HJT logi tarkasteltavaksi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:17:59, on 28.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\CallingID\Light\CIDGlobalLight.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Cleaner - {CCF00E14-7C5E-4420-9BF3-AA4809CFAA13} - C:\Program Files\ClickClean\ClickClean.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5669 bytes

 

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

==========

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

 

tossa noi raportit

ComboFix 08-08-27.06 - Atte 2008-08-28 17:09:54.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.140 [GMT 3:00]
Running from: C:\Documents and Settings\Atte\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-07-28 to 2008-08-28 )))))))))))))))))
.

2008-08-28 16:30 . 2008-08-28 17:02 <KANSIO> d-------- C:\Program Files\Samurize
2008-08-28 15:41 . 2008-08-28 15:47 1,400 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-28 07:49 . 2008-08-28 07:49 <KANSIO> d-------- C:\Program Files\ifolor
2008-08-28 07:49 . 2008-08-28 07:49 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ifolor
2008-08-27 21:11 . 2008-08-27 21:11 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-08-26 21:35 . 2008-08-26 21:35 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-26 21:35 . 2008-08-26 21:35 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\Malwarebytes
2008-08-26 21:35 . 2008-08-26 21:35 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-26 21:35 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 21:35 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-25 20:57 . 2008-08-25 20:57 <KANSIO> d-------- C:\Program Files\GRETECH
2008-08-25 20:56 . 2008-08-25 20:56 <KANSIO> d-------- C:\Program Files\CloneSpy
2008-08-24 17:39 . 2004-09-14 16:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-24 17:39 . 2004-09-14 16:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-08-22 22:02 . 2008-08-22 22:02 <KANSIO> d-------- C:\Program Files\CallingID
2008-08-22 22:02 . 2008-08-28 16:12 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\CallingID
2008-08-18 18:21 . 2005-12-06 11:57 137,884 -ra------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-08-18 18:21 . 2005-12-06 11:57 80,272 -ra------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-08-18 18:21 . 2005-12-06 11:57 11,877 -ra------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-08-18 18:21 . 2005-12-06 11:57 11,877 -ra------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-08-18 18:21 . 2005-12-06 11:57 11,188 -ra------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-08-18 18:21 . 2005-12-06 11:57 11,188 -ra------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-08-18 18:21 . 2005-12-06 11:57 10,864 -ra------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-08-16 23:00 . 2008-07-12 08:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll
2008-08-16 23:00 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll
2008-08-16 23:00 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll
2008-08-16 23:00 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll
2008-08-16 23:00 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll
2008-08-16 23:00 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll
2008-08-16 22:41 . 2008-08-16 22:41 <KANSIO> d-------- C:\Program Files\Defraggler
2008-08-16 16:36 . 2001-06-18 09:41 282,624 --a------ C:\WINDOWS\system32\ActiveSkin.ocx
2008-08-16 16:36 . 2001-01-10 12:23 162,304 --a------ C:\UNWISE.EXE
2008-08-16 16:36 . 2001-06-18 09:41 112 --a------ C:\WINDOWS\ActiveSkin.INI
2008-08-16 12:58 . 2008-08-16 12:58 <KANSIO> d-------- C:\Program Files\ClickClean
2008-08-16 11:58 . 2008-08-16 11:58 <KANSIO> d-------- C:\Program Files\Opera
2008-08-12 21:34 . 2008-08-12 21:34 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\wsInspector
2008-08-12 21:24 . 2008-08-12 21:24 <KANSIO> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2008-08-12 21:24 . 2008-08-13 16:59 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\McAfee.com Personal Firewall
2008-08-12 21:24 . 2008-08-12 21:24 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-08-12 21:22 . 2008-08-28 16:35 53,664 --a------ C:\WINDOWS\system32\Status.MPF
2008-08-12 21:18 . 2008-08-12 21:18 <KANSIO> d-------- C:\Program Files\McAfee
2008-08-12 21:18 . 2008-08-12 21:18 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\McAfee
2008-08-12 21:18 . 2008-08-12 21:18 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-12 21:13 . 2008-08-12 21:13 <KANSIO> d-------- C:\Program Files\Ashampoo
2008-08-12 21:13 . 2008-08-12 21:13 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-08-12 21:08 . 2008-08-12 21:08 <KANSIO> d-------- C:\Program Files\ExPLabs.com
2008-08-12 21:08 . 2008-08-12 21:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ExPLabs.com
2008-08-12 21:04 . 2008-08-12 21:34 <KANSIO> d-------- C:\Program Files\Startup Inspector for Windows
2008-08-12 21:03 . 2005-04-05 12:49 67,584 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2008-08-12 21:03 . 2004-04-23 17:15 24,576 --a------ C:\WINDOWS\system32\MpfApi.dll
2008-08-12 21:02 . 2008-08-12 21:03 <KANSIO> d-------- C:\Program Files\McAfee.com
2008-08-12 21:02 . 2008-08-13 15:55 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-08-12 21:02 . 2005-10-18 11:08 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2008-08-12 21:02 . 2005-02-14 23:04 277,616 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2008-08-11 10:46 . 2008-08-11 11:09 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\Skype
2008-08-11 10:45 . 2008-08-11 10:45 <KANSIO> d-------- C:\Program Files\Skype
2008-08-11 10:45 . 2008-08-11 10:45 <KANSIO> d-------- C:\Program Files\Common Files\Skype
2008-08-11 10:45 . 2008-08-11 10:45 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-08-09 20:11 . 2008-08-09 20:11 <KANSIO> d--h----- C:\WINDOWS\PIF
2008-08-08 19:00 . 2008-08-08 19:00 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-08-08 13:11 . 2008-08-08 13:15 <KANSIO> d-------- C:\Program Files\Samsung
2008-08-08 13:11 . 2008-08-08 13:12 <KANSIO> d-------- C:\Hermes
2008-08-08 13:11 . 2008-08-08 13:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Samsung
2008-08-07 22:10 . 2008-08-07 22:10 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\PC Suite
2008-08-07 22:10 . 2008-08-07 22:11 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\Nokia
2008-08-07 22:10 . 2008-08-07 22:10 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-08-07 22:09 . 2008-08-07 22:09 <KANSIO> d-------- C:\Program Files\DIFX
2008-08-07 22:09 . 2008-08-07 22:09 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2008-08-07 22:09 . 2008-08-07 22:09 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-08-07 22:09 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-08-07 22:08 . 2008-08-07 22:08 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2008-08-07 22:08 . 2008-08-07 22:09 <KANSIO> d-------- C:\Program Files\Nokia
2008-08-07 22:08 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-08-07 22:07 . 2008-08-07 22:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-08-06 10:22 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-06 10:22 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-06 10:22 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-05 22:36 . 2008-08-05 22:36 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-08-05 22:35 . 2008-08-05 22:35 <KANSIO> d-------- C:\Program Files\Last.fm
2008-08-05 09:28 . 2008-08-06 10:21 <KANSIO> d-------- C:\Documents and Settings\Atte\Contacts
2008-08-05 09:27 . 2008-08-07 22:10 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-05 09:19 . 2008-08-05 09:29 <KANSIO> d-------- C:\Program Files\Windows Live
2008-08-05 09:19 . 2008-08-05 09:23 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-05 09:19 . 2008-08-05 09:19 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-05 08:52 . 2008-08-05 08:57 <KANSIO> d--h----- C:\WINDOWS\msdownld.tmp
2008-08-05 08:52 . 2008-08-05 08:52 <KANSIO> d-------- C:\WINDOWS\Logs
2008-08-03 20:02 . 2008-08-03 20:03 <KANSIO> d-------- C:\Program Files\EvilLyrics
2008-08-03 19:28 . 2008-08-07 22:38 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\TeraCopy
2008-08-03 18:58 . 2008-08-25 20:58 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\AdobeUM
2008-08-03 16:55 . 2008-08-03 16:55 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\Grisoft
2008-08-03 16:54 . 2008-08-03 16:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-03 16:54 . 2007-05-30 15:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-08-03 16:52 . 2008-08-10 15:34 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\.purple
2008-08-03 16:50 . 2008-08-03 16:51 <KANSIO> d-------- C:\Program Files\Pidgin
2008-08-03 16:50 . 2008-08-03 16:50 <KANSIO> d-------- C:\Program Files\Common Files\GTK
2008-08-03 00:35 . 2008-08-05 14:19 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\OpenOffice.org2
2008-08-03 00:34 . 2008-08-03 00:34 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\Template
2008-08-03 00:34 . 2008-08-03 00:34 0 --a------ C:\Documents and Settings\Atte\Application Data\wklnhst.dat
2008-08-02 16:14 . 2008-08-02 16:14 <KANSIO> d-------- C:\Program Files\Infogrames
2008-08-02 12:21 . 2008-08-03 00:22 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\FrostWire
2008-08-01 19:23 . 2008-08-01 19:23 <KANSIO> d-------- C:\Program Files\OpenOffice.org 2.4
2008-08-01 18:05 . 2008-08-01 18:05 <KANSIO> d-------- C:\Program Files\Runtime Software
2008-08-01 13:22 . 2008-08-23 19:52 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-01 13:22 . 2008-08-26 22:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-01 13:21 . 2008-08-26 21:28 <KANSIO> d-------- C:\Program Files\a-squared Free
2008-07-31 23:20 . 2008-07-31 23:20 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\Talkback
2008-07-31 22:25 . 2008-08-08 10:52 <KANSIO> d-------- C:\Program Files\Notepad++
2008-07-31 18:07 . 2008-08-05 08:04 <KANSIO> d-------- C:\Program Files\mIRC
2008-07-31 18:07 . 2008-08-05 08:07 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\mIRC
2008-07-31 14:49 . 2008-08-23 17:59 <KANSIO> d-------- C:\Program Files\DC++
2008-07-30 19:00 . 2004-09-15 06:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-30 16:17 . 2008-07-30 16:17 <KANSIO> d-------- C:\Program Files\uTorrent
2008-07-30 16:17 . 2008-08-23 14:39 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\uTorrent
2008-07-30 14:12 . 2008-07-30 14:12 <KANSIO> d-------- C:\WINDOWS\Sun
2008-07-30 14:03 . 2008-07-30 14:03 <KANSIO> d-------- C:\Program Files\Java
2008-07-30 14:03 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-30 14:01 . 2008-07-30 14:01 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-07-30 10:21 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-30 10:21 . 2007-03-08 08:10 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-30 10:21 . 2008-06-23 19:29 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-30 10:21 . 2008-06-23 19:29 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-30 10:21 . 2008-06-23 19:29 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-30 10:21 . 2008-06-23 19:29 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-30 10:21 . 2008-06-23 19:29 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-30 10:21 . 2008-06-23 12:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-08 10:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-08 10:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-29 21:59 --------- d-----w C:\Program Files\S3
2008-07-29 21:59 --------- d-----w C:\Program Files\Realtek AC97
2008-07-29 21:58 --------- d-----w C:\Program Files\Oca History Tool
2008-07-29 21:58 --------- d-----w C:\Program Files\Microsoft Works
2008-07-29 21:58 --------- d-----w C:\Program Files\CyberLink
2008-07-29 21:58 --------- d-----w C:\Program Files\AvRack
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-16 18:51 2,041,363 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:29 826,368 ------w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-05-30 11:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 11:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 11:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 11:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 11:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 11:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 11:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-26_22.00.37.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-06-11 20:55:50 795,136 ----a-w C:\WINDOWS\Samurize.scr
- 2007-07-30 16:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2008-07-18 19:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2007-07-30 16:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2008-07-18 19:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2007-07-30 16:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2008-07-18 19:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2007-07-30 16:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2008-07-18 19:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2007-07-30 16:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2008-07-18 19:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2007-07-30 16:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2008-07-18 19:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2007-07-30 16:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-07-18 19:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-07-18 19:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-18 19:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 06:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 15:42 212992]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 17:38 78008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 14:41 950272]
"McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe" [2004-07-29 14:55 139264]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05 212992]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 13:39 90112 C:\WINDOWS\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [2005-03-07 22:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-10-31 23:15 163840 C:\WINDOWS\system32\VTTrayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 06:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= msaud32_divx.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 17:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 17:37]
S3 FXDRV;FXDRV;D:\Fxdrv.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\cvkaf9fj.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.fi/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 17:12:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-28 17:14:51
ComboFix-quarantined-files.txt 2008-08-28 14:14:44
ComboFix2.txt 2008-08-26 19:01:31

Pre-Run: 132,229,169,152 tavua vapaana
Post-Run: 132,223,414,272 tavua vapaana

259 --- E O F --- 2008-08-15 12:55:08


Malwarebytes' Anti-Malware 1.25
Tietokantaversio: 1090
Windows 5.1.2600 Service Pack 2

17:36:07 28.8.2008
mbam-log-08-28-2008 (17-36-03).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 68169
Kulunut aika: 14 minute(s), 19 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 12

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\Documents and Settings\NetworkService\Cookies\bumo.reg (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\LocalService\Cookies\bumo.reg (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\NetworkService\Cookies\jababug.inf (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\LocalService\Cookies\jababug.inf (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\NetworkService\Cookies\uwux.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\LocalService\Cookies\uwux.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\NetworkService\Cookies\jiceji._sy (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\LocalService\Cookies\jiceji._sy (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\NetworkService\Cookies\esycire._dl (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\LocalService\Cookies\esycire._dl (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\NetworkService\Cookies\syssp.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\LocalService\Cookies\syssp.exe (Fake.Dropped.Malware) -> No action taken.

 

tämä kohta viimisessä scannauksesa

5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.