Rundll32 ongelmat/viruspulmat

Asensin windows blinds ohjelman joka sekoitti koneen ihan jumiin ja nyt tarvis vähän apua sen korjaamisessa,kyseinen ohjelma on poistettu hetimiten ja mukana on hijack loki ja malvarebytesin lokitiedostot jos niistä joku viisas osaisi neuvoa...edit niin ja sit tulee vielä Combofixin loki ja Sdfixin....

HIJACK:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:24:21, on 23.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Gamesurround Fortissimo 4 mixer\EnMixCPL.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Gamesurround Fortissimo 4 mixer\EnMixCPL.exe
O4 - HKLM\..\Run: [MSUpdate] C:\DOCUME~1\Omistaja\LOCALS~1\Temp\pi.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"

/background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CS5\Services\Tcpip\..\{1085DE63-332E-44B5-A5C0-6BAD8A3DD298}:

NameServer = 217.78.192.22 217.78.192.78
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program

Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile

Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. -

C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software -

C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp

Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 5129 bytes

MALWAREBYTES:

Malwarebytes' Anti-Malware 1.34
Tietokantaversio: 1797
Windows 5.1.2600 Service Pack 3

23.2.2009 23:47:53
mbam-log-2009-02-23 (23-47-53).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 102516
Kulunut aika: 19 minute(s), 43 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)


COMBOFIX:

ComboFix 09-02-21.01 - Omistaja 2009-02-24 0:12:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.2047.1601 [GMT 2:00]
Sijainti: c:\ohjelmat\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090223-0] *On-access scanning disabled* (Updated)
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\pthreadGC2.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-23 to 2009-02-23 )))))))))))))))))
.

2009-02-23 23:12 . 2009-02-23 23:12 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-23 23:12 . 2009-02-23 23:12 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\Malwarebytes
2009-02-23 23:12 . 2009-02-23 23:12 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-23 23:12 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-23 23:12 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-23 22:53 . 2009-02-23 22:53 <KANSIO> d-------- c:\program files\Trend Micro
2009-02-23 17:51 . 2009-02-23 17:51 <KANSIO> d-------- c:\windows\Sun
2009-02-23 15:39 . 2009-02-23 15:39 <KANSIO> d-------- c:\program files\Lavasoft
2009-02-23 15:39 . 2009-02-23 15:49 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-23 15:21 . 2007-08-24 19:45 101,120 -ra------ c:\windows\system32\drivers\ewusbmdm.sys
2009-02-23 15:21 . 2007-08-24 19:45 24,448 -ra------ c:\windows\system32\drivers\ewdcsc.sys
2009-02-23 14:16 . 2009-02-23 14:16 2,560 --a------ c:\windows\_MSRSTRT.EXE
2009-02-23 14:02 . 2007-07-11 15:06 42,672 --------- c:\windows\system32\wbsys.dll
2009-02-22 02:44 . 2009-02-22 02:44 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\gtk-2.0
2009-02-22 02:37 . 2009-02-22 02:37 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\PCF-VLC
2009-02-22 02:32 . 2009-02-22 02:32 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\Participatory Culture Foundation
2009-02-21 15:45 . 2009-02-21 15:45 <KANSIO> d-------- c:\program files\Common Files\Nero
2009-02-21 15:45 . 2009-02-21 15:46 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\Nero
2009-02-21 15:45 . 2009-02-21 15:45 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-02-21 15:44 . 2009-02-21 15:45 <KANSIO> d-------- c:\program files\Nero
2009-02-20 14:42 . 2009-02-20 14:42 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\fretsonfire
2009-02-20 14:40 . 2009-02-23 16:11 <KANSIO> d-------- c:\program files\Frets on Fire
2009-02-20 12:53 . 2009-02-20 12:53 <KANSIO> d-------- c:\program files\Deluxe Ski Jump 3
2009-02-20 10:25 . 2009-02-23 22:34 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\dvdcss
2009-02-19 15:06 . 2009-02-19 15:06 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-19 15:06 . 2009-02-19 15:06 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-18 16:37 . 2009-02-18 16:37 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-02-18 14:28 . 2009-02-18 14:28 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Last.fm
2009-02-18 14:26 . 2009-02-18 14:26 <KANSIO> d-------- c:\program files\Last.fm
2009-02-18 06:10 . 2009-02-18 06:10 <KANSIO> d-------- c:\windows\system32\fi-fi
2009-02-18 06:10 . 2009-02-18 06:10 <KANSIO> d-------- c:\windows\system32\fi
2009-02-18 06:10 . 2009-02-18 06:10 <KANSIO> d-------- c:\windows\system32\bits
2009-02-18 06:10 . 2009-02-18 06:10 <KANSIO> d-------- c:\windows\l2schemas
2009-02-18 06:09 . 2009-02-18 06:10 <KANSIO> d-------- c:\windows\ServicePackFiles
2009-02-18 06:05 . 2009-02-18 06:05 <KANSIO> d-------- c:\windows\EHome
2009-02-18 05:46 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-18 05:46 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-02-18 05:46 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-18 03:15 . 2009-02-18 03:15 <KANSIO> d-------- c:\program files\GIMP-2.0
2009-02-18 03:15 . 2009-02-18 03:31 <KANSIO> d-------- c:\documents and settings\Omistaja\.gimp-2.6
2009-02-18 03:15 . 2009-02-18 03:15 <KANSIO> d-------- c:\documents and settings\Omistaja\.gegl-0.0
2009-02-17 17:01 . 2004-09-14 16:06 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys
2009-02-17 13:15 . 2009-02-23 23:23 <KANSIO> d-------- c:\documents and settings\Omistaja\Tracing
2009-02-17 13:14 . 2009-02-17 13:14 <KANSIO> d-------- c:\program files\Windows Live SkyDrive
2009-02-17 13:14 . 2009-02-17 13:15 <KANSIO> d-------- c:\program files\Windows Live
2009-02-17 13:14 . 2009-02-17 13:14 <KANSIO> d-------- c:\program files\Microsoft
2009-02-17 12:28 . 2009-02-17 12:28 <KANSIO> d-------- c:\program files\Common Files\Windows Live
2009-02-16 08:15 . 2009-02-16 08:15 <KANSIO> d-------- c:\program files\Aspyr
2009-02-16 08:15 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2009-02-16 08:15 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2009-02-16 02:21 . 2009-02-16 02:21 <KANSIO> d-------- c:\program files\TimeAdjuster
2009-02-14 02:52 . 2009-02-14 05:18 <KANSIO> d-------- c:\program files\The KMPlayer
2009-02-14 02:51 . 2009-02-14 02:51 <KANSIO> d-------- c:\program files\ffdshow
2009-02-14 02:51 . 2009-02-09 19:56 67,584 --a------ c:\windows\system32\ff_vfw.dll
2009-02-14 02:51 . 2009-02-09 19:56 50,688 --a------ c:\windows\system32\ff_acm.acm
2009-02-14 02:51 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-02-14 02:50 . 2009-02-14 02:50 <KANSIO> d-------- c:\program files\AC3Filter
2009-02-14 02:50 . 2008-07-09 10:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2009-02-13 20:39 . 2009-02-13 20:39 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Wave64 Codec.bmp
2009-02-13 20:39 . 2009-02-13 20:39 1,224 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
2009-02-13 20:38 . 2009-02-13 20:38 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.bmp
2009-02-13 20:38 . 2009-02-13 20:38 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Midi Decoder.bmp
2009-02-13 20:38 . 2009-02-13 20:38 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Dalet Codec.bmp
2009-02-13 20:38 . 2009-02-13 20:38 3,153 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2009-02-13 20:38 . 2009-02-13 20:38 2,649 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Midi Decoder.dat
2009-02-13 20:38 . 2009-02-13 20:38 1,206 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Dalet Codec.dat
2009-02-13 20:37 . 2009-02-16 08:31 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\dBpoweramp
2009-02-13 20:37 . 2009-02-13 20:37 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.bmp
2009-02-13 20:37 . 2009-02-13 20:37 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp DirectShow Decoder.bmp
2009-02-13 20:37 . 2009-02-13 20:37 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp CLI Encoder.bmp
2009-02-13 20:37 . 2009-02-13 20:37 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Aiff Codec.bmp
2009-02-13 20:37 . 2009-02-13 20:37 3,018 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp CLI Encoder.dat
2009-02-13 20:37 . 2009-02-13 20:37 2,738 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp DirectShow Decoder.dat
2009-02-13 20:37 . 2009-02-13 20:37 1,844 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
2009-02-13 20:37 . 2009-02-13 20:37 1,111 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Aiff Codec.dat
2009-02-13 20:36 . 2009-02-13 20:36 <KANSIO> d-------- c:\windows\system32\drivers\umdf
2009-02-13 20:36 . 2009-02-13 20:36 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp
2009-02-13 20:36 . 2009-02-13 20:36 3,400 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2009-02-13 20:35 . 2009-02-13 20:35 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp WavPack Codec.bmp
2009-02-13 20:35 . 2009-02-13 20:35 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp TTA Codec.bmp
2009-02-13 20:35 . 2009-02-13 20:35 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Shorten Codec.bmp
2009-02-13 20:35 . 2009-02-13 20:38 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.bmp
2009-02-13 20:35 . 2009-02-13 20:39 11,473 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
2009-02-13 20:35 . 2009-02-13 20:35 3,417 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp TTA Codec.dat
2009-02-13 20:35 . 2009-02-13 20:35 3,411 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Shorten Codec.dat
2009-02-13 20:35 . 2009-02-13 20:35 3,008 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
2009-02-13 20:34 . 2009-02-13 20:34 88,576 --a------ c:\windows\system32\OptimFROG.dll
2009-02-13 20:34 . 2009-02-13 20:34 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp OptimFROG Codec.bmp
2009-02-13 20:34 . 2009-02-13 20:34 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp
2009-02-13 20:34 . 2009-02-13 20:34 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.bmp
2009-02-13 20:34 . 2009-02-13 20:34 3,467 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp OptimFROG Codec.dat
2009-02-13 20:34 . 2009-02-13 20:34 3,107 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2009-02-13 20:34 . 2009-02-13 20:34 2,987 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2009-02-13 20:33 . 2009-02-13 20:33 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.bmp
2009-02-13 20:33 . 2009-02-13 20:33 3,625 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2009-02-13 20:32 . 2009-02-13 20:32 <KANSIO> d-------- c:\program files\Illustrate
2009-02-13 20:32 . 2009-02-16 08:37 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\AccurateRip
2009-02-13 20:32 . 2008-11-03 11:30 408,440 --a------ c:\windows\system32\SpoonUninstall.exe
2009-02-13 20:32 . 2009-02-13 20:32 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2009-02-13 20:32 . 2009-02-13 20:33 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.bmp
2009-02-13 20:32 . 2009-02-13 20:32 14,051 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-02-13 20:32 . 2009-02-13 20:33 10,099 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2009-02-13 05:18 . 2009-02-13 05:18 <KANSIO> d-------- c:\windows\system32\Lang
2009-02-13 05:18 . 2009-02-13 05:18 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2009-02-13 05:18 . 2009-02-13 05:18 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2009-02-13 05:13 . 2009-02-13 05:13 <KANSIO> d-------- c:\windows\system32\RTCOM
2009-02-13 05:13 . 2008-07-03 10:51 16,876,032 -ra------ c:\windows\RTHDCPL.EXE
2009-02-13 05:13 . 2008-06-19 10:27 9,715,200 -ra------ c:\windows\RTLCPL.EXE
2009-02-13 05:13 . 2008-07-03 11:03 4,745,216 -ra------ c:\windows\system32\drivers\RtkHDAud.sys
2009-02-13 05:13 . 2008-06-19 10:42 2,808,832 -ra------ c:\windows\ALCWZRD.EXE
2009-02-13 05:13 . 2007-06-28 10:44 2,165,760 -ra------ c:\windows\MicCal.exe
2009-02-13 05:13 . 2007-11-20 12:15 1,826,816 -ra------ c:\windows\SkyTel.exe
2009-02-13 05:13 . 2008-04-02 03:27 1,196,032 -ra------ c:\windows\RtlUpd.exe
2009-02-13 05:13 . 2008-06-19 10:24 278,528 -ra------ c:\windows\system32\ALSNDMGR.CPL
2009-02-13 05:13 . 2008-03-13 08:52 266,240 -ra------ c:\windows\system32\RTSndMgr.CPL
2009-02-13 05:13 . 2008-06-18 12:01 77,824 -ra------ c:\windows\SOUNDMAN.EXE
2009-02-13 05:13 . 2008-06-19 10:20 57,344 -ra------ c:\windows\ALCMTR.EXE
2009-02-13 02:03 . 2009-02-13 02:03 <KANSIO> d---s---- c:\documents and settings\Omistaja\UserData
2009-02-13 01:54 . 2009-02-23 17:37 <KANSIO> d-------- c:\program files\PAFPoker
2009-02-12 21:26 . 2009-02-12 21:26 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\Media Player Classic
2009-02-12 21:12 . 2009-02-12 22:39 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\vlc
2009-02-12 20:58 . 2004-10-15 09:17 575,424 -ra------ c:\windows\system32\drivers\Envy24HF.sys
2009-02-12 20:57 . 2009-02-12 20:58 <KANSIO> d-------- c:\program files\Gamesurround Fortissimo 4 mixer
2009-02-12 19:57 . 2009-02-12 19:57 13,646 --a------ c:\windows\system32\wpa.bak
2009-02-12 19:48 . 2008-06-14 19:34 272,128 --------- c:\windows\system32\drivers\bthport.sys

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-23 13:21 --------- d-----w c:\program files\Mobile Partner
2009-02-19 13:06 --------- d-----w c:\program files\Java
2009-02-12 20:39 --------- d-----w c:\documents and settings\Omistaja\Application Data\vlc
2009-02-12 15:45 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-12 15:45 --------- d-----w c:\program files\AMD
2009-02-12 15:44 --------- d-----w c:\documents and settings\Omistaja\Application Data\InstallShield
2009-02-12 15:41 --------- d-----w c:\program files\mutilang
2009-02-12 15:31 --------- d-----w c:\program files\microsoft frontpage
2009-02-12 15:31 --------- d-----w c:\program files\Common Files\Java
2009-02-06 16:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2008-12-10 07:45 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-12-04 07:28 24,344 ----a-w c:\windows\system32\PhysXDevice.dll
2008-11-26 06:55 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-11-25 06:38 288,024 ----a-w c:\windows\system32\PhysXCompatCplUI.exe
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-19 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"EnvyHFCPL"="c:\program files\Gamesurround Fortissimo 4 mixer\EnMixCPL.exe" [2004-10-14 3893248]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"msacm.avis"= ff_acm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-12 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-12 20560]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-02-12 603904]
R3 Envy24HFS;Gamesurround Fortissimo 4 Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [2009-02-12 575424]

--- Muut muistissa olevat ajurit/palvelut ---

*Deregistered* - MBAMSwissArmy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{285b7ae1-f91b-11dd-8803-ae5577a90e47}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{285b7ae4-f91b-11dd-8803-ae5577a90e47}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c04fdf5a-01ac-11de-ae68-0021859e75a1}]
\Shell\AutoRun\command - D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff7f9336-01aa-11de-ae67-0021859e75a1}]
\Shell\AutoRun\command - D:\AutoRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{97973A9C-AD14-9AE6-076F-450CC8F92160}]
c:\docume~1\Omistaja\LOCALS~1\Temp\pi.exe
.
'Ajoitetut tehtävät'-kansion sisältö

2009-02-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]

2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Täydentävä tarkistus -------
.
FF - ProfilePath - c:\documents and settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\fy1qhbj3.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 00:13:28
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\�•€|ÿÿÿÿ"•€|þ»Ów*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
Valmistumisajankohta: 2009-02-24 0:13:58
ComboFix-quarantined-files.txt 2009-02-23 22:13:56

Ennen ajoa: 52 646 924 288 tavua vapaana
Ajon jälkeen: 52,686,188,544 tavua vapaana

WindowsXP-KB310994-SP2-Home-BootDisk-FIN.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5

SDFIX:

SDFix: Version 1.240
Run by Omistaja on ti 24.02.2009 at 00:31

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\Documents and Settings\Omistaja\Omat tiedostot\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 00:45:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"="C:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe:*isabled:Guitar Hero III"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Remaining Files :



Files with Hidden Attributes :

Fri 13 Feb 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!