Isukin koneen tarkistus HJT

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

keskiviikko 3.12.2008 / 03:30

Haku:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > isukin koneen tarkistus hjt

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Isukin koneen tarkistus HJT

Siirry:

Kirjoittaja

Viesti

Nugecko

Junior Member

28. kesäkuuta 2008 @ 17:39

Linkki tähän viestiin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:21, on 28.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\WINDOWS\system32\atwtusb.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\WINDOWS\vsnpstd.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Macrogaming\SweetIM\SweetIM.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Canon\CAL\CALMAIN.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {697F9823-9DD1-4F0D-9038-CF58B328D22E} - D:\WINDOWS\system32\vturs.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {51c16f14-bedc-7faa-1784-50061f86641f} - {f14668f1-6005-4871-aaf7-cdeb41f61c15} - D:\WINDOWS\system32\ukmlmrcl.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvMixerTray] D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [snpstd] D:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhenUSave] "D:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [SysProtect] D:\Program Files\SysProtect Free\USYP.exe /scan
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Rainlendar2] D:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Policies\Explorer\Run: [{B43830FD-07D0-1035-0818-040409100166}] "D:\Program Files\Common Files\{B43830FD-07D0-1035-0818-040409100166}\Update.exe" mc-110-12-0000272
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://D:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?38917062c73749c0a3d2fce43624c6e1
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://D:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?38917062c73749c0a3d2fce43624c6e1
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/s...b?1213179095671
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EDB7EF4-95F4-4B43-86CE-DF06DEA4A964}: NameServer = 212.50.211.242 212.50.192.226
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rqRHyyYs - rqRHyyYs.dll (file missing)
O20 - Winlogon Notify: vturs - D:\WINDOWS\system32\vturs.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - D:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - file:///D:/DOCUME~1/Joonas/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 11672 bytes

Näkyykö mörköjä?

[ + lainaa]

kalminen

Senior Member

28. kesäkuuta 2008 @ 18:45

Linkki tähän viestiin

Kyllä täällä Näkyy !!!

-----------------
En tunnistanut palomuuria koneeltasi.
Asennukset on syytä tehdä Järjestelmänvalvojan tunnuksilla
Asenna koneellesi YKSI palomuuriohjelma NYT:

1) ZoneAlarm
2) Agnitum
3) Sunbelt/Kerio
4) Comodo

Jos käytät sisäänrakennettua Windowsin palomuuria, se ei ole suositeltua sillä se ei estä koneelta ulosmeneviä yhteyksiä.
Muista käyttää vain yhtä palomuuria kerrallaan.

-----------------------------------------------------------------------------

Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
Vistassa Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:

WhenUSave
SweetIM

--------------------------------------------------------

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

------------------------------------------------------------------

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Lainaus:
File::
D:\WINDOWS\system32\vturs.dll
D:\WINDOWS\system32\ukmlmrcl.dll
D:\WINDOWS\system32\rqRHyyYs.dll
Folder::
D:\Program Files\Save
D:\Program Files\Macrogaming

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

-----------------------------------------------------------------

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {697F9823-9DD1-4F0D-9038-CF58B328D22E} - D:\WINDOWS\system32\vturs.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: {51c16f14-bedc-7faa-1784-50061f86641f} - {f14668f1-6005-4871-aaf7-cdeb41f61c15} - D:\WINDOWS\system32\ukmlmrcl.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [WhenUSave] "D:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Policies\Explorer\Run: [{B43830FD-07D0-1035-0818-040409100166}] "D:\Program Files\Common Files\{B43830FD-07D0-1035-0818-040409100166}\Update.exe" mc-110-12-0000272
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: rqRHyyYs - rqRHyyYs.dll (file missing)
O20 - Winlogon Notify: vturs - D:\WINDOWS\system32\vturs.dll (file missing)

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
* Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
*

[ + lainaa]

Nugecko

Junior Member

28. kesäkuuta 2008 @ 21:27

Linkki tähän viestiin

COMBOFIX LOKI

ComboFix 08-06-20.4 - Joonas 2008-06-28 20:54:13.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.624 [GMT 3:00]
Running from: D:\Documents and Settings\Joonas\Työpöytä\ComboFix.exe
Command switches used :: D:\Documents and Settings\Joonas\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
D:\WINDOWS\system32\rqRHyyYs.dll
D:\WINDOWS\system32\ukmlmrcl.dll
D:\WINDOWS\system32\vturs.dll
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Program Files\Macrogaming
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\emoticons_shortcut.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\lastuse_Audibles.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\lastuse_Emoticons.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\lastuse_SoundFX.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\lastuse_Winks.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\user_config.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\heiditervala@hotmail.com\emoticons_shortcut.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\heiditervala@hotmail.com\user_config.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\jonttu_1988@hotmail.com\emoticons_shortcut.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\jonttu_1988@hotmail.com\lastuse_Emoticons.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\jonttu_1988@hotmail.com\user_config.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\trotting89@hotmail.com\emoticons_shortcut.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\trotting89@hotmail.com\user_config.xml
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AE.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B0.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B2.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B7.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C9.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CB.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CC.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D9.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100DA.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100E8.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010107.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001010E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010111.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010119.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010814.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001084F.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010856.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010867.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010869.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001086A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001087D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010882.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010883.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088F.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010893.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010896.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010897.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010898.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010899.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A4.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A5.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A7.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A9.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AA.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108B1.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108B5.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108BE.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108C9.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108DD.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020058.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020059.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020061.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020062.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020071.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020073.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020075.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020077.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020082.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002008A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020096.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020098.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002009A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002009B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002009E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200A9.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200AF.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200BE.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C0.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C1.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200CA.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200CE.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200CF.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D0.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D2.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D3.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D8.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200ED.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200F0.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200F4.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002010E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020114.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002012D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020130.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013F.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020141.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020148.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002014A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002014C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002014E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020158.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002015B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002015C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020161.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020165.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020177.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020182.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020185.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020189.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002018C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002018E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020195.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002019D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201A4.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201A5.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201AD.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201B5.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201B8.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201D2.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201D6.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201DA.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201ED.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002020E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020233.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020236.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020266.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0003002C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00030033.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005F.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040022.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040029.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0004002B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0004002E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0004003E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040049.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0004005A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0004005E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040063.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040068.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040071.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000400A7.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000400B2.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000600A7.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000600E2.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\010108A7.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\01050001.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
D:\Program Files\Macrogaming\SweetIMBarForIE\Cache\cd2005c66fba47ff715ecc444d3bc1fb.xml
D:\WINDOWS\BMb70b03ce.xml
D:\WINDOWS\pskt.ini
D:\WINDOWS\system32\jcpmbrla.dll
D:\WINDOWS\system32\jnfhjjqt.dll
.
---- Previous Run -------
.
D:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
D:\Program Files\Common Files\{B4383~1
D:\Program Files\Common Files\companion wizard
D:\WINDOWS\service.exe
D:\WINDOWS\system32\csrs.exe
D:\WINDOWS\system32\mcrh.tmp
D:\WINDOWS\system32\MSINET.oca
D:\WINDOWS\system32\srutv.bak1
D:\WINDOWS\system32\srutv.bak2
D:\WINDOWS\system32\srutv.ini
D:\WINDOWS\system32\srutv.ini2
D:\WINDOWS\system32\srutv.tmp
D:\WINDOWS\system32\stera.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_FWSVC
-------\Legacy_MSUPDATE
-------\Legacy_VSPF
-------\Legacy_VSPF_HK

((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-28 to 2008-06-28 )))))))))))))))))
.

D:\ComboFix\CreateC00 .
2008-06-28 19:10 . 2008-06-28 19:10 <KANSIO> d-------- D:\Program Files\COMODO
2008-06-28 19:10 . 2008-06-28 19:10 <KANSIO> d-------- D:\Documents and Settings\Joonas\Application Data\Comodo
2008-06-28 19:10 . 2008-06-28 19:16 <KANSIO> d-------- D:\Documents and Settings\All Users\Application Data\comodo
2008-06-28 19:10 . 2008-06-28 19:10 143,104 --a------ D:\WINDOWS\system32\guard32.dll
2008-06-28 19:10 . 2008-06-28 19:10 87,056 --a------ D:\WINDOWS\system32\drivers\cmdguard.sys
2008-06-28 19:10 . 2008-06-28 19:10 24,208 --a------ D:\WINDOWS\system32\drivers\cmdhlp.sys
2008-06-28 17:36 . 2008-06-28 17:36 <KANSIO> d-------- D:\Program Files\Trend Micro
2008-06-12 21:52 . 2008-06-23 14:06 1,374 --a------ D:\WINDOWS\imsins.BAK
2008-06-12 09:24 . 2008-06-14 20:59 272,128 --------- D:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 09:24 . 2008-06-14 20:59 272,128 -----c--- D:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 18:01 . 2008-03-25 02:37 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl
2008-06-08 18:00 . 2008-06-08 18:00 <KANSIO> d-------- D:\Program Files\Common Files\Java
2008-06-08 15:41 . 2008-06-08 15:41 <KANSIO> d-------- D:\Program Files\Sun
2008-06-05 20:09 . 2008-06-23 13:50 <KANSIO> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-06-05 20:09 . 2008-06-05 20:09 <KANSIO> d-------- D:\Documents and Settings\Joonas\Application Data\Malwarebytes
2008-06-05 20:09 . 2008-06-05 20:09 <KANSIO> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-05 20:09 . 2008-06-19 17:48 34,296 --a------ D:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-05 20:09 . 2008-06-19 17:47 17,144 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ D:\Documents and Settings\Joonas\stp.exe
2008-06-02 15:12 . 2008-06-02 15:13 <KANSIO> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-02 15:11 . 2008-06-02 15:11 <KANSIO> d-------- D:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 12:19 --------- d-----w D:\Program Files\DC++
2008-06-08 15:01 --------- d-----w D:\Program Files\Java
2008-06-06 19:03 --------- d-----w D:\Documents and Settings\Joonas\Application Data\Skype
2008-06-06 16:04 --------- d-----w D:\Documents and Settings\Joonas\Application Data\skypePM
2008-06-05 13:57 --------- d-----w D:\Program Files\RegCure
2008-06-05 12:45 --------- d-----w D:\Program Files\BitComet
2008-06-05 12:34 --------- d-----w D:\Program Files\Pinnacle
2008-06-05 12:33 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-06-03 09:39 --------- d-----w D:\Program Files\Windows Live
2008-06-02 12:12 --------- d-----w D:\Program Files\Lavasoft
2008-06-02 12:12 --------- d-----w D:\Documents and Settings\Joonas\Application Data\Lavasoft
2008-05-31 13:07 --------- d-----w D:\Program Files\Yahoo!
2008-05-14 15:07 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-08 12:28 202,752 ----a-w D:\WINDOWS\system32\drivers\rmcast.sys
2008-04-29 08:20 15,648 ----a-w D:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w D:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w D:\WINDOWS\system32\drivers\Awrtpd.sys
2007-11-22 15:13 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-11-05 14:44 15,472,782 ----a-w D:\Program Files\Winamp.zip
2005-12-02 08:37 2,855,080 ----a-w D:\Program Files\aawsepersonal.exe
2007-01-18 21:09 8 --sh--r D:\WINDOWS\system32\D08186CC66.sys
2007-01-18 21:14 2,516 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-05_15.15.16.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 12:10:54 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2008-06-28 17:58:54 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2008-06-14 17:59:49 272,128 ------w D:\WINDOWS\Driver Cache\i386\bthport.sys
- 2000-08-31 05:00:00 28,160 ----a-w D:\WINDOWS\Nircmd.exe
+ 2000-08-31 05:00:00 28,672 ----a-w D:\WINDOWS\Nircmd.exe
- 2008-02-16 09:02:36 1,023,488 ----a-w D:\WINDOWS\system32\browseui.dll
+ 2008-04-21 07:02:46 1,023,488 ----a-w D:\WINDOWS\system32\browseui.dll
- 2008-02-16 09:02:36 151,552 ----a-w D:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 07:02:46 151,552 ----a-w D:\WINDOWS\system32\cdfview.dll
- 2008-02-16 09:02:37 1,055,232 ----a-w D:\WINDOWS\system32\danim.dll
+ 2008-04-21 07:02:47 1,055,232 ----a-w D:\WINDOWS\system32\danim.dll
- 2008-02-16 09:02:36 1,023,488 -c--a-w D:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 07:02:46 1,023,488 -c--a-w D:\WINDOWS\system32\dllcache\browseui.dll
- 2008-02-16 09:02:36 151,552 -c--a-w D:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 07:02:46 151,552 -c--a-w D:\WINDOWS\system32\dllcache\cdfview.dll
- 2008-02-16 09:02:37 1,055,232 -c--a-w D:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 07:02:47 1,055,232 -c--a-w D:\WINDOWS\system32\dllcache\danim.dll
- 2008-02-16 09:02:37 357,888 -c--a-w D:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 07:02:47 357,888 -c--a-w D:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-02-16 09:02:37 205,312 -c--a-w D:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:02:47 205,312 -c--a-w D:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-02-16 09:02:37 55,808 -c--a-w D:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 07:02:47 55,808 -c--a-w D:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-02-15 09:23:37 18,432 -c--a-w D:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-04-17 10:52:54 18,432 -c--a-w D:\WINDOWS\system32\dllcache\iedw.exe
- 2008-02-16 09:02:38 250,880 -c--a-w D:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 07:02:47 250,880 -c--a-w D:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-02-16 09:02:38 96,256 -c--a-w D:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 07:02:47 96,256 -c--a-w D:\WINDOWS\system32\dllcache\inseng.dll
- 2008-02-16 09:02:38 16,384 -c--a-w D:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 07:02:47 16,384 -c--a-w D:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-02-16 22:32:40 3,080,704 -c--a-w D:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 07:02:49 3,080,704 -c--a-w D:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-02-16 09:02:39 449,024 -c--a-w D:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 07:02:49 449,024 -c--a-w D:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-02-16 09:02:39 146,432 -c--a-w D:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 07:02:49 146,432 -c--a-w D:\WINDOWS\system32\dllcache\msrating.dll
- 2008-02-16 09:02:39 532,480 -c--a-w D:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 07:02:50 532,480 -c--a-w D:\WINDOWS\system32\dllcache\mstime.dll
- 2008-02-16 09:02:39 39,424 -c--a-w D:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 07:02:50 39,424 -c--a-w D:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:51 1,288,192 -c--a-w D:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:15:43 1,288,192 -c--a-w D:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w D:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w D:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-02-16 09:02:41 1,494,016 -c--a-w D:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 07:02:51 1,494,016 -c--a-w D:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-02-16 09:02:41 474,112 -c--a-w D:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 07:02:51 474,112 -c--a-w D:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-02-16 09:02:41 616,448 -c--a-w D:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 07:02:52 616,448 -c--a-w D:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-02-16 09:02:42 659,456 -c--a-w D:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 07:02:52 659,456 -c--a-w D:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-28 16:10:43 79,760 ----a-w D:\WINDOWS\system32\drivers\inspect.sys
- 2002-03-19 08:29:16 14,165 ------w D:\WINDOWS\system32\drivers\Pclepci.sys
+ 2002-03-19 07:29:16 14,165 ------w D:\WINDOWS\system32\drivers\Pclepci.sys
- 2008-02-16 09:02:37 357,888 ----a-w D:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 07:02:47 357,888 ----a-w D:\WINDOWS\system32\dxtmsft.dll
- 2008-02-16 09:02:37 205,312 ----a-w D:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 07:02:47 205,312 ----a-w D:\WINDOWS\system32\dxtrans.dll
- 2008-02-16 09:02:37 55,808 ----a-w D:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 07:02:47 55,808 ----a-w D:\WINDOWS\system32\extmgr.dll
- 2008-04-10 05:01:51 329,888 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-06 11:18:53 309,992 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT
- 2008-02-16 09:02:38 250,880 ----a-w D:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 07:02:47 250,880 ----a-w D:\WINDOWS\system32\iepeers.dll
- 2008-02-16 09:02:38 96,256 ----a-w D:\WINDOWS\system32\inseng.dll
+ 2008-04-21 07:02:47 96,256 ----a-w D:\WINDOWS\system32\inseng.dll
- 2005-11-10 08:27:06 49,248 -c--a-w D:\WINDOWS\system32\java.exe
+ 2008-03-24 22:28:39 135,168 ----a-w D:\WINDOWS\system32\java.exe
- 2005-11-10 08:27:16 49,250 -c--a-w D:\WINDOWS\system32\javaw.exe
+ 2008-03-24 22:28:43 135,168 ----a-w D:\WINDOWS\system32\javaw.exe
- 2005-11-10 10:03:54 127,078 -c--a-w D:\WINDOWS\system32\javaws.exe
+ 2008-03-24 23:37:01 139,264 ----a-w D:\WINDOWS\system32\javaws.exe
- 2008-02-16 09:02:38 16,384 ----a-w D:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 07:02:47 16,384 ----a-w D:\WINDOWS\system32\jsproxy.dll
+ 2007-07-30 23:25:54 142,696 ----a-w D:\WINDOWS\system32\MicrosoftUpdateCatalogWebControl.dll
- 2008-05-09 11:35:06 16,863,864 ----a-w D:\WINDOWS\system32\MRT.exe
+ 2008-05-29 13:35:12 17,486,968 ----a-w D:\WINDOWS\system32\MRT.exe
- 2008-02-16 22:32:40 3,080,704 ----a-w D:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 07:02:49 3,080,704 ----a-w D:\WINDOWS\system32\mshtml.dll
- 2008-02-16 09:02:39 449,024 ----a-w D:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 07:02:49 449,024 ----a-w D:\WINDOWS\system32\mshtmled.dll
- 2008-02-16 09:02:39 146,432 ----a-w D:\WINDOWS\system32\msrating.dll
+ 2008-04-21 07:02:49 146,432 ----a-w D:\WINDOWS\system32\msrating.dll
- 2008-02-16 09:02:39 532,480 ----a-w D:\WINDOWS\system32\mstime.dll
+ 2008-04-21 07:02:50 532,480 ----a-w D:\WINDOWS\system32\mstime.dll
- 2008-02-16 09:02:39 39,424 ----a-w D:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 07:02:50 39,424 ----a-w D:\WINDOWS\system32\pngfilt.dll
- 2007-10-29 22:43:51 1,288,192 ----a-w D:\WINDOWS\system32\quartz.dll
+ 2008-05-07 05:15:43 1,288,192 ----a-w D:\WINDOWS\system32\quartz.dll
- 2008-02-16 09:02:41 1,494,016 ----a-w D:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 07:02:51 1,494,016 ----a-w D:\WINDOWS\system32\shdocvw.dll
- 2008-02-16 09:02:41 474,112 ----a-w D:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 07:02:51 474,112 ----a-w D:\WINDOWS\system32\shlwapi.dll
- 2006-10-16 13:10:58 14,640 ------w D:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:02 17,272 ------w D:\WINDOWS\system32\spmsg.dll
- 2008-02-16 09:02:41 616,448 ----a-w D:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 07:02:52 616,448 ----a-w D:\WINDOWS\system32\urlmon.dll
- 2008-02-16 09:02:42 659,456 ----a-w D:\WINDOWS\system32\wininet.dll
+ 2008-04-21 07:02:52 659,456 ----a-w D:\WINDOWS\system32\wininet.dll
- 2008-02-15 23:03:12 357,888 ----a-w D:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 11:03:44 357,888 ----a-w D:\WINDOWS\system32\xpsp3res.dll
+ 2008-06-28 17:59:11 16,384 ----atw D:\WINDOWS\Temp\Perflib_Perfdata_704.dat
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{697F9823-9DD1-4F0D-9038-CF58B328D22E}]
D:\WINDOWS\system32\vturs.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"WhenUSave"="D:\Program Files\Save\Save.exe" [ ]
"SysProtect"="D:\Program Files\SysProtect Free\USYP.exe" [ ]
"Rainlendar2"="D:\Program Files\Rainlendar2\Rainlendar2.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 21:10 339968]
"NvMixerTray"="D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe" [2004-03-03 14:30 131072]
"HP Component Manager"="D:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54 241664]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2006-06-21 20:14 35328]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"Adobe Photo Downloader"="D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 01:18 57344]
"Emurayden PSX Emulator"="" []
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2006-08-18 13:40 282624]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 17:57 133016]
"atwtusb"="atwtusb.exe" [2005-03-09 18:29 290816 D:\WINDOWS\system32\atwtusb.exe]
"GrooveMonitor"="D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"snpstd"="D:\WINDOWS\vsnpstd.exe" [2005-10-11 14:54 339968]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"COMODO Firewall Pro"="D:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-28 19:10 1655552]
"combofix"="D:\WINDOWS\system32\CF19969.exe" [2004-09-14 17:12 390656]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{B43830FD-07D0-1035-0818-040409100166}"= "D:\Program Files\Common Files\{B43830FD-07D0-1035-0818-040409100166}\Update.exe" mc-110-12-0000272

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRHyyYs]
rqRHyyYs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturs]
D:\WINDOWS\system32\vturs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= D:\WINDOWS\system32\guard32.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= D:\PROGRA~1\ffdshow\ffdshow.ax

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"D:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Pelit\\BF2\\BF2.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12414:TCP"= 12414:TCP:*:Disabled:BitComet 12414 TCP
"12414:UDP"= 12414:UDP:*:Disabled:BitComet 12414 UDP

R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;D:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-06-28 19:10]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;D:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-06-28 19:10]
R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S1 aiptektp;HyperPen;D:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 17:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23d6a943-048b-11dd-9f87-00508d65c7ab}]
\Shell\AutoRun\command - L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
\Shell\open\command - L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e871ef03-3a4e-11d9-bb0c-806d6172696f}]
\Shell\AutoRun\command - E:\Autorun.exe root.ini

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-06-28 17:59:19 D:\WINDOWS\Tasks\RegCure Program Check.job"
- D:\Program Files\RegCure\RegCure.exe
"2008-06-05 02:37:30 D:\WINDOWS\Tasks\RegCure.job"
- D:\Program Files\RegCure\RegCure.exe
"2008-06-28 17:10:05 D:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"

MALWARE LOKI

Malwarebytes' Anti-Malware 1.18
Tietokantaversio: 898

20:41:48 28.6.2008
mbam-log-6-28-2008 (20-41-48).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|K:\|)
Tarkistetut kohteet: 151608
Kulunut aika: 1 hour(s), 17 minute(s), 49 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 1
Saastuneita rekisteriavaimia: 3
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 2

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
D:\WINDOWS\system32\ukmlmrcl.dll (Trojan.Vundo) -> Unloaded module successfully.

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\CLSID\{f14668f1-6005-4871-aaf7-cdeb41f61c15} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f14668f1-6005-4871-aaf7-cdeb41f61c15} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
D:\WINDOWS\system32\ukmlmrcl.dll (Trojan.Vundo) -> Delete on reboot.
D:\Documents and Settings\Joonas\Local Settings\Temporary Internet Files\Content.IE5\7WL4FBFS\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

HJT LOKI

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20, on 2008-06-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\WINDOWS\system32\atwtusb.exe
D:\WINDOWS\vsnpstd.exe
D:\Program Files\COMODO\Firewall\cfp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
D:\Program Files\COMODO\Firewall\cmdagent.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Canon\CAL\CALMAIN.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvMixerTray] D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [snpstd] D:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [combofix] D:\WINDOWS\system32\CF19969.exe /c D:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SysProtect] D:\Program Files\SysProtect Free\USYP.exe /scan
O4 - HKCU\..\Run: [Rainlendar2] D:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://D:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?38917062c73749c0a3d2fce43624c6e1
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://D:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?38917062c73749c0a3d2fce43624c6e1
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/s...b?1213179095671
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EDB7EF4-95F4-4B43-86CE-DF06DEA4A964}: NameServer = 212.50.211.242 212.50.192.226
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - D:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - D:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - file:///D:/DOCUME~1/Joonas/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 9595 bytes

[ + lainaa]

kalminen

Senior Member

28. kesäkuuta 2008 @ 22:48

Linkki tähän viestiin

Ilme kirkastui kummasti !!!

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Lainaus:
File::
L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23d6a943-048b-11dd-9f87-00508d65c7ab}]

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

[ + lainaa]

Nugecko

Junior Member

3. heinäkuuta 2008 @ 17:13

Linkki tähän viestiin

ComboFix 08-07-01.3 - Joonas 2008-07-02 19:06:36.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.604 [GMT 3:00]
Running from: D:\Documents and Settings\Joonas\Työpöytä\ComboFix.exe
Command switches used :: D:\Documents and Settings\Joonas\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
D:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
D:\Program Files\Common Files\{B4383~1
D:\Program Files\Common Files\companion wizard
D:\Program Files\Macrogaming
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\emoticons_shortcut.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\lastuse_Audibles.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\lastuse_Emoticons.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\lastuse_SoundFX.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\lastuse_Winks.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\annejaraimo@hotmail.com\user_config.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\heiditervala@hotmail.com\emoticons_shortcut.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\heiditervala@hotmail.com\user_config.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\jonttu_1988@hotmail.com\emoticons_shortcut.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\jonttu_1988@hotmail.com\lastuse_Emoticons.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\jonttu_1988@hotmail.com\user_config.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\trotting89@hotmail.com\emoticons_shortcut.xml
D:\Program Files\Macrogaming\SweetIM\conf\users\trotting89@hotmail.com\user_config.xml
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AE.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B0.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B2.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B7.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C9.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CB.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CC.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D9.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100DA.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000100E8.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010107.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001010E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010111.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010119.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010814.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001084F.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010856.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010867.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010869.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001086A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001087D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010882.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010883.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088F.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010893.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010896.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010897.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010898.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00010899.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A4.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A5.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A7.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A9.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AA.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108B1.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108B5.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108BE.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108C9.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000108DD.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020058.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020059.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020061.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020062.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020071.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020073.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020075.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020077.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020082.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002008A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020096.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020098.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002009A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002009B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002009E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200A9.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200AF.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200BE.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C0.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C1.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200CA.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200CE.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200CF.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D0.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D2.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D3.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D8.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200ED.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200F0.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000200F4.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002010E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020114.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002012D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020130.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013F.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020141.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020148.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002014A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002014C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002014E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020158.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002015B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002015C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020161.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020165.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020177.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020182.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020185.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020189.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002018C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002018E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020195.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002019D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201A4.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201A5.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201AD.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201B5.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201B8.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201D2.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201D6.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201DA.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000201ED.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0002020E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020233.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020236.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00020266.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0003002C.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00030033.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005D.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005F.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040022.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040029.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0004002B.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0004002E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0004003E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040049.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0004005A.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\0004005E.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040063.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040068.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\00040071.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000400A7.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000400B2.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000600A7.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\000600E2.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\010108A7.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\01050001.dat
D:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
D:\Program Files\Macrogaming\SweetIMBarForIE\Cache\cd2005c66fba47ff715ecc444d3bc1fb.xml
D:\WINDOWS\BMb70b03ce.xml
D:\WINDOWS\pskt.ini
D:\WINDOWS\service.exe
D:\WINDOWS\system32\csrs.exe
D:\WINDOWS\system32\jcpmbrla.dll
D:\WINDOWS\system32\jnfhjjqt.dll
D:\WINDOWS\system32\mcrh.tmp
D:\WINDOWS\system32\MSINET.oca
D:\WINDOWS\system32\srutv.bak1
D:\WINDOWS\system32\srutv.bak2
D:\WINDOWS\system32\srutv.ini
D:\WINDOWS\system32\srutv.ini2
D:\WINDOWS\system32\srutv.tmp
D:\WINDOWS\system32\stera.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_FWSVC
-------\Legacy_MSUPDATE
-------\Legacy_VSPF
-------\Legacy_VSPF_HK

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-06-02 to 2008-07-02 )))))))))))))))))
.

2008-06-28 19:10 . 2008-06-28 19:10 <KANSIO> d-------- D:\Program Files\COMODO
2008-06-28 19:10 . 2008-06-28 19:10 <KANSIO> d-------- D:\Documents and Settings\Joonas\Application Data\Comodo
2008-06-28 19:10 . 2008-06-28 19:16 <KANSIO> d-------- D:\Documents and Settings\All Users\Application Data\comodo
2008-06-28 19:10 . 2008-06-28 19:10 143,104 --a------ D:\WINDOWS\system32\guard32.dll
2008-06-28 19:10 . 2008-06-28 19:10 87,056 --a------ D:\WINDOWS\system32\drivers\cmdguard.sys
2008-06-28 19:10 . 2008-06-28 19:10 24,208 --a------ D:\WINDOWS\system32\drivers\cmdhlp.sys
2008-06-28 17:36 . 2008-06-28 17:36 <KANSIO> d-------- D:\Program Files\Trend Micro
2008-06-12 21:52 . 2008-06-23 14:06 1,374 --a------ D:\WINDOWS\imsins.BAK
2008-06-12 09:24 . 2008-06-14 20:59 272,128 --------- D:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 09:24 . 2008-06-14 20:59 272,128 -----c--- D:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 18:01 . 2008-03-25 02:37 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl
2008-06-08 18:00 . 2008-06-08 18:00 <KANSIO> d-------- D:\Program Files\Common Files\Java
2008-06-08 15:41 . 2008-06-08 15:41 <KANSIO> d-------- D:\Program Files\Sun
2008-06-05 20:09 . 2008-06-23 13:50 <KANSIO> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-06-05 20:09 . 2008-06-05 20:09 <KANSIO> d-------- D:\Documents and Settings\Joonas\Application Data\Malwarebytes
2008-06-05 20:09 . 2008-06-05 20:09 <KANSIO> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-05 20:09 . 2008-06-19 17:48 34,296 --a------ D:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-05 20:09 . 2008-06-19 17:47 17,144 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ D:\Documents and Settings\Joonas\stp.exe
2008-06-02 15:12 . 2008-06-02 15:13 <KANSIO> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-02 15:11 . 2008-06-02 15:11 <KANSIO> d-------- D:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 12:19 --------- d-----w D:\Program Files\DC++
2008-06-08 15:01 --------- d-----w D:\Program Files\Java
2008-06-06 19:03 --------- d-----w D:\Documents and Settings\Joonas\Application Data\Skype
2008-06-06 16:04 --------- d-----w D:\Documents and Settings\Joonas\Application Data\skypePM
2008-06-05 13:57 --------- d-----w D:\Program Files\RegCure
2008-06-05 12:45 --------- d-----w D:\Program Files\BitComet
2008-06-05 12:34 --------- d-----w D:\Program Files\Pinnacle
2008-06-05 12:33 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-06-03 09:39 --------- d-----w D:\Program Files\Windows Live
2008-06-02 12:12 --------- d-----w D:\Program Files\Lavasoft
2008-06-02 12:12 --------- d-----w D:\Documents and Settings\Joonas\Application Data\Lavasoft
2008-05-31 13:07 --------- d-----w D:\Program Files\Yahoo!
2008-05-16 08:58 12,632 ----a-w D:\WINDOWS\system32\lsdelete.exe
2008-05-14 15:07 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-08 12:28 202,752 ----a-w D:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w D:\WINDOWS\system32\quartz.dll
2008-04-21 07:02 659,456 ----a-w D:\WINDOWS\system32\wininet.dll
2007-11-22 15:13 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-11-05 14:44 15,472,782 ----a-w D:\Program Files\Winamp.zip
2005-12-02 08:37 2,855,080 ----a-w D:\Program Files\aawsepersonal.exe
2007-01-18 21:09 8 --sh--r D:\WINDOWS\system32\D08186CC66.sys
2007-01-18 21:14 2,516 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2008-06-28_21.03.53.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-28 17:58:54 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2008-07-02 15:50:48 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2008-07-02 15:51:08 16,384 ----atw D:\WINDOWS\Temp\Perflib_Perfdata_700.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 21:10 339968]
"NvMixerTray"="D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe" [2004-03-03 14:30 131072]
"HP Component Manager"="D:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54 241664]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"Adobe Photo Downloader"="D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 01:18 57344]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 17:57 133016]
"snpstd"="D:\WINDOWS\vsnpstd.exe" [2005-10-11 14:54 339968]
"COMODO Firewall Pro"="D:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-28 19:10 1655552]
"atwtusb"="atwtusb.exe" [2005-03-09 18:29 290816 D:\WINDOWS\system32\atwtusb.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]

D:\Documents and Settings\Joonas\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
OneNote 2007 -n„ytt”leikkeet ja Launcher.lnk - D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

D:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38 241664]
HP Image Zone -pikak„ynnistys.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= D:\WINDOWS\system32\guard32.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= D:\PROGRA~1\ffdshow\ffdshow.ax

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"D:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Pelit\\BF2\\BF2.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12414:TCP"= 12414:TCP:*:Disabled:BitComet 12414 TCP
"12414:UDP"= 12414:UDP:*:Disabled:BitComet 12414 UDP

R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;D:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-06-28 19:10]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;D:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-06-28 19:10]
R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S1 aiptektp;HyperPen;D:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 17:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23d6a943-048b-11dd-9f87-00508d65c7ab}]
\Shell\AutoRun\command - L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
\Shell\open\command - L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e871ef03-3a4e-11d9-bb0c-806d6172696f}]
\Shell\AutoRun\command - E:\Autorun.exe root.ini

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-07-02 15:51:15 D:\WINDOWS\Tasks\RegCure Program Check.job"
- D:\Program Files\RegCure\RegCure.exe
"2008-06-05 02:37:30 D:\WINDOWS\Tasks\RegCure.job"
- D:\Program Files\RegCure\RegCure.exe
"2008-07-01 10:10:01 D:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SysProtect - D:\Program Files\SysProtect Free\USYP.exe
HKCU-Run-Rainlendar2 - D:\Program Files\Rainlendar2\Rainlendar2.exe
HKLM-Run-combofix - D:\WINDOWS\system32\CF19969.exe
HKLM-Run-Emurayden PSX Emulator - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 19:08:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-02 19:09:39
ComboFix-quarantined-files.txt 2008-07-02 16:09:30

Pre-Run: 34,506,285,056 tavua vapaana
Post-Run: 34,496,245,760 tavua vapaana

341 --- E O F --- 2008-07-01 09:27:43

[ + lainaa]

kalminen

Senior Member


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.