atapi.sys

warwas · 13.03.2010

Jeees

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne ILMAN Lainaus tekstiä:

Rootkit::
C:\Windows\System32\Drivers\spnq.sys

Folder::
C:\Windows\TEMP\nytf.tmp

File::
C:\Users\Sini\AppData\Roaming\ufxw.exe
C:\Windows\System32\MSF_RIUNyS3.exe
C:\Users\Sini\AppData\Local\Temp\Qtr.exe
C:\Windows\msa.exe
c:\windows\system32\sshnas21.dll

Filelook::
c:\windows\system32\drivers\atapi.sys
c:\windows\System32\p0_aPIH.dll
c:\programdata\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe

Dirlook::
c:\users\Sini\AppData\Local\Stay Secure
c:\temp

Laajenna...

Tallenna nimellä CFScript.

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne uuden HijackThis-lokin kera.

Varmistu ensin, että piilotiedostot on näkyvillä.

Piilotiedostot näkyviin

Mene --> tänne

Kun sivu on latautunut, klikkaa Selaa-nappulaa ja etsi seuraava tiedosto ja paina Submit.

c:\windows\System32\p0_aPIH.dll
c:\windows\System32\DRIVERS\1394ohcib.sys
c:\windows\system32\drivers\atapi.sys
c:\programdata\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
c:\windows\System32\DRIVERS\1394ohcib.sys

Lähetä skannin tulokset seuraavassa viestissäsi.

Jos et löydä tiedostoa, niin Klikkaa selaa Submit file/Upload a file-kohdassa ja kopio/liitä tiedostonimi polkuineen Tiedostonimi-kenttään ja paina Avaa sekä Submit.

Jos Jotti on ruuhkainen, yritä samaa Virustotalissa: http://www.virustotal.com/flash/index_en.html

Jos kummatkin edellä mainitut on ruuhkaisia, niin voit koittaa VirScanissa:
VirSCAN

Skannaa HJT:lla ja lähetä pyydetyt tiedot.

AfterDawn

toope92 · 14.03.2010

c:\windows\System32\p0_aPIH.dll
a-squared Riskware.AdWare.Win32.Ezula!IK
F-Secure not-a-virus: AdWare.Win32.Ezula.blp
Ikarus not-a-virus: AdWare.Win32.Ezula
Kaspersky not-a-virus: AdWare.Win32.Ezula.blp
VirusBuster AdWare. Ezula.SS

c:\windows\System32\DRIVERS\1394ohcib.sys
Ei löytynyt tiedostoa

c:\windows\system32\drivers\atapi.sys

a-squared Rootkit.Win32.TDSS!IK
Ikarus Rootkit.Win32.TDSS

c:\programdata\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
Ei viruksia

c:\windows\System32\DRIVERS\1394ohcib.sys
Ei löytynyt tiedostoa

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:12, on 8.3.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\msa.exe
C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Users\Sini\AppData\Local\Temp\Qtr.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15161&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\Sini\AppData\Local\Temp\Qtr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [cbssreg] C:\Windows\TEMP\nytf.tmp\svchost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [cbssreg] C:\Windows\TEMP\nytf.tmp\svchost.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: www.corel.com
O15 - Trusted Zone: http://*.corel.com
O15 - Trusted Zone: www.intervideo.com
O15 - Trusted Zone: http://*.intervideo.com
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (sonera) (sprtsvc_sonera) - SupportSoft, Inc. - C:\Program Files\Sonera\InternetAvustaja\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 7393 bytes

ComboFix 10-03-13.03 - Sini 14.03.2010 11:58:17.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.358.1035.18.3583.2482 [GMT 2:00]
Sijainti: c:\users\Sini\Desktop\CF.exe
Käytetyt komentorivivalitsimet :: c:\users\Sini\Desktop\CFScript.txt

FILE ::
"c:\users\Sini\AppData\Local\Temp\Qtr.exe"
"c:\users\Sini\AppData\Roaming\ufxw.exe"
"c:\windows\msa.exe"
"c:\windows\System32\MSF_RIUNyS3.exe"
"c:\windows\system32\sshnas21.dll"
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
.
---- Edellinen ajo -------
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\System32\MSF_RIUNyS3.exe

----- BITS: Mahdollisesti saastuneet sivut -----

hxxp://sync.avustaja.sonera.fi
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2010-02-14 to 2010-03-14 )))))))))))))))))
.

2010-03-14 10:03 . 2010-03-14 10:04 -------- d-----w- c:\users\Sini\AppData\Local\temp
2010-03-14 10:03 . 2010-03-14 10:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-14 10:03 . 2010-03-14 10:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-13 13:10 . 2010-03-14 08:53 -------- d-----w- c:\users\Sini\AppData\Roaming\LimeWire
2010-03-13 13:10 . 2010-03-13 13:10 -------- dc----w- c:\program files\Ask.com
2010-03-13 13:10 . 2010-03-13 13:10 -------- dc----w- c:\program files\LimeWire
2010-03-12 14:24 . 2010-03-12 14:24 -------- d-----w- c:\programdata\LightScribe
2010-03-12 14:24 . 2010-03-12 14:25 -------- d-----w- c:\users\Sini\AppData\Roaming\Nero
2010-03-12 14:14 . 2010-03-12 14:22 -------- dc----w- c:\program files\Nero
2010-03-12 14:14 . 2010-03-12 14:16 -------- d-----w- c:\programdata\Nero
2010-03-12 14:14 . 2010-03-12 14:23 -------- d-----w- c:\program files\Common Files\Nero
2010-03-12 14:13 . 2010-03-12 14:13 -------- d-----w- c:\program files\Common Files\LightScribe
2010-03-12 13:27 . 2010-03-12 13:27 -------- d-----w- c:\users\Sini\AppData\Local\TempDIR
2010-03-10 14:49 . 2010-03-14 09:02 -------- d-----w- c:\users\Sini\Tracing
2010-03-09 18:58 . 2009-08-05 14:10 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-03-09 18:58 . 2009-07-30 14:48 705536 ----a-w- c:\windows\system32\cohelper.dll
2010-03-09 17:14 . 2010-01-27 09:11 2622496 ----a-w- c:\windows\system32\RtkHDMI.dll
2010-03-09 17:14 . 2010-01-27 09:04 183584 ----a-w- c:\windows\system32\drivers\RtHDMIV.sys
2010-03-09 17:14 . 2009-12-15 16:26 73928 ----a-w- c:\windows\system32\RTEEL32H.dll
2010-03-09 17:14 . 2009-12-15 16:26 355528 ----a-w- c:\windows\system32\RTEEP32H.dll
2010-03-09 17:14 . 2009-12-15 16:26 62664 ----a-w- c:\windows\system32\RTEEG32H.dll
2010-03-09 17:14 . 2009-12-15 16:26 168648 ----a-w- c:\windows\system32\RTEED32H.dll
2010-03-09 17:14 . 2010-03-09 17:14 -------- dc----w- c:\program files\Realtek
2010-03-09 17:14 . 2010-01-27 09:11 57376 ----a-w- c:\windows\system32\RHCoInst.dll
2010-03-09 17:14 . 2010-01-27 09:11 1640480 ----a-w- c:\windows\system32\RHDMIExt.dll
2010-03-09 17:14 . 2010-01-11 06:41 293600 ----a-w- c:\windows\system32\RH3DHT32.dll
2010-03-09 17:14 . 2010-01-11 06:40 293600 ----a-w- c:\windows\system32\RH3DAA32.dll
2010-03-09 17:11 . 2010-03-09 17:11 -------- dc----w- C:\SMU
2010-03-09 17:11 . 2010-03-09 17:11 -------- dc----w- C:\SMBUS
2010-03-09 17:11 . 2010-03-09 17:11 -------- dc----w- C:\IDE
2010-03-09 17:11 . 2010-03-09 17:11 -------- dc----w- C:\Ethernet
2010-03-09 15:03 . 2010-03-09 15:03 -------- dc----w- c:\program files\Driver-Soft
2010-03-09 05:09 . 2009-12-08 11:40 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-09 05:09 . 2009-12-08 11:40 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-09 05:09 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-03-08 18:27 . 2010-03-08 18:27 -------- dc----w- c:\program files\Trend Micro
2010-03-08 15:22 . 2010-03-08 15:22 -------- dc----w- c:\program files\TrendMicro
2010-03-08 02:51 . 2010-03-08 15:32 -------- dc----w- C:\SDFix
2010-03-08 02:47 . 2010-03-08 02:47 -------- d-----w- c:\windows\Sun
2010-03-07 17:54 . 2010-03-08 15:32 -------- d-----w- c:\users\Sini\AppData\Local\Stay Secure
2010-03-07 14:43 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-07 14:37 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-07 14:37 . 2010-03-11 20:34 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-07 14:37 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-06 08:24 . 2010-03-06 08:37 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-03-06 08:24 . 2009-08-05 15:57 35680 ----a-w- c:\windows\system32\drivers\fses.sys
2010-03-06 08:24 . 2009-08-05 15:59 572512 ----a-w- c:\windows\system32\msvcp50.dll
2010-03-06 08:24 . 2009-08-05 15:57 71040 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2010-03-05 08:24 . 2010-03-06 08:44 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-03-05 08:24 . 2009-11-10 12:55 52240 ----a-w- c:\windows\system32\LMouFiltCoInst.dll
2010-03-05 08:24 . 2009-11-10 12:55 37392 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys
2010-03-05 08:24 . 2009-11-10 12:55 1581072 ----a-w- c:\windows\system32\LkmdfCoInst.dll
2010-03-05 08:24 . 2009-11-10 12:54 35984 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2010-03-04 13:38 . 2010-03-04 13:38 -------- dc----w- c:\program files\The Sims Resource
2010-03-04 12:50 . 2010-03-04 12:50 -------- dc----w- c:\program files\iPod
2010-03-04 12:40 . 2010-03-04 12:40 -------- dc----w- c:\program files\Opera
2010-03-03 11:23 . 2010-03-03 11:23 0 ----a-w- c:\windows\system32\phar_unmip.dat
2010-03-03 10:59 . 2010-03-03 10:59 -------- d-----w- c:\program files\Common Files\Protexis
2010-03-03 10:58 . 2010-03-03 10:58 -------- dc----w- c:\program files\Corel
2010-03-03 09:22 . 2010-03-03 09:39 -------- dc----w- C:\KU990
2010-03-03 09:19 . 2010-03-03 09:19 -------- dc----w- C:\LG_USB
2010-03-03 09:15 . 2006-05-04 06:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2010-03-03 09:15 . 2005-10-03 23:39 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-03-03 09:15 . 2010-03-03 09:15 -------- d-----w- c:\programdata\LGMOBILEAX
2010-03-03 08:34 . 2010-03-03 08:34 -------- d-----w- c:\temp\HS2_191
2010-03-03 08:34 . 2009-06-17 10:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
2010-03-03 08:18 . 2010-03-08 15:32 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-03 08:05 . 2010-02-25 09:56 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-03-03 08:05 . 2010-02-25 09:56 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-20 15:06 . 2010-02-20 15:07 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-20 15:06 . 2010-02-20 15:06 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-02-18 11:42 . 2010-02-18 11:42 1290240 ----a-w- c:\windows\system32\p0_aPIH.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 10:07 . 2007-11-25 17:51 -------- d-----w- c:\users\Sini\AppData\Roaming\uTorrent
2010-03-14 10:04 . 2009-11-25 16:36 -------- d-----w- c:\program files\Common Files\Akamai
2010-03-14 09:20 . 2010-01-20 19:29 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2010-03-14 09:20 . 2010-01-20 19:29 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2010-03-13 13:48 . 2009-12-01 16:22 114792 ----a-w- c:\users\Sini\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-13 13:37 . 2009-12-18 18:27 -------- d-----w- c:\program files\Audio Track Editor
2010-03-13 13:35 . 2009-11-25 20:45 -------- d-----w- c:\users\Sini\AppData\Roaming\Spotify
2010-03-12 16:30 . 2010-03-12 16:30 45056 ----a-w- c:\users\Sini\AppData\Roaming\HLGCVFSDUA.exe
2010-03-12 16:30 . 2010-03-12 16:30 45056 ----a-w- c:\users\Sini\AppData\Roaming\HLGCVFSDUA.exe
2010-03-12 16:30 . 2010-03-12 16:30 20480 ----a-w- c:\users\Sini\AppData\Roaming\scheduler.exe
2010-03-12 16:30 . 2010-03-12 16:30 20480 ----a-w- c:\users\Sini\AppData\Roaming\scheduler.exe
2010-03-12 16:30 . 2010-03-12 16:30 24576 ----a-w- c:\users\Sini\AppData\Roaming\FileDownloader.exe
2010-03-12 16:30 . 2010-03-12 16:30 24576 ----a-w- c:\users\Sini\AppData\Roaming\FileDownloader.exe
2010-03-12 16:20 . 2007-12-02 13:47 -------- d-----w- c:\program files\Electronic Arts
2010-03-12 16:20 . 2009-11-25 20:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-11 20:49 . 2009-07-14 07:36 83000 ----a-w- c:\windows\system32\perfc00B.dat
2010-03-11 20:49 . 2009-07-14 07:36 442586 ----a-w- c:\windows\system32\perfh00B.dat
2010-03-11 20:21 . 2010-03-11 20:21 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-11 08:56 . 2009-11-28 19:11 -------- d-----w- c:\program files\Common Files\Real
2010-03-11 08:52 . 2009-12-21 11:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-11 08:52 . 2009-12-21 11:52 38784 ----a-w- c:\users\Sini\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-11 08:52 . 2009-12-21 11:51 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-11 08:51 . 2007-11-25 17:51 -------- d-----w- c:\program files\uTorrent
2010-03-10 21:19 . 2009-12-07 16:08 -------- d-----w- c:\users\Sini\AppData\Roaming\vlc
2010-03-10 14:16 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-09 19:01 . 2009-12-26 16:14 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-08 15:32 . 2009-11-28 19:11 -------- d-----w- c:\program files\Real
2010-03-08 15:32 . 2009-11-25 17:37 -------- d-----w- c:\program files\FileHippo.com
2010-03-08 15:31 . 2009-11-29 21:32 -------- d-----w- c:\programdata\Malwarebytes
2010-03-08 15:31 . 2009-11-26 20:37 -------- d--h--w- c:\programdata\CanonBJ
2010-03-06 08:33 . 2010-01-05 22:55 -------- d-----w- c:\programdata\BitDefender
2010-03-06 08:33 . 2010-01-05 22:52 -------- d-----w- c:\program files\Common Files\BitDefender
2010-03-06 08:24 . 2009-11-25 16:35 -------- d-----w- c:\programdata\f-secure
2010-03-06 08:22 . 2009-11-25 16:38 -------- d-----w- c:\program files\Sonera
2010-03-06 08:22 . 2009-11-25 16:37 -------- d-----w- c:\programdata\fssg
2010-03-04 15:28 . 2009-12-02 18:12 -------- d-----w- c:\program files\SystemRequirementsLab
2010-03-04 15:28 . 2010-03-04 15:28 85504 ----a-w- c:\users\Sini\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-03-04 15:28 . 2009-12-21 23:49 -------- d-----w- c:\users\Sini\AppData\Roaming\SystemRequirementsLab
2010-03-04 12:50 . 2009-11-28 13:26 -------- d-----w- c:\program files\iTunes
2010-03-04 12:50 . 2009-11-26 18:29 -------- d-----w- c:\programdata\Apple Computer
2010-03-04 12:50 . 2009-11-26 18:29 -------- d-----w- c:\program files\Common Files\Apple
2010-03-04 11:10 . 2009-12-02 14:12 -------- d-----w- c:\program files\Mad Scientist Productions
2010-03-03 13:37 . 2009-12-01 13:31 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-03-03 13:36 . 2009-11-27 15:21 460592 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-03-03 10:58 . 2009-11-28 19:10 -------- d-----w- c:\programdata\Corel
2010-03-03 10:27 . 2009-11-28 15:44 53319 ----a-w- c:\programdata\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2010-03-03 08:42 . 2010-01-05 23:10 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-03-03 08:38 . 2010-03-03 08:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-03-03 08:18 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-03 08:18 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-03 08:16 . 2009-11-25 17:38 -------- d-----w- c:\program files\Defraggler
2010-03-03 08:14 . 2009-11-25 17:37 -------- d-----w- c:\program files\CCleaner
2010-03-03 08:05 . 2009-11-25 16:31 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-03-02 07:15 . 2010-03-03 09:15 1025984 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGUserCSTool.exe
2010-03-02 07:11 . 2010-03-03 09:15 507904 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGMUpgradeDL.dll
2010-02-25 10:03 . 2009-11-25 16:31 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-02-24 07:16 . 2009-11-25 16:58 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 03:16 . 2010-03-03 09:15 90112 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGMobileDL.dll
2010-02-09 21:32 . 2010-02-09 20:58 -------- dc----w- c:\program files\LG PC Suite 2
2010-02-09 21:30 . 2010-02-09 21:30 -------- d-----w- c:\users\Sini\AppData\Roaming\InstallShield
2010-02-09 21:00 . 2010-02-09 21:00 -------- dc----w- c:\program files\LG Electronics
2010-02-08 18:26 . 2010-02-08 18:26 -------- d-----w- c:\programdata\BDJ
2010-02-06 14:30 . 2010-02-06 14:30 -------- d-----w- c:\programdata\InstallShield
2010-02-06 14:30 . 2010-02-06 14:30 -------- dc----w- c:\program files\LG Soft India
2010-02-06 14:30 . 2009-11-25 20:09 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-02 18:54 . 2010-03-03 18:00 5313536 ----a-w- c:\windows\system32\drivers\atipmdag.sys
2010-02-02 18:54 . 2010-03-03 18:00 5313536 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-02-02 18:23 . 2010-03-03 18:00 426496 ----a-w- c:\windows\system32\aticfx32.dll
2010-02-02 18:19 . 2010-03-03 18:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-02-02 18:17 . 2010-03-03 18:00 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-02-02 18:17 . 2009-12-02 14:40 372736 ----a-w- c:\windows\system32\atieclxx.exe
2010-02-02 18:16 . 2009-12-02 14:40 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2010-02-02 18:15 . 2010-03-03 18:00 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-02-02 18:15 . 2010-03-03 18:00 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-02-02 18:15 . 2010-03-03 18:00 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2010-02-02 18:14 . 2010-03-03 18:00 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-02-02 18:14 . 2010-03-03 18:00 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-02-02 18:12 . 2009-12-19 11:31 3073024 ----a-w- c:\windows\system32\atidxx32.dll
2010-02-02 18:01 . 2010-03-03 18:00 14147072 ----a-w- c:\windows\system32\atioglxx.dll
2010-02-02 17:55 . 2009-12-02 14:40 3653632 ----a-w- c:\windows\system32\atiumdag.dll
2010-02-02 17:52 . 2010-03-03 18:00 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-02-02 17:52 . 2010-03-03 18:00 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-02-02 17:51 . 2010-03-03 18:00 3649536 ----a-w- c:\windows\system32\aticaldd.dll
2010-02-02 17:40 . 2010-03-03 18:00 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-02 17:37 . 2009-12-02 14:40 2934272 ----a-w- c:\windows\system32\atiumdva.dll
2010-02-02 17:25 . 2010-03-03 18:00 52224 ----a-w- c:\windows\system32\atimpc32.dll
2010-02-02 17:25 . 2010-03-03 18:00 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-02 17:24 . 2009-12-02 14:40 229376 ----a-w- c:\windows\system32\atiadlxx.dll
2010-02-02 17:24 . 2010-03-03 18:00 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-02-02 17:24 . 2010-03-03 18:00 14848 ----a-w- c:\windows\system32\atigktxx.dll
2010-02-02 17:23 . 2010-03-03 18:00 150016 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-02-02 17:23 . 2010-03-03 18:00 50176 ----a-w- c:\windows\system32\coinst.dll
2010-02-02 17:23 . 2010-03-03 18:00 27136 ----a-w- c:\windows\system32\atiuxpag.dll
2010-02-02 17:22 . 2010-03-03 18:00 20480 ----a-w- c:\windows\system32\atiu9pag.dll
2010-02-02 07:45 . 2010-03-03 08:01 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-29 22:30 . 2010-01-24 16:49 -------- d-----w- c:\program files\Audible
2010-01-29 20:29 . 2009-11-28 15:44 -------- d-----w- c:\users\Sini\AppData\Roaming\dvdcss
2010-01-28 21:51 . 2009-12-29 20:42 -------- d-----w- c:\programdata\Autodesk
2010-01-28 13:33 . 2010-03-03 18:00 100352 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
2010-01-24 18:24 . 2010-01-24 16:54 -------- d-----w- c:\users\Sini\AppData\Roaming\Creative
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\programdata\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe ---
Company:
File Description: PostBuild
File Version: 1.00.1026
Product Name: PostBuild
Copyright: Copyright c 2007
Original Filename: PostBuild.exe
File size: 53319
Created time: 2009-11-28 15:44
Modified time: 2010-03-03 10:27
MD5: 92405A3EEB9D74DB7CCFBF32CC720176
SHA1: 42F776DCA60BA19E04086D3E82148E3B68EFD7C1

--- c:\windows\system32\drivers\atapi.sys ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 21584
Created time: 2009-07-13 23:11
Modified time: 2010-03-10 14:16
MD5: 536F37C51D16ABE40A24E417148F8942
SHA1: CCA153A8D0A79161A82A215EDC4CAE12D964CE64

--- c:\windows\System32\p0_aPIH.dll ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 1290240
Created time: 2010-02-18 11:42
Modified time: 2010-02-18 11:42
MD5: B019DC94783BE2DEFE48F5E766E59180
SHA1: 4F5A2BDC24F412B9939275416BB75CFB0185C978

---- Directory of c:\temp ----

2007-11-19 17:39 . 2007-11-19 17:39 1510584 ----a-w- c:\temp\HS2_191\data1.cab
2007-11-19 17:39 . 2007-11-19 17:39 512 ----a-w- c:\temp\HS2_191\data2.cab
2007-11-19 17:39 . 2007-11-19 17:39 493 ----a-w- c:\temp\HS2_191\layout.bin
2007-11-19 17:39 . 2007-11-19 17:39 20574 ----a-w- c:\temp\HS2_191\data1.hdr
2007-11-19 17:39 . 2007-11-19 17:39 437812 ----a-w- c:\temp\HS2_191\setup.ibt
2007-11-19 17:39 . 2007-11-19 17:39 620 ----a-w- c:\temp\HS2_191\setup.ini
2007-11-19 17:39 . 2007-11-19 17:39 225167 ----a-w- c:\temp\HS2_191\setup.inx
2007-11-12 09:46 . 2007-11-12 09:46 200704 ----a-w- c:\temp\HS2_191\Common\UMonit.exe
2007-11-12 09:45 . 2007-11-12 09:45 200704 ----a-w- c:\temp\HS2_191\Common\UMonit64.exe
2007-11-07 17:25 . 2007-11-07 17:25 172097 ----a-w- c:\temp\HS2_191\Common\uninstall.exe
2007-11-02 10:40 . 2007-11-02 10:40 10671 ----a-w- c:\temp\HS2_191\Vista\fixustor.cat
2007-11-02 10:40 . 2007-11-02 10:40 10671 ----a-w- c:\temp\HS2_191\Vista64\fixustor.cat
2007-11-02 10:40 . 2007-11-02 10:40 10687 ----a-w- c:\temp\HS2_191\WinXP64\fixustor.cat
2007-11-02 10:39 . 2007-11-02 10:39 10663 ----a-w- c:\temp\HS2_191\WinXP\fixustor.cat
2007-10-25 12:37 . 2007-10-25 12:37 2150 ----a-w- c:\temp\HS2_191\WinXP64\fixustor.INF
2007-10-25 12:36 . 2007-10-25 12:36 2131 ----a-w- c:\temp\HS2_191\WinXP\FIXUSTOR.INF
2007-10-25 12:36 . 2007-10-25 12:36 2133 ----a-w- c:\temp\HS2_191\Win2K\FIXUSTOR.INF
2007-10-25 12:35 . 2007-10-25 12:35 2150 ----a-w- c:\temp\HS2_191\Vista64\fixustor.INF
2007-10-25 12:34 . 2007-10-25 12:34 2133 ----a-w- c:\temp\HS2_191\Vista\FIXUSTOR.INF
2007-10-23 09:27 . 2007-10-23 09:27 1376 ----a-w- c:\temp\HS2_191\Common\IconCfg.ini
2007-10-23 09:21 . 2007-10-23 09:21 176128 ----a-w- c:\temp\HS2_191\Common\GeneIcon.dll
2007-10-12 17:44 . 2007-10-12 17:44 385 ----a-w- c:\temp\HS2_191\ProductName.ini
2007-06-11 13:12 . 2007-06-11 13:12 12288 ----a-w- c:\temp\HS2_191\Win2K\fixustor.sys
2007-06-11 08:29 . 2007-06-11 08:29 14592 ----a-w- c:\temp\HS2_191\Vista64\fixustor.sys
2007-06-11 08:29 . 2007-06-11 08:29 14592 ----a-w- c:\temp\HS2_191\WinXP64\fixustor.sys
2007-06-11 08:28 . 2007-06-11 08:28 12800 ----a-w- c:\temp\HS2_191\Vista\fixustor.sys
2007-06-11 08:27 . 2007-06-11 08:27 12416 ----a-w- c:\temp\HS2_191\WinXP\fixustor.sys
2007-06-04 13:14 . 2007-06-04 13:14 20480 ----a-w- c:\temp\HS2_191\Common\CReaderRemoveTray98.exe
2007-05-09 12:34 . 2007-05-09 12:34 176128 ----a-w- c:\temp\HS2_191\Common\ustor.dll
2006-11-07 11:59 . 2006-11-07 11:59 142 ----a-w- c:\temp\HS2_191\Vista64\parameter.log
2006-11-07 11:59 . 2006-11-07 11:59 142 ----a-w- c:\temp\HS2_191\WinXP64\parameter.log
2006-11-07 11:56 . 2006-11-07 11:56 142 ----a-w- c:\temp\HS2_191\Vista\parameter.log
2006-11-07 11:56 . 2006-11-07 11:56 142 ----a-w- c:\temp\HS2_191\WinXP\parameter.log
2006-11-07 11:55 . 2006-11-07 11:55 142 ----a-w- c:\temp\HS2_191\Win2K\parameter.log
2006-05-18 15:58 . 2006-05-18 15:58 309760 ----a-w- c:\temp\HS2_191\DIFxAPI.dll
2005-04-14 08:12 . 2005-04-14 08:12 589880 ----a-w- c:\temp\HS2_191\SETUP.BMP
2004-04-19 01:10 . 2004-04-19 01:10 460264 ----a-w- c:\temp\HS2_191\engine32.cab
2004-04-19 01:10 . 2004-04-19 01:10 116688 ----a-w- c:\temp\HS2_191\setup.exe
2001-11-23 11:49 . 2001-11-23 11:49 41853 ----a-w- c:\temp\HS2_191\SETUP.JPG

---- Directory of c:\users\Sini\AppData\Local\Stay Secure ----

2010-03-07 17:54 . 2010-03-07 17:54 549 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\icon.png
2010-03-07 17:54 . 2010-03-07 17:54 86 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\install.conf
2010-03-07 17:54 . 2010-03-07 17:54 1060 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\css\gui.css
2010-03-07 17:54 . 2010-03-07 17:54 3624 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\browser4c.png
2010-03-07 17:54 . 2010-03-07 17:54 308 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\status2.png
2010-03-07 17:54 . 2010-03-07 17:54 3558 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\browser1b.png
2010-03-07 17:54 . 2010-03-07 17:54 3579 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\browser1.png
2010-03-07 17:54 . 2010-03-07 17:54 134 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\status0.png
2010-03-07 17:54 . 2010-03-07 17:54 3842 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\browser0.png
2010-03-07 17:54 . 2010-03-07 17:54 3654 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\browser2c.png
2010-03-07 17:54 . 2010-03-07 17:54 422 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\status5.png
2010-03-07 17:54 . 2010-03-07 17:54 842 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\browser4d.png
2010-03-07 17:54 . 2010-03-07 17:54 1337 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\bg.png
2010-03-07 17:54 . 2010-03-07 17:54 3666 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\browser2b.png
2010-03-07 17:54 . 2010-03-07 17:54 887 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\browser3d.png
2010-03-07 17:54 . 2010-03-07 17:54 406 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\status4.png
2010-03-07 17:54 . 2010-03-07 17:54 3634 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\browser3b.png
2010-03-07 17:54 . 2010-03-07 17:54 3829 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\browser0c.png
2010-03-07 17:54 . 2010-03-07 17:54 992 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\browser0d.png
2010-03-07 17:54 . 2010-03-07 17:54 3675 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\browser2.png
2010-03-07 17:54 . 2010-03-07 17:54 3615 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\browser4b.png
2010-03-07 17:54 . 2010-03-07 17:54 354 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\status3.png
2010-03-07 17:54 . 2010-03-07 17:54 233 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\status1.png
2010-03-07 17:54 . 2010-03-07 17:54 549 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\favicon.png
2010-03-07 17:54 . 2010-03-07 17:54 3638 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\browser3.png
2010-03-07 17:54 . 2010-03-07 17:54 3629 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\browser3c.png
2010-03-07 17:54 . 2010-03-07 17:54 3600 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\browser4.png
2010-03-07 17:54 . 2010-03-07 17:54 849 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\browser1d.png
2010-03-07 17:54 . 2010-03-07 17:54 3560 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\browser1c.png
2010-03-07 17:54 . 2010-03-07 17:54 965 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\browser2d.png
2010-03-07 17:54 . 2010-03-07 17:54 3833 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\browser0b.png
2010-03-07 17:54 . 2010-03-07 17:54 221 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\img\close.png
2010-03-07 17:54 . 2010-03-07 17:54 435 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\config.xml
2010-03-07 17:54 . 2010-03-07 17:54 1323 ----a-w- c:\users\Sini\AppData\Local\Stay Secure\index.html

------- Sigcheck -------

[-] 2010-03-10 14:16 . 536F37C51D16ABE40A24E417148F8942 . 21584 . . [------] . . c:\windows\System32\drivers\atapi.sys
[7] 2009-07-14 . 338C86357871C167A96AB976519BF59E . 21584 . . [6.1.7600.16385] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-08-17 16:54 564624 ----a-w- c:\progra~1\MICROS~1\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 -c--a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da9e5a55-a1a2-1b97-026f-b233372fee2e}]
2010-02-18 11:42 1290240 ----a-w- c:\windows\System32\p0_aPIH.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-11 319792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"F-Secure Manager"="c:\program files\Sonera\Sonera Tietoturva\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"HLGCVFSDUA.exe"="c:\users\Sini\AppData\Roaming\HLGCVFSDUA.exe" [2010-03-12 45056]

c:\users\Sini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-8 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\f:\0autocheck autochk *\0sasnative32

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^forteManager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\forteManager.lnk
backup=c:\windows\pss\forteManager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-03-11 08:51 319792 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" -silent
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe"
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe"
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"Canaveral"=rundll32.exe c:\windows\system32\sshnas21.dll,BackupReadW
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"CmPCIaudio"=RunDll32 CMICNFG3.cpl,CMICtrlWnd
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/20 10:46];c:\program files\CyberLink\PowerDVD9\000.fcl [x]
R2 1394ohcib;1394ohcib;c:\windows\System32\DRIVERS\1394ohcib.sys [x]
R3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [x]
R3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-12-12 14336]
R3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-12-12 18432]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2009-08-21 30510960]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-08-21 4639136]
R4 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-03-06 33920]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-03 722416]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Sonera\Sonera Tietoturva\HIPS\drivers\fshs.sys [2009-08-05 68064]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2009-08-05 35680]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-08-05 71040]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-02 172032]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 sprtsvc_sonera;SupportSoft Sprocket Service (sonera);c:\program files\Sonera\InternetAvustaja\bin\sprtsvc.exe [2008-10-16 202016]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-02 5313536]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-02 150016]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys [2010-03-06 107104]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe [2010-03-06 55992]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]

--- Muut muistissa olevat ajurit/palvelut ---

*Deregistered* - CLBUDFR

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
'Ajoitetut tehtävät'-kansion sisältö

2010-03-14 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\Sonera\SONERA~1\ANTI-V~1\fsav.exe [2010-03-06 15:56]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://eu.ask.com?o=15161&l=dis
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
LSP: c:\program files\Sonera\Sonera Tietoturva\FSPS\program\FSLSP.DLL
Trusted Zone: corel.com
Trusted Zone: corel.com\www
Trusted Zone: intervideo.com
Trusted Zone: intervideo.com\www
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Sini\AppData\Roaming\Mozilla\Firefox\Profiles\k20tmfqy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Torrents.to
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16062&locale=en_EU&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{80155943-b083-a2cf-0350-54d3b1be1609}\components\t_3vJRObPy.dll
FF - plugin: c:\progra~1\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOXIN KÄYTÄNNÖT ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: network.http.max-persistent-connections-per-server - 2
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - POISTETUT JÄMÄRIVIT - - - -

AddRemove-MSF_RIUNyS3 - c:\windows\system32\MSF_RIUNyS3.exe

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85B061F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x85b4bcf8
QueryNameProcedure -> 0x85b4be88
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'Explorer.exe'(4540)
c:\program files\Sonera\Sonera Tietoturva\Spam Control\fsscoepl.dll
c:\progra~1\LGPCSU~1\PHONEM~1\Phone.dll
c:\progra~1\LGPCSU~1\PHONEM~1\MFC42.DLL
.
------------------------ Muut prosessit ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
c:\program files\Sonera\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Sonera\Sonera Tietoturva\Common\FSHDLL32.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Sonera\Sonera Tietoturva\Anti-Virus\fssm32.exe
c:\program files\Sonera\Sonera Tietoturva\Anti-Virus\fsav32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Valmistumisajankohta: 2010-03-14 12:09:27 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2010-03-14 10:09
ComboFix2.txt 2010-03-11 21:00

Ennen ajoa: 793 787 588 608 tavua vapaana
Ajon jälkeen: 793 739 071 488 tavua vapaana

- - End Of File - - 7C83DB647A252A49F14A0DEFC3A3A791

hannu71 · 18.03.2010

warwas pyysi, että lähetät lokit tuonne , kun sen nicki on suljettu täällä.

Kirjaudu tai liity jäseneksi

atapi.sys

warwas Guest

toope92 Regular member

hannu71 Regular member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

atapi.sys

warwas Guest

toope92 Regular member

hannu71 Regular member

Jaa tämä sivu

Hyödyllisiä hakuja