HjT_loki Muutama troya ei lähde, enkä myöskään saa taustakuvaa vaihdettua .KiitoS

Kaikkeni olen yrittänyt afterdawnilta eri ohjelmia käyttäen, mutta ei niin ei. Nyt tarvis apua pojjaat...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:56:54, on 26.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\StartupMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.telkku.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A99091B0-D5C1-40DF-BF12-8F929063A311} - C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\Content.IE5\GACH46F5\3077htsbdjyf[1].dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://free.avg.com
O15 - Trusted Zone: http://www.java.com
O15 - Trusted Zone: http://www.kaspersky.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199268633166
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5617 bytes

 

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {A99091B0-D5C1-40DF-BF12-8F929063A311} - C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\Content.IE5\GACH46F5\3077htsbdjyf[1].dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

===========

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

===============

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

=============

Javan päivitys ja välimuistin tyhjennys:

Lataa JavaRa ja pura se työpöydällesi.

***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***

* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.
4. Asenna uusin Java päivitys seuraavasta linkistä..

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 7
Paina Download
Laita Platform -kohtaan Windows
Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue
Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe

Tallenna tiedosto vaikka työpöydälle ja asenna se.

5. Käynnistä kone uudelleen asennuksen jälkeen.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:
* Applications and Applets
* Trace and Log Files

Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically
Valitse Never check
11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.

==============

Lataa Tästä Ccleaner
CCleaner v2.05.555- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
Asennuksen jälkeen aukaise CCleaner.
Valitse vasemmalta pystyrivistä Options.
Valitse viereisestä pystyrivistä Settings.
Language kohtaan valitse Suomi.

Puhdistaja
Valitse vasemmalta pystyrivistä Puhdistaja.
Paina alhaalta Tutki.
Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaner poistaa löydetyt tempit, cookiessit jne.

Rekisterin virheiden korjaus
Valitse vasemmalta pystyrivistä Rekisteri.
Paina alhaalta Etsi rekisterin virheitä.
Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
Saat vielä varmistus kysymyksen, paina Ok.
Kun virheet on korjattu, paina Sulje.
Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.

 

ComboFix 08-08-25.01 - Sami 2008-08-26 16:11:28.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.1397 [GMT 3:00]
Running from: C:\Documents and Settings\Sami\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-07-26 to 2008-08-26 )))))))))))))))))
.

2008-08-26 13:10 . 2008-08-26 13:10 <KANSIO> d-------- C:\Program Files\Enigma Software Group
2008-08-26 12:04 . 2008-08-26 12:04 579,072 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-08-26 12:03 . 2008-08-26 12:03 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-08-26 01:36 . 2008-08-26 01:36 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-08-26 00:16 . 2008-08-26 00:16 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-26 00:16 . 2008-08-26 00:16 <KANSIO> d-------- C:\Documents and Settings\Sami\Application Data\Malwarebytes
2008-08-26 00:16 . 2008-08-26 00:16 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-26 00:16 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 00:16 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-25 23:59 . 2008-08-26 12:52 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-25 23:59 . 2008-08-26 12:52 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-22 19:00 . 2008-08-22 19:00 <KANSIO> d-------- C:\Program Files\Sygate
2008-08-22 19:00 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-08-22 19:00 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-08-22 19:00 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-08-22 19:00 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-08-22 19:00 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-08-22 19:00 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-08-22 19:00 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-08-22 16:22 . 18,688 C:\WINDOWS\system32\drivers\vlvmrura.dat
2008-08-22 16:22 . 5,120 C:\WINDOWS\system32\drivers\jkueopxu.dat
2008-08-17 09:10 . 2008-08-17 09:10 335 --a------ C:\WINDOWS\mozregistry.dat
2008-08-16 11:00 . 2008-08-26 14:23 <KANSIO> d-------- C:\Program Files\a-squared Anti-Malware
2008-08-16 07:58 . 2008-08-26 12:46 <KANSIO> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-16 07:58 . 2008-08-26 16:10 <KANSIO> d--h----- C:\$AVG8.VAULT$
2008-08-16 05:45 . 2008-08-16 07:57 <KANSIO> d-------- C:\Program Files\RegCure
2008-08-16 00:48 . 2008-08-22 18:19 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-16 00:48 . 2008-08-22 18:19 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-16 00:48 . 2008-08-22 18:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-15 22:01 . 2008-08-15 22:01 <KANSIO> d-------- C:\Documents and Settings\Sami\Application Data\Windows Search
2008-08-15 22:00 . 2008-08-15 22:00 <KANSIO> d-------- C:\Documents and Settings\Sami\Application Data\Windows Desktop Search
2008-08-15 21:59 . 2008-08-15 21:59 <KANSIO> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-15 21:59 . 2008-08-15 21:59 <KANSIO> d-------- C:\Program Files\Windows Desktop Search
2008-08-15 21:59 . 2008-07-22 17:52 1,214,526 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-15 21:59 . 2008-07-22 17:52 790,846 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-15 21:59 . 2008-03-07 20:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-15 21:59 . 2008-03-07 20:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-15 21:59 . 2008-03-07 20:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-15 21:59 . 2008-07-22 17:52 9,696 -----c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-08-15 19:46 . 2008-08-16 11:34 <KANSIO> d-------- C:\Program Files\Webteh
2008-08-15 14:16 . 2008-04-11 22:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-15 14:16 . 2008-05-01 17:35 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-11 16:22 . 2008-08-26 14:17 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-08-07 07:46 . 2008-08-07 07:46 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\RTL Winter Sports 2008
2008-08-07 04:27 . 2008-08-07 04:34 <KANSIO> d-------- C:\Downloads
2008-08-07 01:46 . 2008-08-07 01:46 278,728 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-08-07 01:46 . 2008-08-07 01:46 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-08-05 19:04 . 2008-08-05 19:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-08-05 18:53 . 2008-08-05 18:53 <KANSIO> d-------- C:\Program Files\Google
2008-08-02 20:50 . 2008-08-05 18:52 <KANSIO> d-------- C:\Program Files\Apple Software Update
2008-08-01 05:53 . 2008-08-01 05:54 <KANSIO> d-------- C:\Documents and Settings\Sami\Application Data\PC Suite
2008-08-01 05:53 . 2008-08-05 18:52 <KANSIO> d-------- C:\Documents and Settings\Sami\Application Data\Nokia
2008-08-01 05:28 . 2008-08-05 18:53 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution(2)
2008-08-01 05:28 . 2008-08-15 18:20 <KANSIO> d-------- C:\Program Files\Nokia
2008-08-01 04:25 . 2008-08-07 07:43 <KANSIO> d-------- C:\temppi
2008-08-01 04:02 . 2008-08-05 18:53 <KANSIO> d-------- C:\Program Files\Google(2)
2008-07-31 12:17 . 2008-08-05 18:53 <KANSIO> d-------- C:\Program Files\Sygate(2)

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 10:46 --------- d-----w C:\Program Files\CCleaner
2008-08-22 15:59 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-22 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-16 22:54 --------- d-----w C:\Program Files\real
2008-08-16 09:47 --------- d-----w C:\Program Files\Java
2008-08-16 07:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-16 04:58 --------- d-----w C:\Program Files\Skype
2008-08-11 13:22 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-07 05:50 --------- d-----w C:\Documents and Settings\Sami\Application Data\Skype
2008-08-07 05:35 --------- d-----w C:\Documents and Settings\Sami\Application Data\skypePM
2008-08-07 03:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-06 15:55 --------- d-----w C:\Documents and Settings\Sami\Application Data\U3
2008-08-05 15:54 --------- d-----w C:\Program Files\ATI(2)
2008-08-05 15:54 --------- d-----w C:\Program Files\ATI Technologies
2008-08-05 15:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI(2)
2008-08-05 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-02 17:46 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-08-01 02:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-07-25 04:11 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-07-24 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Disk Cleaner
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-05 03:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Registry Helper
2008-07-02 21:04 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-07-02 20:50 --------- d-----w C:\Documents and Settings\Sami\Application Data\OpenOffice.org2
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(9).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(8).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(7).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(6).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(5).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(4).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(3).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(2).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(11).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(10).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(9).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(8).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(7).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(6).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(5).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(4).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(3).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(12).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(11).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(10).dll
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(9).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(8).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(7).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(6).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(5).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(4).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(3).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(2).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(11).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(10).exe
2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(9).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(8).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(7).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(6).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(5).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(4).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(3).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(12).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(11).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(10).dll
2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(9).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(8).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(7).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(6).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(5).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(4).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(3).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(12).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(11).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(10).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(9).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(8).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(7).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(6).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(5).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(4).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(3).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(12).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(11).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(10).dll
2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag(9).dll
2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag(8).dll
2008-05-14 00:06 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008051420080515\index.dat
.

------- Sigcheck -------

2006-03-02 15:00 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2008-04-14 19:12 14336 6138d30346cf435d2bf32cbc1437f625 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-14 19:12 14336 6138d30346cf435d2bf32cbc1437f625 C:\WINDOWS\system32\svchost.exe

2005-03-02 21:20 577536 409647243875a2f91bae81cbef248cb6 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 18:50 578560 90f1d04938bae133e2f4d8f7f0fa4fa0 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2006-03-02 15:00 577536 44c02bc54d56ed3a685302e91396720a C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 21:18 577536 aeefa9d983c986e7a8d6d80ca165b93f C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2008-04-14 19:11 579072 9d0a78e87972b880c254241262108232 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2008-04-14 19:11 579072 9d0a78e87972b880c254241262108232 C:\WINDOWS\system32\user32.dll
2008-08-26 12:04 579072 9d0a78e87972b880c254241262108232 C:\WINDOWS\system32\dllcache\user32.dll

2006-03-02 15:00 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2008-04-14 19:11 82432 17f2addc53069471ea68528e5458ff2e C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2008-04-14 19:11 82432 17f2addc53069471ea68528e5458ff2e C:\WINDOWS\system32\ws2_32.dll

2007-10-11 02:23 825344 97448c39d6185a4514dda6c6a861a4e6 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 04:42 825344 4551eb7ab420af3db7eabd5a83c8100c C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 15:35 827392 62b193606f56d6ceab6704af6a45774f C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-04-23 07:21 827392 e56922cde1cb53087289c41cdabde9f9 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 18:40 827904 30b60fb6a1051e80a1054df25a4f9913 C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2006-03-02 15:00 656384 24965d454199a92ee14f2f0e4374f89c C:\WINDOWS\ie7\wininet.dll
2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 02:52 824832 658bdbc46e45cd4cd7cd7896b6cf4e88 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 05:14 824832 d0d4908912f67aad4cc6e8b0b1df39c9 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 16:01 826368 a593abdc028e8ef0137ea953f84704b1 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 07:16 826368 77f1c09d0cfc01d1b5740a999374fa33 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2008-04-14 19:11 666112 805df36832d972480e4ec8adc5a85c9b C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2007-10-11 09:14 659456 ba86a6f850c95947fb4bb498e5db4fca C:\WINDOWS\SoftwareDistribution\Download\d58bbb9f6643c73c822efda2a7fdcba1\sp2gdr\wininet.dll
2007-10-11 09:00 666112 824805db3f45b2d721e9c0a589d3eec0 C:\WINDOWS\SoftwareDistribution\Download\d58bbb9f6643c73c822efda2a7fdcba1\sp2qfe\wininet.dll
2007-10-11 02:52 824832 658bdbc46e45cd4cd7cd7896b6cf4e88 C:\WINDOWS\SoftwareDistribution\Download\ee0e194273f60fb6b1361b7bdeb6c90b\SP2GDR\wininet.dll
2007-10-11 02:23 825344 97448c39d6185a4514dda6c6a861a4e6 C:\WINDOWS\SoftwareDistribution\Download\ee0e194273f60fb6b1361b7bdeb6c90b\SP2QFE\wininet.dll
2008-06-23 19:29 826368 d8d46a9b69c6aedb8bb3b9b59ef56b23 C:\WINDOWS\system32\wininet.dll
2008-06-23 19:29 826368 d8d46a9b69c6aedb8bb3b9b59ef56b23 C:\WINDOWS\system32\dllcache\wininet.dll

2006-04-20 15:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 14:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2007-10-30 20:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2006-03-02 15:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 14:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 22:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-04-13 22:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-06-20 14:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 14:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\drivers\tcpip.sys

2006-03-02 15:00 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-14 19:12 508416 76b238743be82d4cae1b7c95c898b6b6 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-14 19:12 508416 76b238743be82d4cae1b7c95c898b6b6 C:\WINDOWS\system32\winlogon.exe

2006-03-02 15:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2008-04-13 22:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 22:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\system32\drivers\ndis.sys

2006-03-02 15:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 21:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 21:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-02 21:13 2059264 01f49730c2d76aad87c4d2b2dd4e12e2 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 19:08 2061696 8bacc2a67078823acab7c8306f394918 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-02-28 19:02 2018304 6f398f69068f83b68b139d54642f2112 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2006-03-02 15:00 2017792 ec7ca6ab83b9754e560a4867539a251a C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 21:08 2017792 e7eab51c7ab70443b2c63cec3ee1982e C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2008-04-14 18:49 2068224 fb43994013605429b57f7b1040f7c525 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-14 18:49 2026496 160bd8786076c9f06130ecf74e1851a3 C:\WINDOWS\system32\ntkrnlpa.exe

2005-03-02 21:13 2181888 6e55b15ee58a0eaaaf20db1f4da39add C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 19:08 2184448 7ff07a634379ee2fd2b097fd76c49bfc C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2007-02-28 19:02 2138624 7854a5d7e2efe5b700f028af01671715 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2006-03-02 15:00 2150912 23e62e3b191b28e18fd9da415de54e26 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 21:08 2138112 84c80a0dc810c6606ee3b59091be58d6 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2008-04-14 18:49 2191360 cb0343f73a320cd0fefebeefd946fc97 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-14 18:49 2147840 3b208fe3c62f36eee7e4fa110fff404b C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 19:12 1034240 0c35f47295002f8a06419744e945d670 C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2006-03-02 15:00 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 19:12 1034240 0c35f47295002f8a06419744e945d670 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 19:12 1034240 0c35f47295002f8a06419744e945d670 C:\WINDOWS\system32\dllcache\explorer.exe

2006-03-02 15:00 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2008-04-14 19:12 109056 e473263067492fc77f7690d4112caf16 C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-14 19:12 109056 e473263067492fc77f7690d4112caf16 C:\WINDOWS\system32\services.exe

2006-03-02 15:00 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2008-04-14 19:12 13312 abe0d5760dafd55390057378cda68bd8 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-14 19:12 13312 abe0d5760dafd55390057378cda68bd8 C:\WINDOWS\system32\lsass.exe

2006-03-02 15:00 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 19:12 15360 b067064d68be516f1b5417a086f0bfe9 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 19:12 15360 b067064d68be516f1b5417a086f0bfe9 C:\WINDOWS\system32\ctfmon.exe
2008-04-14 19:12 15360 b067064d68be516f1b5417a086f0bfe9 C:\WINDOWS\system32\dllcache\ctfmon.exe

2005-06-11 03:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 02:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2006-03-02 15:00 57856 977db6827ad7c3eaa1f9e83a22483611 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 19:12 57856 6f9ff25dd729a9cae870e4beea764547 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-14 19:12 57856 6f9ff25dd729a9cae870e4beea764547 C:\WINDOWS\system32\spoolsv.exe

2008-04-14 19:12 111616 dfb4a2bf37b64f992544c45b5c1241ba C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
2007-07-30 20:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\wuauclt.exe
2007-07-30 20:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\dllcache\wuauclt.exe

2006-03-02 15:00 24576 6484e1ecd8be4011d74fe68a761798fd C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-14 19:12 26112 3a5773b946c1b4f0db1b48a5d8e1d562 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-14 19:12 26112 3a5773b946c1b4f0db1b48a5d8e1d562 C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-26_ 1.52.13.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 13:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-26 09:03:37 5,500,928 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-08-26 09:03:37 249,856 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 13:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-08-26 09:03:27 5,500,928 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-08-26 09:03:27 249,856 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A99091B0-D5C1-40DF-BF12-8F929063A311}]
C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\Content.IE5\GACH46F5\3077htsbdjyf[1].dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-22 18:19 1232152]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-08-26 14:23 2705040]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 19:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 17:23 86016 C:\WINDOWS\StartupMonitor.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"F:\\Pelit\\Return to Castle Wolfenstein\\WolfMP.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22556:TCP"= 22556:TCP:BitCometBeta 22556 TCP
"22556:UDP"= 22556:UDP:BitCometBeta 22556 UDP
"13824:TCP"= 13824:TCP:BitCometBeta 13824 TCP
"13824:UDP"= 13824:UDP:BitCometBeta 13824 UDP
"8973:TCP"= 8973:TCP:BitComet 8973 TCP
"8973:UDP"= 8973:UDP:BitComet 8973 UDP
"14519:TCP"= 14519:TCP:BitComet 14519 TCP
"14519:UDP"= 14519:UDP:BitComet 14519 UDP

R0 kkgutnpm;kkgutnpm;C:\WINDOWS\system32\drivers\vlvmrura.dat []
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-22 18:19]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-22 18:19]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-22 18:19]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-22 18:19]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 21:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5b062a5-2f54-11dd-a797-00508dc84ead}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
'Ajoitetut tehtävät'-kansion sisältö

2008-08-26 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe []

2008-08-16 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Sami\Application Data\Mozilla\Firefox\Profiles\d232pzia.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.telkku.com/
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npagent.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 16:12:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kkgutnpm]
"ImagePath"="system32\drivers\vlvmrura.dat"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-08-26 16:13:25
ComboFix-quarantined-files.txt 2008-08-26 13:13:22
ComboFix2.txt 2008-08-26 12:09:22
ComboFix3.txt 2008-08-26 09:25:18
ComboFix4.txt 2008-08-25 23:07:33
ComboFix5.txt 2008-08-26 13:11:19

Pre-Run: 17,675,984,896 tavua vapaana
Post-Run: 17,661,849,600 tavua vapaana

365 --- E O F --- 2008-08-22 15:59:47

 

jatka vain eteen päin

 

Se ei poista tätä kohtaa HJTstä O2 - BHO: (no name) - {A99091B0-D5C1-40DF-BF12-8F929063A311} - C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\Content.IE5\GACH46F5\3077htsbdjyf[1].dll (file missing) Siis poistaa, mutta kun scannaaan uudestaan niin siellähän se roikkuu vaan.väsyttävä kaveri

 

Malwarebytes' Anti-Malware 1.25
Tietokantaversio: 1087
Windows 5.1.2600 Service Pack 3

17:21:00 26.8.2008
mbam-log-08-26-2008 (17-21-00).txt

Tarkistustyyppi: Täysi tarkistus (C:\|F:\|)
Tarkistetut kohteet: 77714
Kulunut aika: 25 minute(s), 56 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 2
Saastuneita rekisteriarvoja: 4
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 1

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a99091b0-d5c1-40df-bf12-8f929063a311} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a99091b0-d5c1-40df-bf12-8f929063a311} (Trojan.BHO.H) -> Delete on reboot.

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\Content.IE5\GACH46F5\3077htsbdjyf[1].dll (Trojan.BHO.H) -> Quarantined and deleted successfully.

 

Ja KIITOS HUJO yritetään viedä tää vielä kunnialla loppuun..omat eväät ei tuskin vaan riitä yksin

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 17:44:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000461827b96]
"00174bafa7cd"=hex:79,1a,6a,d1,ad,ce,c1,a3,f3,22,09,cf,73,bd,fc,70
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:0c,ea,a1,af,89,75,5e,83,fd,34,7d,ae,f9,09,a6,6a,a2,f4,60,ba,4b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000461827b96]
"00174bafa7cd"=hex:79,1a,6a,d1,ad,ce,c1,a3,f3,22,09,cf,73,bd,fc,70
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:0c,ea,a1,af,89,75,5e,83,fd,34,7d,ae,f9,09,a6,6a,a2,f4,60,ba,4b,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"F:\\Pelit\\Return to Castle Wolfenstein\\WolfMP.exe"="F:\\Pelit\\Return to Castle Wolfenstein\\WolfMP.exe:*:Enabled:WolfMP"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Fri 16 May 2008 24 ..SH. --- "C:\WINDOWS\SDE29989A.tmp"
Fri 16 May 2008 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Fri 16 May 2008 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Wed 2 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\Sami\Application Data\U3\temp\Launchpad Removal.exe"

Finished!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:26, on 26.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.telkku.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A99091B0-D5C1-40DF-BF12-8F929063A311} - C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\Content.IE5\GACH46F5\3077htsbdjyf[1].dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://free.avg.com
O15 - Trusted Zone: http://www.java.com
O15 - Trusted Zone: http://www.kaspersky.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199268633166
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5600 bytes

 

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Aug 26 18:02:04 2008

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.

 

Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

 

Ei tääkään hugo vaan fudaa, ja olen todella kiitollinen sinulle, saimme kunnon pähkinän aikaan.. Sanoit ; Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes

No se kone sammuu hyvin nopeasti ja avautuu taas eikä OtMovelt ole päässyt tekemään näköjään mitään mitään.... Vaikka tämän jälkeen käytän Malwarebytesiä löytää se 2 erilaista troijaa edelleen, Trojan.Agent x4 ja Trojan.BHO.H x3.... Eli jos sun kärsivällisyys kestää niin kyllä munkin....uutta matoa koukkuun vaiko?

 

scannaa uusi hjt:n loki.

==============

Lataa: RegSeeker.zip työpöydälle:

Pura zip C:\RegSeeker\ kansioon. Sieltä käynnistät RegSeeker.exe ohjelman.
Oikeasa yläkulmassa on Languages.... linkki, josta valitset Suomenkielen.
Vasemmasta alakulmasta ruksit Luo vrmuuskopio ja sitten linkki Puhdista rekisteri
Ruksit kaikkiin muihin kohtiin paitsi "Käyttökelvottomat.." sitten "OK" (odotat hetken).
Ruutuun ilmestyy lista epäkelvoista rekisterimerkinnöistä, jotka alapalkista Valitse kohdasta
klikkaat Valitse kaikki jolloin valitut saavat keltaisen pohjavärin.
Alapalkin Toiminnot linkistä klikkaat Poista valitut kohteet
Ponnahdusikkunaan "Kaikki valitut kohteet poistetaan ? vastaat "OK".
Seuraavaan Ponnahdusikkunaan "Varmuuskopiot" vastaat "OK".
Klikaa vasemmalta Lopeta RegSeeker ja käynnistä koneesi uudelleen.

===========

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Vilpitön kiitos tuestasi... ei kun jatketaan vaan PeacE

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:37:42, on 29.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.telkku.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A99091B0-D5C1-40DF-BF12-8F929063A311} - C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\Content.IE5\GACH46F5\3077htsbdjyf[1].dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://free.avg.com
O15 - Trusted Zone: http://www.java.com
O15 - Trusted Zone: http://www.kaspersky.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199268633166
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5186 bytes

 

ComboFix 08-08-28.04 - Sami 2008-08-29 1:07:45.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.1596 [GMT 3:00]
Running from: C:\Documents and Settings\Sami\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-07-28 to 2008-08-28 )))))))))))))))))
.

2008-08-29 00:39 . 2008-08-29 00:39 <KANSIO> d-------- C:\Program Files\RegSeeker
2008-08-29 00:35 . 2008-08-29 00:35 5,120 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-08-26 20:56 . 2008-08-26 20:56 98 --a------ C:\index.ini
2008-08-26 16:35 . 2008-08-26 16:35 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-26 16:35 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 16:35 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-26 13:10 . 2008-08-26 13:10 <KANSIO> d-------- C:\Program Files\Enigma Software Group
2008-08-26 12:04 . 2008-08-26 12:04 579,072 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-08-26 12:03 . 2008-08-26 12:03 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-08-26 01:36 . 2008-08-26 01:36 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-08-26 00:16 . 2008-08-26 00:16 <KANSIO> d-------- C:\Documents and Settings\Sami\Application Data\Malwarebytes
2008-08-26 00:16 . 2008-08-26 00:16 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-25 23:59 . 2008-08-26 12:52 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-25 23:59 . 2008-08-26 12:52 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-22 19:00 . 2008-08-22 19:00 <KANSIO> d-------- C:\Program Files\Sygate
2008-08-22 19:00 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-08-22 19:00 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-08-22 19:00 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-08-22 19:00 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-08-22 19:00 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-08-22 19:00 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-08-22 19:00 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-08-22 16:22 . 18,688 C:\WINDOWS\system32\drivers\vlvmrura.dat
2008-08-22 16:22 . 5,120 C:\WINDOWS\system32\drivers\jkueopxu.dat
2008-08-17 09:10 . 2008-08-17 09:10 335 --a------ C:\WINDOWS\mozregistry.dat
2008-08-16 11:00 . 2008-08-26 21:54 <KANSIO> d-------- C:\Program Files\a-squared Anti-Malware
2008-08-16 07:58 . 2008-08-28 23:58 <KANSIO> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-16 07:58 . 2008-08-29 01:06 <KANSIO> d--h----- C:\$AVG8.VAULT$
2008-08-16 05:45 . 2008-08-16 07:57 <KANSIO> d-------- C:\Program Files\RegCure
2008-08-16 00:48 . 2008-08-22 18:19 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-16 00:48 . 2008-08-22 18:19 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-16 00:48 . 2008-08-22 18:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-15 22:01 . 2008-08-15 22:01 <KANSIO> d-------- C:\Documents and Settings\Sami\Application Data\Windows Search
2008-08-15 22:00 . 2008-08-15 22:00 <KANSIO> d-------- C:\Documents and Settings\Sami\Application Data\Windows Desktop Search
2008-08-15 21:59 . 2008-08-15 21:59 <KANSIO> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-15 21:59 . 2008-08-15 21:59 <KANSIO> d-------- C:\Program Files\Windows Desktop Search
2008-08-15 21:59 . 2008-07-22 17:52 1,214,526 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-15 21:59 . 2008-07-22 17:52 790,846 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-15 21:59 . 2008-03-07 20:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-15 21:59 . 2008-03-07 20:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-15 21:59 . 2008-03-07 20:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-15 21:59 . 2008-07-22 17:52 9,696 -----c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-08-15 19:46 . 2008-08-16 11:34 <KANSIO> d-------- C:\Program Files\Webteh
2008-08-15 14:16 . 2008-04-11 22:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-15 14:16 . 2008-05-01 17:35 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-11 16:22 . 2008-08-29 00:48 12,288 --ahs---- C:\WINDOWS\Thumbs.db
2008-08-07 07:46 . 2008-08-07 07:46 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\RTL Winter Sports 2008
2008-08-07 04:27 . 2008-08-07 04:34 <KANSIO> d-------- C:\Downloads
2008-08-07 01:46 . 2008-08-07 01:46 278,728 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-08-07 01:46 . 2008-08-07 01:46 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-08-05 19:04 . 2008-08-05 19:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-08-05 18:53 . 2008-08-05 18:53 <KANSIO> d-------- C:\Program Files\Google
2008-08-02 20:50 . 2008-08-05 18:52 <KANSIO> d-------- C:\Program Files\Apple Software Update
2008-08-01 05:53 . 2008-08-01 05:54 <KANSIO> d-------- C:\Documents and Settings\Sami\Application Data\PC Suite
2008-08-01 05:53 . 2008-08-05 18:52 <KANSIO> d-------- C:\Documents and Settings\Sami\Application Data\Nokia
2008-08-01 05:28 . 2008-08-05 18:53 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution(2)
2008-08-01 05:28 . 2008-08-15 18:20 <KANSIO> d-------- C:\Program Files\Nokia
2008-08-01 04:02 . 2008-08-05 18:53 <KANSIO> d-------- C:\Program Files\Google(2)
2008-07-31 12:17 . 2008-08-05 18:53 <KANSIO> d-------- C:\Program Files\Sygate(2)

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 20:02 --------- d-----w C:\Program Files\CCleaner
2008-08-26 15:15 --------- d-----w C:\Program Files\Java
2008-08-22 15:59 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-22 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-16 22:54 --------- d-----w C:\Program Files\real
2008-08-16 07:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-16 04:58 --------- d-----w C:\Program Files\Skype
2008-08-11 13:22 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-07 05:50 --------- d-----w C:\Documents and Settings\Sami\Application Data\Skype
2008-08-07 05:35 --------- d-----w C:\Documents and Settings\Sami\Application Data\skypePM
2008-08-07 03:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-06 15:55 --------- d-----w C:\Documents and Settings\Sami\Application Data\U3
2008-08-05 15:54 --------- d-----w C:\Program Files\ATI(2)
2008-08-05 15:54 --------- d-----w C:\Program Files\ATI Technologies
2008-08-05 15:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI(2)
2008-08-05 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-02 17:46 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-08-01 02:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-07-25 04:11 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-07-24 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Disk Cleaner
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-05 03:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Registry Helper
2008-07-02 21:04 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-07-02 20:50 --------- d-----w C:\Documents and Settings\Sami\Application Data\OpenOffice.org2
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(9).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(8).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(7).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(6).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(5).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(4).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(3).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(2).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(11).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(10).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(9).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(8).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(7).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(6).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(5).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(4).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(3).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(12).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(11).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(10).dll
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(9).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(8).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(7).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(6).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(5).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(4).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(3).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(2).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(11).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(10).exe
2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(9).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(8).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(7).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(6).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(5).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(4).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(3).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(12).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(11).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(10).dll
2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(9).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(8).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(7).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(6).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(5).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(4).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(3).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(12).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(11).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(10).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(9).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(8).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(7).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(6).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(5).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(4).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(3).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(12).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(11).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(10).dll
2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag(9).dll
2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag(8).dll
2008-05-14 00:06 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008051420080515\index.dat
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-22 18:19 1232152]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 19:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 17:23 86016 C:\WINDOWS\StartupMonitor.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
--a------ 2008-08-26 14:23 2705040 C:\Program Files\a-squared Anti-Malware\a2guard.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"F:\\Pelit\\Return to Castle Wolfenstein\\WolfMP.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22556:TCP"= 22556:TCP:BitCometBeta 22556 TCP
"22556:UDP"= 22556:UDP:BitCometBeta 22556 UDP
"13824:TCP"= 13824:TCP:BitCometBeta 13824 TCP
"13824:UDP"= 13824:UDP:BitCometBeta 13824 UDP
"8973:TCP"= 8973:TCP:BitComet 8973 TCP
"8973:UDP"= 8973:UDP:BitComet 8973 UDP
"14519:TCP"= 14519:TCP:BitComet 14519 TCP
"14519:UDP"= 14519:UDP:BitComet 14519 UDP

R0 kkgutnpm;kkgutnpm;C:\WINDOWS\system32\drivers\vlvmrura.dat []
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-22 18:19]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-22 18:19]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-22 18:19]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-22 18:19]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 21:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5b062a5-2f54-11dd-a797-00508dc84ead}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö

2008-08-28 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe []

2008-08-16 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{A99091B0-D5C1-40DF-BF12-8F929063A311} - C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\Content.IE5\GACH46F5\3077htsbdjyf[1].dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Sami\Application Data\Mozilla\Firefox\Profiles\d232pzia.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.telkku.com/
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npagent.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 01:09:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kkgutnpm]
"ImagePath"="system32\drivers\vlvmrura.dat"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-08-29 1:10:29
ComboFix-quarantined-files.txt 2008-08-28 22:10:25

Pre-Run: 17,429,217,280 tavua vapaana
Post-Run: 17,412,919,296 tavua vapaana

261 --- E O F --- 2008-08-22 15:59:47

 

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

Älä tee muuta sillä voi aiheuttaa koneen jumiutumisen

 

ELi samassa pisteessä.... O2 - BHO: (no name) - {A99091B0-D5C1-40DF-BF12-8F929063A311} - C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\Content.IE5\GACH46F5\3077htsbdjyf[1].dll (file missing) Tätä en saa koneeltani pois en millään sekä en noita 2 troijaa minkä Malwarebytes Anti-Malware ilmoitaa minulle eli jaksatko viekä jotain? Kiitos vielä ja tulkaahan talkoisiin kaikki kynnelle kykenevät. Voimia.......

 

Anteeksi .... siis en duunannut vielä Fsecurella odotahan tovi.....

 

Scanning Report
Friday, August 29, 2008 04:10:48 - 07:16:32

Computer name: SCHUTSCHKOFF
Scanning type: Scan system for malware, rootkits
Target: C:\ F:\
Result: 0 malware found
Statistics
Scanned:

* Files: 220824
* System: 3299
* Not scanned: 50

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 0
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS.rar\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.txt
* C:\WINDOWS\SYSTEM32\BIOS1.ROM
* C:\WINDOWS\SYSTEM32\DRIVERS\JKUEOPXU.DAT
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\VLVMRURA.DAT
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.TMP.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{1818278D-7662-4FCD-9B21-C603BEBBE32F}.BIN
* C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\A-SQUARED\REPORTS\A2SCAN_080816-111109.TXT
* C:\DOCUMENTS AND SETTINGS\SAMI\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\SAMI\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\SAMI\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS LIVE MAIL\SQMDATA00.SQM
* C:\DOCUMENTS AND SETTINGS\SAMI\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS LIVE MAIL\SQMNOOPT00.SQM
* C:\DOCUMENTS AND SETTINGS\SAMI\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\SAMI\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\SAMI\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\CARDSPACE\CARDSPACE.DB
* C:\DOCUMENTS AND SETTINGS\SAMI\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\CARDSPACE\CARDSPACE.DB.SHADOW
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\SEARCH\DATA\TEMP\USGTHRSVC\PERFLIB_PERFDATA_5F0.DAT
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSS.LOG
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSSTMP.LOG
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\TMP.EDB
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\WINDOWS.EDB
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\INDEXER\CIFILES\CIAB0001.001
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\PROJECTS\SYSTEMINDEX\INDEXER\CIFILES\CIAB0001.002
* F:\PELIEN IMAGE- KANSIO\NAVY SEALST2.ISO
* F:\PELIEN IMAGE- KANSIO\RLD-WS08.ISO
* F:\PELIEN IMAGE- KANSIO\HITMAN 3 - CONTRACTS\HITMAN 3 - CONTRACTS - CD 1.ISO
* F:\PELIEN IMAGE- KANSIO\HITMAN 3 - CONTRACTS\HITMAN 3 - CONTRACTS - CD 2.ISO
* F:\DOWNLOADS\TEENS.WITH.TITS.12(DVDRIP)(WWW.PORNORIP.NET)\MP3NINJA.COM - ULTIMATE MP3 MUSIC COLLECTION.URL.BC!
* F:\DOWNLOADS\SWANK.XXX.TEENS.8(DVDRIP)(WWW.PORNORIP.NET)\MP3NINJA.COM - ULTIMATE MP3 MUSIC COLLECTION.URL.BC!

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-08-29
* F-Secure AVP: 7.0.171, 2008-08-28
* F-Secure Pegasus: 1.20.0, 2008-04-15
* F-Secure Blacklight: 1.0.68

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics

Pistän HjT lokin perään myös......


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:54, on 29.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.telkku.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A99091B0-D5C1-40DF-BF12-8F929063A311} - C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\Content.IE5\GACH46F5\3077htsbdjyf[1].dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199268633166
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe




--
End of file - 4943 bytes

Edelleen Malwarebytes löytää 2 eri troijaa..... mitäs seuraavaksi heh ?

 

Mitä Malwarebytes löytää laita loki siintä

 

Olen tämän "reisssun aikana imenyt usean ANTI "malware" virus" "troya" ohjelmia joten tässä mitä eri ohjelmat löytävät koneeltani n .30 min ja kiitos vielä HujO : )