ComboFix-logi

Onko kökköä? Windowsia käynnistettäessä RUNDLL herjaa, että SYSTEM32-tiedostosta puuttuisi KIWVJDFD-tiedosto. Millä sen saisi pois? Onko se haittaohjelman "jämä"?

ComboFix 08-06-08.8 - 2008-06-10 12:22:34.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.570 [GMT 3:00]
Running from: C:\Documents and Settings\Työpöytä\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-10 to 2008-06-10 )))))))))))))))))
.

2008-06-10 11:40 . 2008-06-10 11:40 <KANSIO> d-------- C:\Documents and Settings\Application Data\Malwarebytes
2008-06-10 11:39 . 2008-06-10 11:39 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 11:39 . 2008-06-10 11:39 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 11:39 . 2008-06-09 20:13 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-10 11:39 . 2008-06-09 20:13 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-10 10:54 . 2008-06-10 10:54 <KANSIO> d-------- C:\WINDOWS\LastGood
2008-06-10 10:54 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-10 10:54 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-10 02:48 . 2008-06-10 02:48 <KANSIO> d-------- C:\Documents and Settings\Application Data\Uniblue
2008-06-10 02:27 . 2008-06-10 02:38 <KANSIO> d-------- C:\Program Files\PC Doc Pro
2008-06-10 02:27 . 2008-06-10 02:38 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-10 01:39 . 2008-06-10 01:39 <KANSIO> d-------- C:\Program Files\Sun
2008-06-10 01:39 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-10 00:58 . 2008-06-10 00:58 <KANSIO> d-------- C:\WINDOWS\system32\fi
2008-06-10 00:58 . 2008-06-10 00:58 <KANSIO> d-------- C:\WINDOWS\system32\bits
2008-06-10 00:58 . 2008-06-10 00:58 <KANSIO> d-------- C:\WINDOWS\l2schemas
2008-06-10 00:55 . 2008-06-10 00:59 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
2008-06-10 00:46 . 2008-06-10 00:46 <KANSIO> d-------- C:\WINDOWS\EHome
2008-06-10 00:32 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-06-10 00:03 . 2008-06-10 00:03 <KANSIO> d-------- C:\Documents and Settings
2008-06-10 00:03 . 2008-06-10 00:03 <KANSIO> d-------- C:\Documents and Settings\Jõrjestelmõnvalvoja
2008-06-09 23:27 . 2001-10-05 16:32 24,576 --a--c--- C:\WINDOWS\system32\dllcache\agcgauge.ax
2008-06-09 23:22 . 2001-08-17 21:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-06-09 23:22 . 2001-10-05 16:30 689,216 --a--c--- C:\WINDOWS\system32\dllcache\3dfxvs.dll
2008-06-09 23:22 . 2001-10-05 16:31 462,848 --a--c--- C:\WINDOWS\system32\dllcache\a3dapi.dll
2008-06-09 23:22 . 2001-08-17 20:48 148,352 --a--c--- C:\WINDOWS\system32\dllcache\3dfxvsm.sys
2008-06-09 23:22 . 2001-10-05 16:31 98,304 --a--c--- C:\WINDOWS\system32\dllcache\a3d.dll
2008-06-09 23:22 . 2001-10-05 16:30 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-06-09 23:22 . 2001-10-05 16:30 38,400 --a--c--- C:\WINDOWS\system32\dllcache\8514a.dll
2008-06-09 23:22 . 2001-08-17 22:06 11,264 --a--c--- C:\WINDOWS\system32\dllcache\1394vdbg.sys
2008-06-09 23:02 . 2008-06-09 23:02 <KANSIO> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-09 23:02 . 2008-06-09 23:02 <KANSIO> d-------- C:\Documents and Settings\Application Data\SUPERAntiSpyware.com
2008-06-09 23:02 . 2008-06-09 23:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-09 22:18 . 2008-06-09 22:18 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-07 19:58 . 2008-06-07 19:58 <KANSIO> d-------- C:\Program Files\AskSBar
2008-05-10 09:14 . 2008-04-13 21:45 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-05-10 09:14 . 2008-05-10 09:14 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-10 09:14 . 2008-05-10 09:14 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-05-10 09:12 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-05-10 09:12 . 2008-02-01 15:17 138,112 --a------ C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2008-05-10 09:12 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-05-10 09:12 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-05-10 09:12 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-05-10 09:12 . 2008-02-01 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2008-05-10 09:12 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-05-10 09:12 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 07:51 524,288 ----a-w C:\WINDOWS\system32\drivers\CnxE2FS.bin
2008-06-09 22:39 --------- d-----w C:\Program Files\Java
2008-06-09 22:06 5,488 ----a-w C:\WINDOWS\system32\PerfStringBackup.TMP
2008-06-09 20:54 --------- d-----w C:\Documents and Settings\Application Data\F-Secure
2008-06-09 20:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-09 15:16 --------- d-----w C:\Documents and Settings\Application Data\Azureus
2008-06-07 16:55 --------- d-----w C:\Program Files\ABC
2008-05-29 07:21 --------- d-----w C:\Program Files\Nokia
2008-05-29 07:20 --------- d-----w C:\Program Files\Nokia Map Loader
2008-05-10 06:10 --------- d-----w C:\Program Files\Common Files\Nokia
2008-05-10 06:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-05-05 16:02 --------- d-----w C:\Program Files\KCeasy
2008-04-30 09:40 --------- d-----w C:\Program Files\TeleWell
2008-04-14 16:15 331,264 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 16:11 997,888 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 16:10 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 16:09 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 16:09 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 15:51 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 15:51 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 15:51 68,096 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 15:51 46,720 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 15:51 120,064 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 15:49 2,147,840 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 15:49 2,026,496 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 15:48 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 15:47 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 15:47 154,112 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 15:46 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 15:46 37,120 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 15:46 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 15:46 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 15:45 80,384 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 15:45 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
2008-04-14 15:45 40,704 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 15:45 40,320 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 15:44 48,640 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 15:43 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 15:43 52,096 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 15:42 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 15:42 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 15:41 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 15:41 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 15:40 65,536 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 15:40 57,472 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 15:40 272,896 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 15:39 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-14 15:39 51,840 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 15:39 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 15:38 39,808 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 15:38 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 15:37 41,728 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 15:37 41,344 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 15:36 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 15:36 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 15:36 187,904 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-14 06:12 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 06:11 992,256 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 06:11 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2006-03-17 22:33 5 --sha-w C:\WINDOWS\system32\bcbdabdff0_k.dll
.

((((((((((((((((((((((((((((( snapshot_2008-06-10_11.06.12,14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-07-15 04:43:20 87,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.5614\ADDRPARS.DLL
+ 2003-07-15 09:18:12 47,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE
+ 2003-07-26 00:57:20 75,832 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.5614\DLGSETP.DLL
+ 2003-07-24 04:32:32 121,400 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL
+ 2003-06-18 15:31:34 443,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL
+ 2003-05-28 21:42:50 342,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.5614\METCONV.DLL
+ 2003-07-14 20:58:04 230,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL
+ 2002-12-17 17:08:50 359,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL
+ 2002-12-17 17:08:54 1,383,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL
+ 2002-04-09 18:14:36 187,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL
+ 2002-12-17 17:09:24 2,071,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL
+ 2003-06-18 15:31:24 1,033,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
+ 2003-07-15 09:14:26 283,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.5614\OIS.EXE
+ 2003-07-15 09:14:26 27,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
+ 2003-07-15 04:44:32 88,128 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.5614\OUTLMIME.DLL
+ 2003-07-15 04:43:18 64,056 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.5614\OUTLRPC.DLL
+ 2003-07-15 09:18:54 430,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL
+ 2003-07-15 04:42:26 37,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.5614\RECALL.DLL
+ 2003-08-03 16:52:32 2,808,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
+ 2003-07-15 05:00:22 99,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.5614\TRANSMGR.DLL
+ 2005-03-17 11:32:42 88,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.7969\ADDRPARS.DLL
+ 2005-03-17 11:32:40 77,000 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.7969\DLGSETP.DLL
+ 2005-03-25 13:27:18 132,296 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.7969\ENVELOPE.DLL
+ 2005-03-17 11:36:34 161,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.7969\IETAG.DLL
+ 2005-03-17 11:32:46 122,056 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.7969\IMPMAIL.DLL
+ 2004-03-22 22:17:02 765,680 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.7969\MDIGRAPH.DLL
+ 2004-03-22 22:17:05 24,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.7969\MDIMON.DLL
+ 2004-03-22 22:17:06 25,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.7969\MDIPPR.DLL
+ 2004-03-22 22:17:08 42,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.7969\MDIUI.DLL
+ 2005-07-22 14:47:14 12,242,624 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.7969\MSO.DLL
+ 2005-07-22 14:27:10 7,605,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.7969\OUTLLIB.DLL
+ 2005-04-25 10:29:56 92,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.7969\OUTLMIME.DLL
+ 2005-07-05 09:14:28 196,296 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.7969\OUTLOOK.EXE
+ 2005-03-17 11:32:50 141,000 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.7969\OUTLPH.DLL
+ 2005-03-31 10:21:32 64,200 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.7969\OUTLRPC.DLL
+ 2005-06-28 16:15:24 6,146,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.7969\POWERPNT.EXE
+ 2005-03-17 11:32:40 74,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.7969\RM.DLL
+ 2005-05-26 22:27:34 100,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.7969\TRANSMGR.DLL
+ 2004-05-25 02:45:09 2,482,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040211900063D11C8EF10054038389C\11.0.7969\VBE6.DLL
- 2006-03-18 17:09:40 12,288 ----a-r C:\WINDOWS\Installer\{9112040B-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-10 09:04:58 12,288 ----a-r C:\WINDOWS\Installer\{9112040B-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-03-18 17:09:40 135,168 ----a-r C:\WINDOWS\Installer\{9112040B-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-10 09:04:58 135,168 ----a-r C:\WINDOWS\Installer\{9112040B-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-03-18 17:09:41 11,264 ----a-r C:\WINDOWS\Installer\{9112040B-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-10 09:04:58 11,264 ----a-r C:\WINDOWS\Installer\{9112040B-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-03-18 17:09:41 27,136 ----a-r C:\WINDOWS\Installer\{9112040B-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-10 09:04:58 27,136 ----a-r C:\WINDOWS\Installer\{9112040B-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-03-18 17:09:41 4,096 ----a-r C:\WINDOWS\Installer\{9112040B-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-10 09:04:58 4,096 ----a-r C:\WINDOWS\Installer\{9112040B-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-03-18 17:09:41 794,624 ----a-r C:\WINDOWS\Installer\{9112040B-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-06-10 09:04:59 794,624 ----a-r C:\WINDOWS\Installer\{9112040B-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-03-18 17:09:40 249,856 ----a-r C:\WINDOWS\Installer\{9112040B-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-06-10 09:04:58 249,856 ----a-r C:\WINDOWS\Installer\{9112040B-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-03-18 17:09:41 23,040 ----a-r C:\WINDOWS\Installer\{9112040B-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-06-10 09:04:59 23,040 ----a-r C:\WINDOWS\Installer\{9112040B-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-03-18 17:09:40 286,720 ----a-r C:\WINDOWS\Installer\{9112040B-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-06-10 09:04:58 286,720 ----a-r C:\WINDOWS\Installer\{9112040B-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-03-18 17:09:40 409,600 ----a-r C:\WINDOWS\Installer\{9112040B-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-06-10 09:04:57 409,600 ----a-r C:\WINDOWS\Installer\{9112040B-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2004-03-11 22:13:13 1,146,320 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2005-03-17 11:39:58 1,146,320 ----a-w C:\WINDOWS\system32\FM20.DLL
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-06-07 19:58 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KCeasy"="C:\Program Files\KCeasy\KCeasy.exe" [2008-02-03 18:59 1276928]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-20 16:09 4583424]
"nwiz"="nwiz.exe" [2004-09-20 16:09 921600 C:\WINDOWS\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 08:06 29696 C:\WINDOWS\KHALMNPR.Exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-11 21:06 180269]
"ExtraFilmHemmaAgent"="C:\Program Files\ExtraFilm Kotona\Agent.exe" [2005-05-27 17:00 303104]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 16:53 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-11-29 16:00 2748928 C:\WINDOWS\ALCWZRD.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"F-Secure Manager"="C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.exe" [2007-04-26 20:12 183208]
"F-Secure TNB"="C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" [2007-04-26 20:10 740208]
"CnxTrApp"="C:\Program Files\TeleWell\TeleWell TW-EA100B_2 ADSL USB\CnxTrApp.dll" [2003-07-30 05:48 247296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
dcu.lnk - C:\Documents and Settings\Application Data\Microsoft\Installer\{BB4E8D66-5C1F-4741-810C-23E551CB640D}\NewShortcut3_BB4E8D665C1F4741810C23E551CB640D.exe [2006-09-17 18:51:50 40960]
reminder.lnk - C:\Documents and Settings\Application Data\Microsoft\Installer\{BB4E8D66-5C1F-4741-810C-23E551CB640D}\NewShortcut7_BB4E8D665C1F4741810C23E551CB640D.exe [2006-09-17 18:51:50 40960]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Canon LASER SHOT LBP-1120 - Tilaikkuna.LNK - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2005-02-05 17:30:46 30720]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-02-24 19:26:07 573440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Käynnistä-valikko^Ohjelmat^Käynnistys^Registration Brothers In Arms.LNK]
path=C:\Documents and Settings\Käynnistä-valikko\Ohjelmat\Käynnistys\Registration Brothers In Arms.LNK
backup=C:\WINDOWS\pss\Registration Brothers In Arms.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
-ra------ 2004-11-29 16:00 2748928 C:\WINDOWS\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAP3ON]
--a------ 2002-08-05 18:00 22528 C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 18:05 81920 C:\Documents and Settings\Omat tiedostot\Ohjelmia\Daemon\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExtraFilmHemmaAgent]
--a------ 2005-05-27 17:00 303104 C:\Program Files\ExtraFilm Kotona\Agent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2004-10-27 16:21 61952 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KCeasy]
--a------ 2008-02-03 18:59 1276928 C:\Program Files\KCeasy\KCeasy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-10-11 21:06 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\ABC\\abc.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\KCeasy\\giFT\\giFTl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-04-26 20:09]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Elisa Tietoturvapalvelu\HIPS\fshs.sys [2007-04-26 20:11]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsgk.sys [2007-04-26 20:07]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]
S3 pnicml;pnicml;C:\DOCUME~1\ARTTUU~1\LOCALS~1\Temp\pnicml.sys []
S3 TFBULK;Topfield USB client driver;C:\WINDOWS\system32\drivers\TfBulk.sys [2003-08-26 14:11]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 20:08]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSrec.sys [2007-04-26 20:08]

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-18 06:13:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 12:26:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
.
Completion time: 2008-06-10 12:29:33
ComboFix-quarantined-files.txt 2008-06-10 09:29:29
ComboFix2.txt 2008-06-09 21:03:09

Pre-Run: 12,746,412,032 tavua vapaana
Post-Run: 12,733,509,632 tavua vapaana

334 --- E O F --- 2008-06-10 09:05:03

 

HJT-Logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:03, on 10.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ExtraFilm Kotona\Agent.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\KCeasy\KCeasy.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\KCeasy\giFT\giFTl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm Kotona\Agent.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\TeleWell TW-EA100B_2 ADSL USB\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [KCeasy] C:\Program Files\KCeasy\KCeasy.exe /hide
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB8_0
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Canon LASER SHOT LBP-1120 - Tilaikkuna.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1213055928375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1213037760187
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 9346 bytes

 

Malwarebytes' Anti-Malwaren logi:

Malwarebytes' Anti-Malware 1.16
Tietokantaversio: 845

13:30:42 10.6.2008
mbam-log-6-10-2008 (13-30-42).txt

Tarkistustyyppi: Täysi tarkistus (C:\|F:\|G:\|H:\|)
Tarkistetut kohteet: 140051
Kulunut aika: 38 minute(s), 39 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 3

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\System Volume Information\_restore{9FBFD3D3-2BA9-4876-997E-810ED6A3E8FC}\RP773\A0102527.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9FBFD3D3-2BA9-4876-997E-810ED6A3E8FC}\RP774\A0102563.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9FBFD3D3-2BA9-4876-997E-810ED6A3E8FC}\RP774\A0102565.dll (Trojan.Vundo) -> Quarantined and deleted successfully.