMBOFIX LOKI

ComboFix 08-06-20.4 - Joonas 2008-06-28 20:54:13.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.624 [GMT 3:00]
Running from: D:\Documents and Settings\Joonas\Työpöytä\ComboFix.exe
Command switches used :: D:\Documents and Settings\Joonas\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
D:\WINDOWS\system32\rqRHyyYs.dll
D:\WINDOWS\system32\ukmlmrcl.dll
D:\WINDOWS\system32\vturs.dll
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Program Files\Macrogaming
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\emoticons_shortcut.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\lastuse_Audibles.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\lastuse_Emoticons.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\lastuse_SoundFX.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\lastuse_Winks.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\user_config.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\heiditervala@hotmail.com\emoticons_shortcut.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\heiditervala@hotmail.com\user_config.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\jonttu_1988@hotmail.com\emoticons_shortcut.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\jonttu_1988@hotmail.com\lastuse_Emoticons.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\jonttu_1988@hotmail.com\user_config.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\trotting89@hotmail.com\emoticons_shortcut.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\trotting89@hotmail.com\user_config.xml
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AE.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B0.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B2.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B7.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C9.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CB.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CC.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D9.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100DA.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100E8.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010107.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001010E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010111.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010119.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010814.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001084F.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010856.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010867.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010869.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001086A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001087D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010882.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010883.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088F.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010893.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010896.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010897.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010898.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010899.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A4.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A5.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A7.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A9.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AA.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108B1.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108B5.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108BE.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108C9.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108DD.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020058.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020059.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020061.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020062.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020071.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020073.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020075.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020077.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020082.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002008A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020096.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020098.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002009A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002009B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002009E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200A9.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200AF.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200BE.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C0.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C1.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200CA.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200CE.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200CF.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D0.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D2.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D3.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D8.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200ED.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200F0.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200F4.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002010E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020114.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002012D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020130.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013F.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020141.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020148.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002014A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002014C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002014E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020158.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002015B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002015C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020161.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020165.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020177.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020182.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020185.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020189.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002018C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002018E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020195.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002019D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201A4.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201A5.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201AD.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201B5.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201B8.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201D2.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201D6.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201DA.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201ED.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002020E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020233.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020236.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020266.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0003002C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00030033.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005F.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040022.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040029.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0004002B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0004002E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0004003E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040049.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0004005A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0004005E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040063.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040068.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040071.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000400A7.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000400B2.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000600A7.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000600E2.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\010108A7.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\01050001.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
D:\Program Files\Macrogaming\SweetIMBarForIE\Cache\cd2005c66fba47ff715ecc444d3bc1fb.xml
D:\WINDOWS\BMb70b03ce.xml
D:\WINDOWS\pskt.ini
D:\WINDOWS\system32\jcpmbrla.dll
D:\WINDOWS\system32\jnfhjjqt.dll
.
---- Previous Run -------
.
D:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
D:\Program Files\Common Files\{B4383~1
D:\Program Files\Common Files\companion wizard
D:\WINDOWS\service.exe
D:\WINDOWS\system32\csrs.exe
D:\WINDOWS\system32\mcrh.tmp
D:\WINDOWS\system32\MSINET.oca
D:\WINDOWS\system32\srutv.bak1
D:\WINDOWS\system32\srutv.bak2
D:\WINDOWS\system32\srutv.ini
D:\WINDOWS\system32\srutv.ini2
D:\WINDOWS\system32\srutv.tmp
D:\WINDOWS\system32\stera.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_FWSVC
-------\Legacy_MSUPDATE
-------\Legacy_VSPF
-------\Legacy_VSPF_HK


((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-28 to 2008-06-28 )))))))))))))))))
.

D:\ComboFix\CreateC00 .
2008-06-28 19:10 . 2008-06-28 19:10 <KANSIO> d-------- D:\Program Files\COMODO
2008-06-28 19:10 . 2008-06-28 19:10 <KANSIO> d-------- D:\Documents and Settings\Joonas\Application Data\Comodo
2008-06-28 19:10 . 2008-06-28 19:16 <KANSIO> d-------- D:\Documents and Settings\All Users\Application Data\comodo
2008-06-28 19:10 . 2008-06-28 19:10 143,104 --a------ D:\WINDOWS\system32\guard32.dll
2008-06-28 19:10 . 2008-06-28 19:10 87,056 --a------ D:\WINDOWS\system32\drivers\cmdguard.sys
2008-06-28 19:10 . 2008-06-28 19:10 24,208 --a------ D:\WINDOWS\system32\drivers\cmdhlp.sys
2008-06-28 17:36 . 2008-06-28 17:36 <KANSIO> d-------- D:\Program Files\Trend Micro
2008-06-12 21:52 . 2008-06-23 14:06 1,374 --a------ D:\WINDOWS\imsins.BAK
2008-06-12 09:24 . 2008-06-14 20:59 272,128 --------- D:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 09:24 . 2008-06-14 20:59 272,128 -----c--- D:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 18:01 . 2008-03-25 02:37 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl
2008-06-08 18:00 . 2008-06-08 18:00 <KANSIO> d-------- D:\Program Files\Common Files\Java
2008-06-08 15:41 . 2008-06-08 15:41 <KANSIO> d-------- D:\Program Files\Sun
2008-06-05 20:09 . 2008-06-23 13:50 <KANSIO> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-06-05 20:09 . 2008-06-05 20:09 <KANSIO> d-------- D:\Documents and Settings\Joonas\Application Data\Malwarebytes
2008-06-05 20:09 . 2008-06-05 20:09 <KANSIO> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-05 20:09 . 2008-06-19 17:48 34,296 --a------ D:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-05 20:09 . 2008-06-19 17:47 17,144 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ D:\Documents and Settings\Joonas\stp.exe
2008-06-02 15:12 . 2008-06-02 15:13 <KANSIO> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-02 15:11 . 2008-06-02 15:11 <KANSIO> d-------- D:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 12:19 --------- d-----w D:\Program Files\DC++
2008-06-08 15:01 --------- d-----w D:\Program Files\Java
2008-06-06 19:03 --------- d-----w D:\Documents and Settings\Joonas\Application Data\Skype
2008-06-06 16:04 --------- d-----w D:\Documents and Settings\Joonas\Application Data\skypePM
2008-06-05 13:57 --------- d-----w D:\Program Files\RegCure
2008-06-05 12:45 --------- d-----w D:\Program Files\BitComet
2008-06-05 12:34 --------- d-----w D:\Program Files\Pinnacle
2008-06-05 12:33 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-06-03 09:39 --------- d-----w D:\Program Files\Windows Live
2008-06-02 12:12 --------- d-----w D:\Program Files\Lavasoft
2008-06-02 12:12 --------- d-----w D:\Documents and Settings\Joonas\Application Data\Lavasoft
2008-05-31 13:07 --------- d-----w D:\Program Files\Yahoo!
2008-05-14 15:07 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-08 12:28 202,752 ----a-w D:\WINDOWS\system32\drivers\rmcast.sys
2008-04-29 08:20 15,648 ----a-w D:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w D:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w D:\WINDOWS\system32\drivers\Awrtpd.sys
2007-11-22 15:13 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-11-05 14:44 15,472,782 ----a-w D:\Program Files\Winamp.zip
2005-12-02 08:37 2,855,080 ----a-w D:\Program Files\aawsepersonal.exe
2007-01-18 21:09 8 --sh--r D:\WINDOWS\system32\D08186CC66.sys
2007-01-18 21:14 2,516 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-05_15.15.16.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 12:10:54 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2008-06-28 17:58:54 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2008-06-14 17:59:49 272,128 ------w D:\WINDOWS\Driver Cache\i386\bthport.sys
- 2000-08-31 05:00:00 28,160 ----a-w D:\WINDOWS\Nircmd.exe
+ 2000-08-31 05:00:00 28,672 ----a-w D:\WINDOWS\Nircmd.exe
- 2008-02-16 09:02:36 1,023,488 ----a-w D:\WINDOWS\system32\browseui.dll
+ 2008-04-21 07:02:46 1,023,488 ----a-w D:\WINDOWS\system32\browseui.dll
- 2008-02-16 09:02:36 151,552 ----a-w D:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 07:02:46 151,552 ----a-w D:\WINDOWS\system32\cdfview.dll
- 2008-02-16 09:02:37 1,055,232 ----a-w D:\WINDOWS\system32\danim.dll
+ 2008-04-21 07:02:47 1,055,232 ----a-w D:\WINDOWS\system32\danim.dll
- 2008-02-16 09:02:36 1,023,488 -c--a-w D:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 07:02:46 1,023,488 -c--a-w D:\WINDOWS\system32\dllcache\browseui.dll
- 2008-02-16 09:02:36 151,552 -c--a-w D:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 07:02:46 151,552 -c--a-w D:\WINDOWS\system32\dllcache\cdfview.dll
- 2008-02-16 09:02:37 1,055,232 -c--a-w D:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 07:02:47 1,055,232 -c--a-w D:\WINDOWS\system32\dllcache\danim.dll
- 2008-02-16 09:02:37 357,888 -c--a-w D:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 07:02:47 357,888 -c--a-w D:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-02-16 09:02:37 205,312 -c--a-w D:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:02:47 205,312 -c--a-w D:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-02-16 09:02:37 55,808 -c--a-w D:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 07:02:47 55,808 -c--a-w D:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-02-15 09:23:37 18,432 -c--a-w D:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-04-17 10:52:54 18,432 -c--a-w D:\WINDOWS\system32\dllcache\iedw.exe
- 2008-02-16 09:02:38 250,880 -c--a-w D:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 07:02:47 250,880 -c--a-w D:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-02-16 09:02:38 96,256 -c--a-w D:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 07:02:47 96,256 -c--a-w D:\WINDOWS\system32\dllcache\inseng.dll
- 2008-02-16 09:02:38 16,384 -c--a-w D:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 07:02:47 16,384 -c--a-w D:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-02-16 22:32:40 3,080,704 -c--a-w D:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 07:02:49 3,080,704 -c--a-w D:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-02-16 09:02:39 449,024 -c--a-w D:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 07:02:49 449,024 -c--a-w D:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-02-16 09:02:39 146,432 -c--a-w D:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 07:02:49 146,432 -c--a-w D:\WINDOWS\system32\dllcache\msrating.dll
- 2008-02-16 09:02:39 532,480 -c--a-w D:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 07:02:50 532,480 -c--a-w D:\WINDOWS\system32\dllcache\mstime.dll
- 2008-02-16 09:02:39 39,424 -c--a-w D:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 07:02:50 39,424 -c--a-w D:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:51 1,288,192 -c--a-w D:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:15:43 1,288,192 -c--a-w D:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w D:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w D:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-02-16 09:02:41 1,494,016 -c--a-w D:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 07:02:51 1,494,016 -c--a-w D:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-02-16 09:02:41 474,112 -c--a-w D:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 07:02:51 474,112 -c--a-w D:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-02-16 09:02:41 616,448 -c--a-w D:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 07:02:52 616,448 -c--a-w D:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-02-16 09:02:42 659,456 -c--a-w D:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 07:02:52 659,456 -c--a-w D:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-28 16:10:43 79,760 ----a-w D:\WINDOWS\system32\drivers\inspect.sys
- 2002-03-19 08:29:16 14,165 ------w D:\WINDOWS\system32\drivers\Pclepci.sys
+ 2002-03-19 07:29:16 14,165 ------w D:\WINDOWS\system32\drivers\Pclepci.sys
- 2008-02-16 09:02:37 357,888 ----a-w D:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 07:02:47 357,888 ----a-w D:\WINDOWS\system32\dxtmsft.dll
- 2008-02-16 09:02:37 205,312 ----a-w D:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 07:02:47 205,312 ----a-w D:\WINDOWS\system32\dxtrans.dll
- 2008-02-16 09:02:37 55,808 ----a-w D:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 07:02:47 55,808 ----a-w D:\WINDOWS\system32\extmgr.dll
- 2008-04-10 05:01:51 329,888 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-06 11:18:53 309,992 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT
- 2008-02-16 09:02:38 250,880 ----a-w D:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 07:02:47 250,880 ----a-w D:\WINDOWS\system32\iepeers.dll
- 2008-02-16 09:02:38 96,256 ----a-w D:\WINDOWS\system32\inseng.dll
+ 2008-04-21 07:02:47 96,256 ----a-w D:\WINDOWS\system32\inseng.dll
- 2005-11-10 08:27:06 49,248 -c--a-w D:\WINDOWS\system32\java.exe
+ 2008-03-24 22:28:39 135,168 ----a-w D:\WINDOWS\system32\java.exe
- 2005-11-10 08:27:16 49,250 -c--a-w D:\WINDOWS\system32\javaw.exe
+ 2008-03-24 22:28:43 135,168 ----a-w D:\WINDOWS\system32\javaw.exe
- 2005-11-10 10:03:54 127,078 -c--a-w D:\WINDOWS\system32\javaws.exe
+ 2008-03-24 23:37:01 139,264 ----a-w D:\WINDOWS\system32\javaws.exe
- 2008-02-16 09:02:38 16,384 ----a-w D:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 07:02:47 16,384 ----a-w D:\WINDOWS\system32\jsproxy.dll
+ 2007-07-30 23:25:54 142,696 ----a-w D:\WINDOWS\system32\MicrosoftUpdateCatalogWebControl.dll
- 2008-05-09 11:35:06 16,863,864 ----a-w D:\WINDOWS\system32\MRT.exe
+ 2008-05-29 13:35:12 17,486,968 ----a-w D:\WINDOWS\system32\MRT.exe
- 2008-02-16 22:32:40 3,080,704 ----a-w D:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 07:02:49 3,080,704 ----a-w D:\WINDOWS\system32\mshtml.dll
- 2008-02-16 09:02:39 449,024 ----a-w D:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 07:02:49 449,024 ----a-w D:\WINDOWS\system32\mshtmled.dll
- 2008-02-16 09:02:39 146,432 ----a-w D:\WINDOWS\system32\msrating.dll
+ 2008-04-21 07:02:49 146,432 ----a-w D:\WINDOWS\system32\msrating.dll
- 2008-02-16 09:02:39 532,480 ----a-w D:\WINDOWS\system32\mstime.dll
+ 2008-04-21 07:02:50 532,480 ----a-w D:\WINDOWS\system32\mstime.dll
- 2008-02-16 09:02:39 39,424 ----a-w D:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 07:02:50 39,424 ----a-w D:\WINDOWS\system32\pngfilt.dll
- 2007-10-29 22:43:51 1,288,192 ----a-w D:\WINDOWS\system32\quartz.dll
+ 2008-05-07 05:15:43 1,288,192 ----a-w D:\WINDOWS\system32\quartz.dll
- 2008-02-16 09:02:41 1,494,016 ----a-w D:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 07:02:51 1,494,016 ----a-w D:\WINDOWS\system32\shdocvw.dll
- 2008-02-16 09:02:41 474,112 ----a-w D:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 07:02:51 474,112 ----a-w D:\WINDOWS\system32\shlwapi.dll
- 2006-10-16 13:10:58 14,640 ------w D:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:02 17,272 ------w D:\WINDOWS\system32\spmsg.dll
- 2008-02-16 09:02:41 616,448 ----a-w D:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 07:02:52 616,448 ----a-w D:\WINDOWS\system32\urlmon.dll
- 2008-02-16 09:02:42 659,456 ----a-w D:\WINDOWS\system32\wininet.dll
+ 2008-04-21 07:02:52 659,456 ----a-w D:\WINDOWS\system32\wininet.dll
- 2008-02-15 23:03:12 357,888 ----a-w D:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 11:03:44 357,888 ----a-w D:\WINDOWS\system32\xpsp3res.dll
+ 2008-06-28 17:59:11 16,384 ----atw D:\WINDOWS\Temp\Perflib_Perfdata_704.dat
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{697F9823-9DD1-4F0D-9038-CF58B328D22E}]
D:\WINDOWS\system32\vturs.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"WhenUSave"="D:\Program Files\Save\Save.exe" [ ]
"SysProtect"="D:\Program Files\SysProtect Free\USYP.exe" [ ]
"Rainlendar2"="D:\Program Files\Rainlendar2\Rainlendar2.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 21:10 339968]
"NvMixerTray"="D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe" [2004-03-03 14:30 131072]
"HP Component Manager"="D:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54 241664]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2006-06-21 20:14 35328]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"Adobe Photo Downloader"="D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 01:18 57344]
"Emurayden PSX Emulator"="" []
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2006-08-18 13:40 282624]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 17:57 133016]
"atwtusb"="atwtusb.exe" [2005-03-09 18:29 290816 D:\WINDOWS\system32\atwtusb.exe]
"GrooveMonitor"="D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"snpstd"="D:\WINDOWS\vsnpstd.exe" [2005-10-11 14:54 339968]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"COMODO Firewall Pro"="D:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-28 19:10 1655552]
"combofix"="D:\WINDOWS\system32\CF19969.exe" [2004-09-14 17:12 390656]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{B43830FD-07D0-1035-0818-040409100166}"= "D:\Program Files\Common Files\{B43830FD-07D0-1035-0818-040409100166}\Update.exe" mc-110-12-0000272

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRHyyYs]
rqRHyyYs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturs]
D:\WINDOWS\system32\vturs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= D:\WINDOWS\system32\guard32.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= D:\PROGRA~1\ffdshow\ffdshow.ax

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"D:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Pelit\\BF2\\BF2.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12414:TCP"= 12414:TCP:*isabled:BitComet 12414 TCP
"12414:UDP"= 12414:UDP:*isabled:BitComet 12414 UDP

R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;D:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-06-28 19:10]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;D:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-06-28 19:10]
R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S1 aiptektp;HyperPen;D:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 17:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23d6a943-048b-11dd-9f87-00508d65c7ab}]
\Shell\AutoRun\command - L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
\Shell\open\command - L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e871ef03-3a4e-11d9-bb0c-806d6172696f}]
\Shell\AutoRun\command - E:\Autorun.exe root.ini

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-06-28 17:59:19 D:\WINDOWS\Tasks\RegCure Program Check.job"
- D:\Program Files\RegCure\RegCure.exe
"2008-06-05 02:37:30 D:\WINDOWS\Tasks\RegCure.job"
- D:\Program Files\RegCure\RegCure.exe
"2008-06-28 17:10:05 D:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"




MALWARE LOKI

Malwarebytes' Anti-Malware 1.18
Tietokantaversio: 898

20:41:48 28.6.2008
mbam-log-6-28-2008 (20-41-48).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|K:\|)
Tarkistetut kohteet: 151608
Kulunut aika: 1 hour(s), 17 minute(s), 49 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 1
Saastuneita rekisteriavaimia: 3
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 2

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
D:\WINDOWS\system32\ukmlmrcl.dll (Trojan.Vundo) -> Unloaded module successfully.

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\CLSID\{f14668f1-6005-4871-aaf7-cdeb41f61c15} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f14668f1-6005-4871-aaf7-cdeb41f61c15} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
D:\WINDOWS\system32\ukmlmrcl.dll (Trojan.Vundo) -> Delete on reboot.
D:\Documents and Settings\Joonas\Local Settings\Temporary Internet Files\Content.IE5\7WL4FBFS\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.





HJT LOKI

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20, on 2008-06-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\WINDOWS\system32\atwtusb.exe
D:\WINDOWS\vsnpstd.exe
D:\Program Files\COMODO\Firewall\cfp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
D:\Program Files\COMODO\Firewall\cmdagent.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Canon\CAL\CALMAIN.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvMixerTray] D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [snpstd] D:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [combofix] D:\WINDOWS\system32\CF19969.exe /c D:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SysProtect] D:\Program Files\SysProtect Free\USYP.exe /scan
O4 - HKCU\..\Run: [Rainlendar2] D:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://D:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?38917062c73749c0a3d2fce43624c6e1
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://D:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?38917062c73749c0a3d2fce43624c6e1
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1213179095671
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EDB7EF4-95F4-4B43-86CE-DF06DEA4A964}: NameServer = 212.50.211.242 212.50.192.226
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - D:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - D:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - file:///D:/DOCUME~1/Joonas/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 9595 bytes

 

Ilme kirkastui kummasti !!!

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)



Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Lähetä => (C:\ComboFix.txt)
.

 

ComboFix 08-07-01.3 - Joonas 2008-07-02 19:06:36.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.604 [GMT 3:00]
Running from: D:\Documents and Settings\Joonas\Työpöytä\ComboFix.exe
Command switches used :: D:\Documents and Settings\Joonas\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
D:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
D:\Program Files\Common Files\{B4383~1
D:\Program Files\Common Files\companion wizard
D:\Program Files\Macrogaming
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\emoticons_shortcut.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\lastuse_Audibles.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\lastuse_Emoticons.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\lastuse_SoundFX.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\lastuse_Winks.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\user_config.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\heiditervala@hotmail.com\emoticons_shortcut.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\heiditervala@hotmail.com\user_config.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\jonttu_1988@hotmail.com\emoticons_shortcut.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\jonttu_1988@hotmail.com\lastuse_Emoticons.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\jonttu_1988@hotmail.com\user_config.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\trotting89@hotmail.com\emoticons_shortcut.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\trotting89@hotmail.com\user_config.xml
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AE.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B0.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B2.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B7.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C9.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CB.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CC.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D9.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100DA.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100E8.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010107.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001010E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010111.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010119.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010814.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001084F.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010856.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010867.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010869.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001086A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001087D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010882.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010883.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088F.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010893.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010896.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010897.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010898.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010899.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A4.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A5.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A7.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A9.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AA.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108B1.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108B5.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108BE.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108C9.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108DD.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020058.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020059.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020061.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020062.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020071.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020073.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020075.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020077.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020082.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002008A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020096.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020098.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002009A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002009B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002009E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200A9.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200AF.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200BE.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C0.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C1.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200CA.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200CE.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200CF.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D0.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D2.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D3.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D8.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200ED.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200F0.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200F4.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002010E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020114.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002012D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020130.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013F.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020141.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020148.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002014A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002014C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002014E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020158.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002015B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002015C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020161.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020165.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020177.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020182.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020185.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020189.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002018C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002018E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020195.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002019D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201A4.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201A5.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201AD.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201B5.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201B8.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201D2.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201D6.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201DA.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201ED.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002020E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020233.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020236.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020266.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0003002C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00030033.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005F.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040022.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040029.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0004002B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0004002E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0004003E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040049.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0004005A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0004005E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040063.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040068.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040071.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000400A7.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000400B2.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000600A7.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000600E2.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\010108A7.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\01050001.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
D:\Program Files\Macrogaming\SweetIMBarForIE\Cache\cd2005c66fba47ff715ecc444d3bc1fb.xml
D:\WINDOWS\BMb70b03ce.xml
D:\WINDOWS\pskt.ini
D:\WINDOWS\service.exe
D:\WINDOWS\system32\csrs.exe
D:\WINDOWS\system32\jcpmbrla.dll
D:\WINDOWS\system32\jnfhjjqt.dll
D:\WINDOWS\system32\mcrh.tmp
D:\WINDOWS\system32\MSINET.oca
D:\WINDOWS\system32\srutv.bak1
D:\WINDOWS\system32\srutv.bak2
D:\WINDOWS\system32\srutv.ini
D:\WINDOWS\system32\srutv.ini2
D:\WINDOWS\system32\srutv.tmp
D:\WINDOWS\system32\stera.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_FWSVC
-------\Legacy_MSUPDATE
-------\Legacy_VSPF
-------\Legacy_VSPF_HK


((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-06-02 to 2008-07-02 )))))))))))))))))
.

2008-06-28 19:10 . 2008-06-28 19:10 <KANSIO> d-------- D:\Program Files\COMODO
2008-06-28 19:10 . 2008-06-28 19:10 <KANSIO> d-------- D:\Documents and Settings\Joonas\Application Data\Comodo
2008-06-28 19:10 . 2008-06-28 19:16 <KANSIO> d-------- D:\Documents and Settings\All Users\Application Data\comodo
2008-06-28 19:10 . 2008-06-28 19:10 143,104 --a------ D:\WINDOWS\system32\guard32.dll
2008-06-28 19:10 . 2008-06-28 19:10 87,056 --a------ D:\WINDOWS\system32\drivers\cmdguard.sys
2008-06-28 19:10 . 2008-06-28 19:10 24,208 --a------ D:\WINDOWS\system32\drivers\cmdhlp.sys
2008-06-28 17:36 . 2008-06-28 17:36 <KANSIO> d-------- D:\Program Files\Trend Micro
2008-06-12 21:52 . 2008-06-23 14:06 1,374 --a------ D:\WINDOWS\imsins.BAK
2008-06-12 09:24 . 2008-06-14 20:59 272,128 --------- D:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 09:24 . 2008-06-14 20:59 272,128 -----c--- D:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 18:01 . 2008-03-25 02:37 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl
2008-06-08 18:00 . 2008-06-08 18:00 <KANSIO> d-------- D:\Program Files\Common Files\Java
2008-06-08 15:41 . 2008-06-08 15:41 <KANSIO> d-------- D:\Program Files\Sun
2008-06-05 20:09 . 2008-06-23 13:50 <KANSIO> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-06-05 20:09 . 2008-06-05 20:09 <KANSIO> d-------- D:\Documents and Settings\Joonas\Application Data\Malwarebytes
2008-06-05 20:09 . 2008-06-05 20:09 <KANSIO> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-05 20:09 . 2008-06-19 17:48 34,296 --a------ D:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-05 20:09 . 2008-06-19 17:47 17,144 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ D:\Documents and Settings\Joonas\stp.exe
2008-06-02 15:12 . 2008-06-02 15:13 <KANSIO> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-02 15:11 . 2008-06-02 15:11 <KANSIO> d-------- D:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 12:19 --------- d-----w D:\Program Files\DC++
2008-06-08 15:01 --------- d-----w D:\Program Files\Java
2008-06-06 19:03 --------- d-----w D:\Documents and Settings\Joonas\Application Data\Skype
2008-06-06 16:04 --------- d-----w D:\Documents and Settings\Joonas\Application Data\skypePM
2008-06-05 13:57 --------- d-----w D:\Program Files\RegCure
2008-06-05 12:45 --------- d-----w D:\Program Files\BitComet
2008-06-05 12:34 --------- d-----w D:\Program Files\Pinnacle
2008-06-05 12:33 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-06-03 09:39 --------- d-----w D:\Program Files\Windows Live
2008-06-02 12:12 --------- d-----w D:\Program Files\Lavasoft
2008-06-02 12:12 --------- d-----w D:\Documents and Settings\Joonas\Application Data\Lavasoft
2008-05-31 13:07 --------- d-----w D:\Program Files\Yahoo!
2008-05-16 08:58 12,632 ----a-w D:\WINDOWS\system32\lsdelete.exe
2008-05-14 15:07 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-08 12:28 202,752 ----a-w D:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w D:\WINDOWS\system32\quartz.dll
2008-04-21 07:02 659,456 ----a-w D:\WINDOWS\system32\wininet.dll
2007-11-22 15:13 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-11-05 14:44 15,472,782 ----a-w D:\Program Files\Winamp.zip
2005-12-02 08:37 2,855,080 ----a-w D:\Program Files\aawsepersonal.exe
2007-01-18 21:09 8 --sh--r D:\WINDOWS\system32\D08186CC66.sys
2007-01-18 21:14 2,516 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2008-06-28_21.03.53.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-28 17:58:54 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2008-07-02 15:50:48 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2008-07-02 15:51:08 16,384 ----atw D:\WINDOWS\Temp\Perflib_Perfdata_700.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 21:10 339968]
"NvMixerTray"="D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe" [2004-03-03 14:30 131072]
"HP Component Manager"="D:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54 241664]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"Adobe Photo Downloader"="D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 01:18 57344]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 17:57 133016]
"snpstd"="D:\WINDOWS\vsnpstd.exe" [2005-10-11 14:54 339968]
"COMODO Firewall Pro"="D:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-28 19:10 1655552]
"atwtusb"="atwtusb.exe" [2005-03-09 18:29 290816 D:\WINDOWS\system32\atwtusb.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]

D:\Documents and Settings\Joonas\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
OneNote 2007 -n„ytt”leikkeet ja Launcher.lnk - D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

D:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38 241664]
HP Image Zone -pikak„ynnistys.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= D:\WINDOWS\system32\guard32.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= D:\PROGRA~1\ffdshow\ffdshow.ax

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"D:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Pelit\\BF2\\BF2.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12414:TCP"= 12414:TCP:*isabled:BitComet 12414 TCP
"12414:UDP"= 12414:UDP:*isabled:BitComet 12414 UDP

R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;D:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-06-28 19:10]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;D:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-06-28 19:10]
R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S1 aiptektp;HyperPen;D:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 17:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23d6a943-048b-11dd-9f87-00508d65c7ab}]
\Shell\AutoRun\command - L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
\Shell\open\command - L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e871ef03-3a4e-11d9-bb0c-806d6172696f}]
\Shell\AutoRun\command - E:\Autorun.exe root.ini

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-07-02 15:51:15 D:\WINDOWS\Tasks\RegCure Program Check.job"
- D:\Program Files\RegCure\RegCure.exe
"2008-06-05 02:37:30 D:\WINDOWS\Tasks\RegCure.job"
- D:\Program Files\RegCure\RegCure.exe
"2008-07-01 10:10:01 D:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SysProtect - D:\Program Files\SysProtect Free\USYP.exe
HKCU-Run-Rainlendar2 - D:\Program Files\Rainlendar2\Rainlendar2.exe
HKLM-Run-combofix - D:\WINDOWS\system32\CF19969.exe
HKLM-Run-Emurayden PSX Emulator - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 19:08:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-02 19:09:39
ComboFix-quarantined-files.txt 2008-07-02 16:09:30

Pre-Run: 34,506,285,056 tavua vapaana
Post-Run: 34,496,245,760 tavua vapaana

341 --- E O F --- 2008-07-01 09:27:43

 

Muuten olis hyvä, mutta => ise32.exe vain poikii.

se tarvii SDFixin:

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä kone vikasietotilaan => OHJE

- Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix.exe) työpöydälle. Tuplakilikkaa työpöydälle ilmestynyttä sdfix.exe tiedostoa. Tiedosto purkaantuu ja asentaa itsensä siihen levyasemaan, minne on käyttöjärjestelmä on asennettu ja juureen ilmestyy kansio SDFix, ESIM C:\SDFix
Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.cmd tai RunThis.bat käynnistääksesi ohjelman.
Paina Y käynnistääksesi skriptin.
Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.

Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.
.

 

SDFix: Version 1.201
Run by Joonas on pe 04.07.2008 at 10:10

Microsoft Windows XP [versio 5.1.2600]
Running From: D:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 10:16:41
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:c5d80fd6
"s2"=dword:cbc09f4f
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:b7,13,fb,c5,49,99,8a,ec,ac,30,c6,64,4b,b7,11,f3,94,01,9e,0b,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:8a,d3,51,6f,08,62,53,54,28,98,96,32,3e,95,32,55,40,d9,f9,ac,c9,..
"p0"="D:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,06,a1,7e,7e,1f,b4,b8,2b,a2,60,58,1a,d6,c0,de,a8,e8,..
"khjeh"=hex:cb,1b,8a,63,13,29,a7,79,61,fd,db,6f,7d,60,74,4a,6f,10,29,81,de,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a5,e8,da,53,f0,56,e6,7c,7f,2a,a1,bf,fd,38,97,35,16,e0,cb,fd,43,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:e2,61,f4,5d,4c,d6,34,75,e7,b4,cf,73,e1,9c,ca,fa,7f,6d,e0,d6,0d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:33,7d,5a,23,37,47,3f,39,59,8a,69,76,bc,12,b8,d1,e6,c2,0f,34,d0,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:a6,4f,5a,7f,48,ce,1e,c8,98,20,03,99,a1,ef,ab,77,4c,0e,95,3f,67,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:b7,13,fb,c5,49,99,8a,ec,ac,30,c6,64,4b,b7,11,f3,94,01,9e,0b,99,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:8a,d3,51,6f,08,62,53,54,28,98,96,32,3e,95,32,55,40,d9,f9,ac,c9,..
"p0"="D:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,06,a1,7e,7e,1f,b4,b8,2b,a2,60,58,1a,d6,c0,de,a8,e8,..
"khjeh"=hex:cb,1b,8a,63,13,29,a7,79,61,fd,db,6f,7d,60,74,4a,6f,10,29,81,de,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a5,e8,da,53,f0,56,e6,7c,7f,2a,a1,bf,fd,38,97,35,16,e0,cb,fd,43,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:e2,61,f4,5d,4c,d6,34,75,e7,b4,cf,73,e1,9c,ca,fa,7f,6d,e0,d6,0d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:33,7d,5a,23,37,47,3f,39,59,8a,69,76,bc,12,b8,d1,e6,c2,0f,34,d0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:a6,4f,5a,7f,48,ce,1e,c8,98,20,03,99,a1,ef,ab,77,4c,0e,95,3f,67,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"D:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="D:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"D:\\Program Files\\DC++\\DCPlusPlus.exe"="D:\\Program Files\\DC++\\DCPlusPlus.exe:*:EnabledC++"
"C:\\Pelit\\BF2\\BF2.exe"="C:\\Pelit\\BF2\\BF2.exe:*:Enabled:BF2"
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"="D:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Program Files\\Skype\\Phone\\Skype.exe"="D:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Fri 19 Jan 2007 8 ..SHR --- "D:\WINDOWS\system32\D08186CC66.sys"
Fri 19 Jan 2007 2,516 A.SH. --- "D:\WINDOWS\system32\KGyGaAvL.sys"
Tue 25 Jul 2006 4,348 ..SH. --- "D:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 27 Oct 2007 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 14 Nov 2007 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 22 Nov 2007 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Thu 8 May 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\0045d90d3c637c74f834c75fe192b558\BIT8.tmp"

Finished!




HJT LOKI

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:19, on 4.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
D:\Program Files\COMODO\Firewall\cmdagent.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Canon\CAL\CALMAIN.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\WINDOWS\system32\atwtusb.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\vsnpstd.exe
D:\Program Files\COMODO\Firewall\cfp.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvMixerTray] D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [snpstd] D:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://D:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?38917062c73749c0a3d2fce43624c6e1
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://D:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?38917062c73749c0a3d2fce43624c6e1
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1213179095671
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EDB7EF4-95F4-4B43-86CE-DF06DEA4A964}: NameServer = 212.50.211.242 212.50.192.226
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - D:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - D:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - file:///D:/DOCUME~1/Joonas/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 9367 bytes

 

Skannaa koneesi Kaspersky Online Skannerilla

* Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
* Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
* Kun lataus on valmis, klikkaa Settings.
* Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases[*]Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
* Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
* Näet listan saastuneista kohteista. Klikkaa Save Report As....
* Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.
* Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera
.

 

Kaspersky LOKI

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, July 6, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, July 06, 2008 13:53:02
Records in database: 918406
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
M:\
N:\

Scan statistics:
Files scanned: 103598
Threat name: 5
Infected objects: 8
Suspicious objects: 0
Duration of the scan: 02:13:21


File name / Threat name / Threats count
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SRST0NIN\setup_incred_404_p2[1].0xe Infected: Trojan-Downloader.Win32.Keenval 3
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SRST0NIN\setup_incred_404_p2[1].0xe Infected: Trojan-Downloader.Win32.Keenval.e 2
D:\Documents and Settings\Joonas\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.19519 Infected: Backdoor.Win32.IRCBot.dhh 1
D:\Documents and Settings\Joonas\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.48820 Infected: Backdoor.Win32.SdBot.eay 1
D:\Documents and Settings\Joonas\stp.exe Infected: Backdoor.Win32.IRCBot.dig 1

The selected area was scanned.




HJT LOKI

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:19, on 6.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\WINDOWS\system32\atwtusb.exe
D:\WINDOWS\vsnpstd.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
D:\Program Files\COMODO\Firewall\cmdagent.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Canon\CAL\CALMAIN.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvMixerTray] D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [snpstd] D:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://D:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?38917062c73749c0a3d2fce43624c6e1
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://D:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?38917062c73749c0a3d2fce43624c6e1
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1213179095671
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EDB7EF4-95F4-4B43-86CE-DF06DEA4A964}: NameServer = 212.50.211.242 212.50.192.226
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - D:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - D:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - file:///D:/DOCUME~1/Joonas/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 9480 bytes

 

*******************************************************
Käynnistä kone vikasietotilaan => OHJE
Laita piilotiedostot näkyviin =>vikasiedossa OHJE

Poista tiedosto:
D:\Documents and Settings\Joonas\stp.exe

Poista kansio:
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SRST0NIN\
Käynnistä kone normaalitilaan.
******************************************
Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK
**********************************************************************************
Käynnistä Malwarebytes Karanteeni välileti ja tyhjennä roskat.
***************************************************************************

Miltä kone nyt tuntuu ???
.

 

Käynnistyminen kestää vieläkin saman verran mitä ennenkin. Eli jonkin aikaa lataa kuvakkeita pöydälle... Muuten pelittää ihan kelpoisesti.

 

Jospa täältä olis apua.
Nopeutta tietokoneelle => TÄÄLTÄ