hijackthis logi

joo terve voisko joku vilkaista tätä logia jos siinä sattuis oleen jotain häikkää kun yritin ajaa malwarebytessiä... niin kone heittää jossain puolessa välissä bluescreenin ja kone käynnistyy uudelleen :S

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:48, on 14.6.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
E:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
E:\Program Files\Steam\steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [tvjbmonitor] E:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "E:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6553 bytes

 

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ComboFix 08-06-12.2 - Salee 2008-06-15 1:36:57.1 - NTFSx86
Running from: C:\Users\Salee\Desktop\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Fonts\CALIBRIB.TTF

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-14 to 2008-06-14 )))))))))))))))))
.

2008-06-14 22:15 . 2008-06-14 22:15 0 --a------ C:\kfgjmpsv
2008-06-14 21:55 . 2008-06-14 21:55 <KANSIO> d-------- C:\Users\Salee\AppData\Roaming\Malwarebytes
2008-06-14 21:55 . 2008-06-14 21:55 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-06-14 21:55 . 2008-06-14 21:55 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-06-14 21:55 . 2008-06-14 21:55 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 21:55 . 2008-06-10 19:02 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-14 21:55 . 2008-06-10 19:02 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-14 21:49 . 2008-06-14 21:49 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-14 17:02 . 2008-04-23 07:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 17:02 . 2008-04-23 07:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 17:02 . 2008-04-23 07:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 17:02 . 2008-04-23 07:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-13 00:54 . 2008-06-14 22:00 <KANSIO> d-------- C:\Program Files\Common Files\Steam
2008-06-11 09:53 . 2008-04-25 05:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 09:53 . 2008-04-25 07:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 09:45 . 2008-04-26 11:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 09:45 . 2008-04-29 04:42 220,160 --a------ C:\Windows\System32\drivers\bthport.sys
2008-06-11 09:45 . 2008-04-29 06:54 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-06-11 09:45 . 2008-05-10 04:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 09:45 . 2008-04-29 04:42 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS
2008-06-06 02:38 . 2008-06-06 02:38 38 --a------ C:\Windows\avisplitter.INI
2008-06-05 18:17 . 2008-06-05 18:17 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-05 17:26 . 2008-06-05 17:26 <KANSIO> d-------- C:\PerfLogs
2008-06-05 15:49 . 2008-01-19 10:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-06-05 15:48 . 2008-01-19 10:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-06-05 15:47 . 2008-01-19 09:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-06-05 15:46 . 2008-01-19 10:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-06-05 15:46 . 2008-01-19 10:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-06-05 15:46 . 2008-01-19 10:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-06-05 15:45 . 2008-01-19 10:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-06-05 15:45 . 2008-01-19 10:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-06-05 15:44 . 2008-01-19 10:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-06-05 15:44 . 2008-01-19 10:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-06-05 15:44 . 2008-01-19 10:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-06-05 15:44 . 2008-01-19 10:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-06-05 12:59 . 2008-06-05 12:59 <KANSIO> d-------- C:\Users\Salee\AppData\Roaming\thriXXX
2008-06-05 12:59 . 2008-06-05 17:17 <KANSIO> d-------- C:\Program Files\thriXXX
2008-06-03 01:56 . 2008-06-14 23:47 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll
2008-06-03 01:51 . 2008-06-03 01:51 21,840 --a------ C:\Windows\System32\SIntfNT.dll
2008-06-03 01:51 . 2008-06-03 01:51 17,212 --a------ C:\Windows\System32\SIntf32.dll
2008-06-03 01:51 . 2008-06-03 01:51 12,067 --a------ C:\Windows\System32\SIntf16.dll
2008-06-03 01:43 . 2008-06-03 01:43 94,208 --a------ C:\Windows\DIIUnin.exe
2008-06-03 01:43 . 2008-06-03 01:56 36,273 --a------ C:\Windows\DIIUnin.dat
2008-06-03 01:43 . 2008-06-03 01:43 2,829 --a------ C:\Windows\DIIUnin.pif
2008-06-03 00:39 . 2008-06-03 00:41 <KANSIO> d-------- C:\Users\Salee\AppData\Roaming\Hamachi
2008-06-03 00:39 . 2008-06-03 00:39 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-06-02 22:39 . 2008-06-02 22:39 <KANSIO> d-------- C:\Program Files\Common Files\SWF Studio
2008-05-29 12:04 . 2008-05-29 12:05 <KANSIO> d-------- C:\Program Files\Windows Live
2008-05-28 14:52 . 2001-05-24 15:00 306,688 --a------ C:\Windows\IsUninst.exe
2008-05-28 14:51 . 2008-05-28 14:52 934 --a------ C:\Windows\SOFPLAT.ini
2008-05-28 07:14 . 2008-03-08 05:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 07:14 . 2008-03-08 07:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-27 16:53 . 2008-05-27 16:53 <KANSIO> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-26 16:58 . 2008-05-26 16:58 <KANSIO> d-------- C:\Users\Salee\AppData\Roaming\fretsonfire
2008-05-25 17:03 . 2003-03-02 17:44 7,552 --a------ C:\Windows\System32\drivers\enodpl.sys
2008-05-25 17:03 . 2003-04-19 00:32 4,736 --a------ C:\Windows\System32\drivers\tandpl.sys
2008-05-23 19:32 . 2008-05-23 19:32 <KANSIO> dr-h----- C:\Users\Salee\AppData\Roaming\SecuROM
2008-05-23 19:01 . 2006-09-28 16:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll
2008-05-23 19:01 . 2006-09-28 16:04 68,888 --a------ C:\Windows\System32\xinput1_3.dll
2008-05-23 18:59 . 2008-05-23 18:59 <KANSIO> d-------- C:\Windows\System32\AGEIA
2008-05-23 18:59 . 2008-05-23 18:59 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-23 18:59 . 2008-05-23 19:00 <KANSIO> d-------- C:\Program Files\AGEIA Technologies
2008-05-23 17:30 . 2006-12-01 16:46 151,552 --a------ C:\Windows\System32\MPEG2VideoDMO.dll
2008-05-22 22:21 . 2008-05-22 22:21 <KANSIO> d-------- C:\Windows\System32\es-MX
2008-05-22 22:21 . 2008-05-22 22:21 <KANSIO> d-------- C:\Windows\System32\es-AR
2008-05-22 22:21 . 2008-05-22 22:21 <KANSIO> d-------- C:\Program Files\WIDCOMM
2008-05-22 22:17 . 2008-01-25 00:46 106,496 --a------ C:\Windows\System32\drivers\Rtlh86.sys
2008-05-22 22:16 . 2007-01-02 10:45 80,688 --a------ C:\Windows\System32\drivers\btwavdt.sys
2008-05-22 22:16 . 2007-01-02 10:45 78,128 --a------ C:\Windows\System32\drivers\btwaudio.sys
2008-05-22 22:08 . 2008-06-05 17:41 <KANSIO> d-------- C:\Users\All Users\NVIDIA
2008-05-22 22:08 . 2008-06-05 17:41 <KANSIO> d-------- C:\ProgramData\NVIDIA
2008-05-22 22:08 . 2008-06-15 01:34 89,643 --a------ C:\Users\All Users\nvModes.dat
2008-05-22 22:08 . 2008-06-15 01:34 89,643 --a------ C:\ProgramData\nvModes.dat
2008-05-22 21:50 . 2008-05-22 21:50 <KANSIO> d-------- C:\Windows\System32\Lang
2008-05-22 21:50 . 2008-05-22 21:50 <KANSIO> d-------- C:\Windows\System32\FIN
2008-05-22 21:50 . 2007-10-23 18:02 936,472 --a------ C:\Windows\System32\imsmudlg.exe
2008-05-22 21:50 . 2006-11-09 17:25 319,456 --a------ C:\Windows\System32\difxapi.dll
2008-05-22 21:49 . 2008-05-22 21:49 0 -rahs---- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv9500 Notebook PC_Y5335KV_0U_QCNF7364GDJ_EU_4A_I30CB_SQuanta_V79.2B_F.53_T080402_WV3-0_L40B_M3070_J160_7Intel_86FA_92.00_#080522_N10EC8168;80864229_(GP661EA#UUW)_XMOBILE_CN10_Z_2Rev 1.MRK
2008-05-22 21:45 . 2008-05-22 21:45 <KANSIO> d-------- C:\Program Files\HP DVB-T TV Tuner
2008-05-22 21:44 . 2007-07-25 12:48 172,032 --a------ C:\Windows\System32\rixdicon.dll
2008-05-22 21:44 . 2007-08-08 20:42 45,568 --a------ C:\Windows\System32\drivers\rimmptsk.sys
2008-05-22 21:44 . 2007-07-30 10:42 43,008 --a------ C:\Windows\System32\drivers\rimsptsk.sys
2008-05-22 21:44 . 2007-07-30 11:54 38,400 --a------ C:\Windows\System32\drivers\rixdptsk.sys
2008-05-22 21:43 . 2008-06-05 17:23 <KANSIO> d-------- C:\Windows\System32\RTCOM
2008-05-22 21:43 . 2008-01-07 21:10 98,304 --a------ C:\Windows\RTKAUDIOSERVICE.EXE
2008-05-22 21:43 . 2007-11-13 23:18 553 --a------ C:\Windows\USetup.iss
2008-05-22 21:42 . 2008-05-22 22:17 <KANSIO> d-------- C:\Program Files\Realtek
2008-05-22 21:29 . 2008-05-22 21:50 <KANSIO> d-------- C:\Program Files\Intel
2008-05-22 21:29 . 2008-05-22 21:29 <KANSIO> d-------- C:\Program Files\Fingerprint Sensor
2008-05-22 21:29 . 2008-05-22 21:29 <KANSIO> d-------- C:\Intel
2008-05-22 21:29 . 2007-07-26 16:15 53,248 --a------ C:\Windows\System32\CSVer.dll
2008-05-22 21:28 . 2008-05-22 21:28 <KANSIO> d-------- C:\Windows\System32\Hauppauge
2008-05-22 21:28 . 2008-05-22 21:28 <KANSIO> d-------- C:\Program Files\WinTV
2008-05-22 21:28 . 2007-05-01 15:26 258,104 --a------ C:\Windows\System32\hcwpnp32.dll
2008-05-22 21:28 . 2006-10-10 10:15 98,360 --a------ C:\Windows\System32\hcwi2c32.dll
2008-05-22 21:28 . 2006-10-10 17:47 36,921 --a------ C:\Windows\System32\hcwutl32_priv.dll
2008-05-22 21:28 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32.dll
2008-05-22 21:00 . 2008-05-22 21:00 <KANSIO> d-------- C:\NVIDIA
2008-05-22 20:41 . 2008-05-22 20:41 <KANSIO> d-------- C:\Users\All Users\PC Drivers HeadQuarters
2008-05-22 20:41 . 2008-05-22 20:41 <KANSIO> d-------- C:\ProgramData\PC Drivers HeadQuarters
2008-05-22 19:39 . 2008-06-12 15:55 12 --a------ C:\Windows\bthservsdp.dat
2008-05-22 17:55 . 2008-06-14 21:25 <KANSIO> d-------- C:\Users\Salee\AppData\Roaming\foobar2000
2008-05-22 17:55 . 2008-05-29 12:13 <KANSIO> d-------- C:\Program Files\Trillian
2008-05-22 17:55 . 2008-05-22 17:55 <KANSIO> d-------- C:\Program Files\foobar2000
2008-05-21 22:26 . 2008-05-21 22:26 <KANSIO> d--hs---- C:\Windows\ftpcache
2008-05-21 03:50 . 2008-05-28 23:49 <KANSIO> d-------- C:\Users\Salee\AppData\Roaming\SystemRequirementsLab
2008-05-21 03:50 . 2008-05-28 23:49 <KANSIO> d-------- C:\Program Files\SystemRequirementsLab
2008-05-21 03:49 . 2008-05-21 03:49 <KANSIO> d-------- C:\Program Files\Java
2008-05-21 03:47 . 2008-05-21 03:47 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-05-21 00:51 . 2008-05-21 00:51 <KANSIO> d-------- C:\Windows\PCHEALTH
2008-05-21 00:47 . 2008-05-21 00:50 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-21 00:46 . 2008-05-29 12:03 <KANSIO> d-------- C:\Users\All Users\WLInstaller
2008-05-21 00:46 . 2008-05-29 12:03 <KANSIO> d-------- C:\ProgramData\WLInstaller
2008-05-21 00:17 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-05-20 23:43 . 2008-05-20 23:43 <KANSIO> d-------- C:\Windows\System32\Macromed
2008-05-20 23:33 . 2008-05-27 23:33 <KANSIO> d-------- C:\Users\Salee\AppData\Roaming\dvdcss
2008-05-20 23:16 . 2008-05-20 23:16 <KANSIO> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-20 23:16 . 2008-05-22 21:03 32,215 --a------ C:\Users\Salee\AppData\Roaming\nvModes.dat
2008-05-20 23:13 . 2008-05-20 23:13 <KANSIO> d-------- C:\Users\Salee\AppData\Roaming\DAEMON Tools
2008-05-20 23:13 . 2008-05-20 23:13 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-05-20 23:09 . 2008-05-20 23:09 <KANSIO> d-------- C:\Program Files\uTorrent
2008-05-20 23:08 . 2008-06-12 03:05 <KANSIO> d-------- C:\Users\Salee\AppData\Roaming\uTorrent
2008-05-20 23:08 . 2008-05-20 23:08 <KANSIO> d-------- C:\Program Files\CCleaner
2008-05-20 22:56 . 2008-05-20 22:56 1,820 --a------ C:\Windows\System32\rasctrnm.h
2008-05-20 22:49 . 2008-05-20 22:49 25,656 --a------ C:\Windows\System32\drivers\msahci.sys

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 00:06 --------- d-----w C:\Program Files\Windows Mail
2008-06-05 14:37 174 --sha-w C:\Program Files\desktop.ini
2008-06-05 14:27 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-05 14:27 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-05 14:27 --------- d-----w C:\Program Files\Windows Journal
2008-06-05 14:27 --------- d-----w C:\Program Files\Windows Defender
2008-06-05 14:27 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-05 14:27 --------- d-----w C:\Program Files\Windows Calendar
2008-06-05 14:19 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-05 14:19 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-22 18:42 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-22 18:42 315,392 ----a-w C:\Windows\HideWin.exe
2008-05-20 18:59 --------- d-----w C:\Users\Salee\AppData\Roaming\vlc
2008-05-20 15:32 --------- d-sh--w C:\ProgramData\Työpöytä
2008-05-20 15:32 --------- d-sh--w C:\ProgramData\Tiedostot
2008-05-20 15:32 --------- d-sh--w C:\ProgramData\Suosikit
2008-05-20 15:32 --------- d-sh--w C:\ProgramData\Mallit
2008-05-20 15:32 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 12:39 486856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 10:33 125952]
"Steam"="E:\Program Files\Steam\Steam.exe" [2008-06-13 00:54 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 15:15 480560]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 19:29 102400]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 14:13 202032]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 19:31 1033512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-14 19:26 4874240 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-23 18:02 178712]
"tvjbmonitor"="E:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe" [2006-12-26 17:08 53248]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-02-27 04:48 13515296]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-02-27 04:48 92704]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-05 13:09:54 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{CBFD63AC-346C-4E00-B5C1-FBAFADA172F9}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{91BC5ECE-3B04-4DE0-A09D-5350798E8F40}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{37446A51-8AAD-4198-A902-89E653621597}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{061BD9DE-8704-43FF-81DD-D632ACC47595}"= UDP:E:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{55B0D29E-F1FB-42BC-BD06-89B0231920E7}"= TCP:E:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{88C8237C-62B3-4FF4-B71E-D4366B70C5B7}"= UDP:E:\Program Files\Sierra\FEAR\FEARMP.exe:FEARMP
"{F192CFB4-3802-46AB-960D-AD97C3CD1014}"= TCP:E:\Program Files\Sierra\FEAR\FEARMP.exe:FEARMP
"TCP Query User{22561AC7-1E05-4430-BC0B-EA04A94ED2FE}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{8ACB6481-C1B5-4CDF-BC9C-D5080353C44C}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{1193437A-EC55-4D53-9F0A-88BC78B16E1D}"= UDP:E:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{CE64EEF7-6EDB-4B55-B5D2-636C7E6616C1}"= TCP:E:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{D421A770-1966-42E5-9593-6DC2BDBBF4CA}E:\\program files\\ea games\\battlefield 1942 secret weapons of wwii demo\\bf1942.exe"= UDP:E:\program files\ea games\battlefield 1942 secret weapons of wwii demo\bf1942.exe:BF1942
"UDP Query User{D0DDFBF5-B342-4233-93C8-FD60ED6D999D}E:\\program files\\ea games\\battlefield 1942 secret weapons of wwii demo\\bf1942.exe"= TCP:E:\program files\ea games\battlefield 1942 secret weapons of wwii demo\bf1942.exe:BF1942
"TCP Query User{B0826FEE-F060-4A6F-8531-B99E836097F4}E:\\program files\\valve\\steam\\steamapps\\jilpex\\counter-strike source\\hl2.exe"= UDP:E:\program files\valve\steam\steamapps\jilpex\counter-strike source\hl2.exe:hl2
"UDP Query User{7880DE73-B11F-4F0A-B6D3-62DFADC042D4}E:\\program files\\valve\\steam\\steamapps\\jilpex\\counter-strike source\\hl2.exe"= TCP:E:\program files\valve\steam\steamapps\jilpex\counter-strike source\hl2.exe:hl2
"{A17D1A18-A521-4226-9DBE-9559B4A0A321}"= UDP:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2
"{0F817693-4CCE-4A2E-BAC4-67449B358CF5}"= TCP:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2
"TCP Query User{A40DABA9-D2A3-4AD6-831F-4C4DF2FD61B1}E:\\program files\\ubisoft\\xiii\\system\\xiii.exe"= UDP:E:\program files\ubisoft\xiii\system\xiii.exe:XIII
"UDP Query User{232E27A3-9405-4F38-8916-C79039421CE2}E:\\program files\\ubisoft\\xiii\\system\\xiii.exe"= TCP:E:\program files\ubisoft\xiii\system\xiii.exe:XIII
"TCP Query User{90702A79-AF25-4AAD-9825-0C0133E138FC}E:\\program files\\raven\\sof platinum\\sof.exe"= UDP:E:\program files\raven\sof platinum\sof.exe:SoF
"UDP Query User{0719B91C-D02E-4798-9784-F5B5F155D6D5}E:\\program files\\raven\\sof platinum\\sof.exe"= TCP:E:\program files\raven\sof platinum\sof.exe:SoF
"{EB32271E-0A63-4C41-940C-48E9D4320208}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{117560CA-55A2-49C5-959F-FB8AB7E90979}E:\\program files\\valve\\steam\\steamapps\\6salee9\\garrysmod\\hl2.exe"= UDP:E:\program files\valve\steam\steamapps\6salee9\garrysmod\hl2.exe:hl2
"UDP Query User{9C5018D3-10C3-40EA-A2AB-6FD70E02E147}E:\\program files\\valve\\steam\\steamapps\\6salee9\\garrysmod\\hl2.exe"= TCP:E:\program files\valve\steam\steamapps\6salee9\garrysmod\hl2.exe:hl2
"TCP Query User{4AA04A76-EC15-44EC-A779-A6583054F898}E:\\program files\\valve\\steam\\steamapps\\6salee9\\garrysmod\\hl2.exe"= UDP:E:\program files\valve\steam\steamapps\6salee9\garrysmod\hl2.exe:hl2
"UDP Query User{5C4E427C-4F42-4CA1-92D9-874F59BFC775}E:\\program files\\valve\\steam\\steamapps\\6salee9\\garrysmod\\hl2.exe"= TCP:E:\program files\valve\steam\steamapps\6salee9\garrysmod\hl2.exe:hl2
"TCP Query User{3D14DC28-B357-45A8-A39F-4FB2F3C94D09}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{B77AF78F-9390-4E3B-8AE1-E2E589068473}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{111F4435-BED7-4208-9FE7-B570ACD543B3}E:\\westwood\\sun\\game.exe"= UDP:E:\westwood\sun\game.exe:Main executable for Tiberian Sun
"UDP Query User{108453D7-109D-4553-B1CE-E73C146077D4}E:\\westwood\\sun\\game.exe"= TCP:E:\westwood\sun\game.exe:Main executable for Tiberian Sun
"TCP Query User{C481F1FB-96E7-4111-8EF6-78A96362A5D1}D:\\pelit\\tom clancy's rainbow six vegas\\rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:\pelit\tom clancy's rainbow six vegas\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"UDP Query User{E72B3001-0279-4553-B075-EF7EB83673A8}D:\\pelit\\tom clancy's rainbow six vegas\\rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:\pelit\tom clancy's rainbow six vegas\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"TCP Query User{66E9C779-AE98-4227-8030-33DADB419F2E}E:\\program files\\steam\\steamapps\\6salee9\\garrysmod\\hl2.exe"= UDP:E:\program files\steam\steamapps\6salee9\garrysmod\hl2.exe:hl2
"UDP Query User{F1BB79C2-CF42-46E0-B041-9E86AD9E28E9}E:\\program files\\steam\\steamapps\\6salee9\\garrysmod\\hl2.exe"= TCP:E:\program files\steam\steamapps\6salee9\garrysmod\hl2.exe:hl2
"TCP Query User{714047A0-27A8-4590-857F-4EDE9F201BF1}E:\\program files\\revconnect\\dcplusplus.exe"= UDP:E:\program files\revconnect\dcplusplus.exeC++
"UDP Query User{C1DFF5AF-23C9-460A-86DC-E1F3967B367B}E:\\program files\\revconnect\\dcplusplus.exe"= TCP:E:\program files\revconnect\dcplusplus.exeC++
"TCP Query User{B81FF7B3-1307-41B6-8F8F-561434EEA8F0}E:\\program files\\steam\\steamapps\\jilpex\\garrysmod\\hl2.exe"= UDP:E:\program files\steam\steamapps\jilpex\garrysmod\hl2.exe:hl2
"UDP Query User{1CD2D35E-4ABB-4EDE-9DD4-61A89A8103C8}E:\\program files\\steam\\steamapps\\jilpex\\garrysmod\\hl2.exe"= TCP:E:\program files\steam\steamapps\jilpex\garrysmod\hl2.exe:hl2

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 02:18]
R3 btwaudio;Bluetooth-äänilaite;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 10:45]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 10:45]
S3 EC168BDA;EC168BDA service;C:\Windows\system32\DRIVERS\EC168BDA.sys [2007-10-17 14:50]
S3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-06-10 19:02]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-13 00:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65c73263-26a9-11dd-a592-001b24947626}]
\shell\AutoRun\command - G:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2a04eef-2680-11dd-b63e-806e6f6e6963}]
\shell\AutoRun\command - F:\SETUP.EXE

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 01:39:09
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

[0] 0x69005700

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-15 1:39:54
ComboFix-quarantined-files.txt 2008-06-14 22:39:50

Pre-Run: 28,643,975,168 tavua vapaana
Post-Run: 28,507,344,896 tavua vapaana

266 --- E O F --- 2008-06-14 17:38:22

 

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

 

ComboFix 08-06-12.2 - Salee 2008-06-15 2:26:55.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.2053 [GMT 3:00]
Running from: C:\Users\Salee\Desktop\ComboFix.exe
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-14 to 2008-06-14 )))))))))))))))))
.

2008-06-14 21:55 . 2008-06-14 21:55 <KANSIO> d-------- C:\Users\Salee\AppData\Roaming\Malwarebytes
2008-06-14 21:55 . 2008-06-14 21:55 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-06-14 21:55 . 2008-06-14 21:55 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-06-14 21:55 . 2008-06-14 21:55 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 21:55 . 2008-06-10 19:02 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-14 21:55 . 2008-06-10 19:02 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-14 21:49 . 2008-06-14 21:49 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-14 17:02 . 2008-04-23 07:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 17:02 . 2008-04-23 07:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 17:02 . 2008-04-23 07:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 17:02 . 2008-04-23 07:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-13 00:54 . 2008-06-14 22:00 <KANSIO> d-------- C:\Program Files\Common Files\Steam
2008-06-11 09:53 . 2008-04-25 05:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 09:53 . 2008-04-25 07:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 09:45 . 2008-04-26 11:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 09:45 . 2008-04-29 04:42 220,160 --a------ C:\Windows\System32\drivers\bthport.sys
2008-06-11 09:45 . 2008-04-29 06:54 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-06-11 09:45 . 2008-05-10 04:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 09:45 . 2008-04-29 04:42 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS
2008-06-06 02:38 . 2008-06-06 02:38 38 --a------ C:\Windows\avisplitter.INI
2008-06-05 18:17 . 2008-06-05 18:17 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-05 17:26 . 2008-06-05 17:26 <KANSIO> d-------- C:\PerfLogs
2008-06-05 15:49 . 2008-01-19 10:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-06-05 15:48 . 2008-01-19 10:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-06-05 15:47 . 2008-01-19 09:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-06-05 15:46 . 2008-01-19 10:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-06-05 15:46 . 2008-01-19 10:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-06-05 15:46 . 2008-01-19 10:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-06-05 15:45 . 2008-01-19 10:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-06-05 15:45 . 2008-01-19 10:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-06-05 15:44 . 2008-01-19 10:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-06-05 15:44 . 2008-01-19 10:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-06-05 15:44 . 2008-01-19 10:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-06-05 15:44 . 2008-01-19 10:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-06-05 12:59 . 2008-06-05 12:59 <KANSIO> d-------- C:\Users\Salee\AppData\Roaming\thriXXX
2008-06-05 12:59 . 2008-06-05 17:17 <KANSIO> d-------- C:\Program Files\thriXXX
2008-06-03 01:56 . 2008-06-14 23:47 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll
2008-06-03 01:51 . 2008-06-03 01:51 21,840 --a------ C:\Windows\System32\SIntfNT.dll
2008-06-03 01:51 . 2008-06-03 01:51 17,212 --a------ C:\Windows\System32\SIntf32.dll
2008-06-03 01:51 . 2008-06-03 01:51 12,067 --a------ C:\Windows\System32\SIntf16.dll
2008-06-03 01:43 . 2008-06-03 01:43 94,208 --a------ C:\Windows\DIIUnin.exe
2008-06-03 01:43 . 2008-06-03 01:56 36,273 --a------ C:\Windows\DIIUnin.dat
2008-06-03 01:43 . 2008-06-03 01:43 2,829 --a------ C:\Windows\DIIUnin.pif
2008-06-03 00:39 . 2008-06-03 00:41 <KANSIO> d-------- C:\Users\Salee\AppData\Roaming\Hamachi
2008-06-03 00:39 . 2008-06-03 00:39 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-06-02 22:39 . 2008-06-02 22:39 <KANSIO> d-------- C:\Program Files\Common Files\SWF Studio
2008-05-29 12:04 . 2008-05-29 12:05 <KANSIO> d-------- C:\Program Files\Windows Live
2008-05-28 14:52 . 2001-05-24 15:00 306,688 --a------ C:\Windows\IsUninst.exe
2008-05-28 14:51 . 2008-05-28 14:52 934 --a------ C:\Windows\SOFPLAT.ini
2008-05-28 07:14 . 2008-03-08 05:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 07:14 . 2008-03-08 07:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-27 16:53 . 2008-05-27 16:53 <KANSIO> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-26 16:58 . 2008-05-26 16:58 <KANSIO> d-------- C:\Users\Salee\AppData\Roaming\fretsonfire
2008-05-25 17:03 . 2003-03-02 17:44 7,552 --a------ C:\Windows\System32\drivers\enodpl.sys
2008-05-25 17:03 . 2003-04-19 00:32 4,736 --a------ C:\Windows\System32\drivers\tandpl.sys
2008-05-23 19:32 . 2008-05-23 19:32 <KANSIO> dr-h----- C:\Users\Salee\AppData\Roaming\SecuROM
2008-05-23 19:01 . 2006-09-28 16:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll
2008-05-23 19:01 . 2006-09-28 16:04 68,888 --a------ C:\Windows\System32\xinput1_3.dll
2008-05-23 18:59 . 2008-05-23 18:59 <KANSIO> d-------- C:\Windows\System32\AGEIA
2008-05-23 18:59 . 2008-05-23 18:59 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-23 18:59 . 2008-05-23 19:00 <KANSIO> d-------- C:\Program Files\AGEIA Technologies
2008-05-23 17:30 . 2006-12-01 16:46 151,552 --a------ C:\Windows\System32\MPEG2VideoDMO.dll
2008-05-22 22:21 . 2008-05-22 22:21 <KANSIO> d-------- C:\Windows\System32\es-MX
2008-05-22 22:21 . 2008-05-22 22:21 <KANSIO> d-------- C:\Windows\System32\es-AR
2008-05-22 22:21 . 2008-05-22 22:21 <KANSIO> d-------- C:\Program Files\WIDCOMM
2008-05-22 22:17 . 2008-01-25 00:46 106,496 --a------ C:\Windows\System32\drivers\Rtlh86.sys
2008-05-22 22:16 . 2007-01-02 10:45 80,688 --a------ C:\Windows\System32\drivers\btwavdt.sys
2008-05-22 22:16 . 2007-01-02 10:45 78,128 --a------ C:\Windows\System32\drivers\btwaudio.sys
2008-05-22 22:08 . 2008-06-05 17:41 <KANSIO> d-------- C:\Users\All Users\NVIDIA
2008-05-22 22:08 . 2008-06-05 17:41 <KANSIO> d-------- C:\ProgramData\NVIDIA
2008-05-22 22:08 . 2008-06-15 01:34 89,643 --a------ C:\Users\All Users\nvModes.dat
2008-05-22 22:08 . 2008-06-15 01:34 89,643 --a------ C:\ProgramData\nvModes.dat
2008-05-22 21:50 . 2008-05-22 21:50 <KANSIO> d-------- C:\Windows\System32\Lang
2008-05-22 21:50 . 2008-05-22 21:50 <KANSIO> d-------- C:\Windows\System32\FIN
2008-05-22 21:50 . 2007-10-23 18:02 936,472 --a------ C:\Windows\System32\imsmudlg.exe
2008-05-22 21:50 . 2006-11-09 17:25 319,456 --a------ C:\Windows\System32\difxapi.dll
2008-05-22 21:49 . 2008-05-22 21:49 0 -rahs---- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv9500 Notebook PC_Y5335KV_0U_QCNF7364GDJ_EU_4A_I30CB_SQuanta_V79.2B_F.53_T080402_WV3-0_L40B_M3070_J160_7Intel_86FA_92.00_#080522_N10EC8168;80864229_(GP661EA#UUW)_XMOBILE_CN10_Z_2Rev 1.MRK
2008-05-22 21:45 . 2008-05-22 21:45 <KANSIO> d-------- C:\Program Files\HP DVB-T TV Tuner
2008-05-22 21:44 . 2007-07-25 12:48 172,032 --a------ C:\Windows\System32\rixdicon.dll
2008-05-22 21:44 . 2007-08-08 20:42 45,568 --a------ C:\Windows\System32\drivers\rimmptsk.sys
2008-05-22 21:44 . 2007-07-30 10:42 43,008 --a------ C:\Windows\System32\drivers\rimsptsk.sys
2008-05-22 21:44 . 2007-07-30 11:54 38,400 --a------ C:\Windows\System32\drivers\rixdptsk.sys
2008-05-22 21:43 . 2008-06-05 17:23 <KANSIO> d-------- C:\Windows\System32\RTCOM
2008-05-22 21:43 . 2008-01-07 21:10 98,304 --a------ C:\Windows\RTKAUDIOSERVICE.EXE
2008-05-22 21:43 . 2007-11-13 23:18 553 --a------ C:\Windows\USetup.iss
2008-05-22 21:42 . 2008-05-22 22:17 <KANSIO> d-------- C:\Program Files\Realtek
2008-05-22 21:29 . 2008-05-22 21:50 <KANSIO> d-------- C:\Program Files\Intel
2008-05-22 21:29 . 2008-05-22 21:29 <KANSIO> d-------- C:\Program Files\Fingerprint Sensor
2008-05-22 21:29 . 2008-05-22 21:29 <KANSIO> d-------- C:\Intel
2008-05-22 21:29 . 2007-07-26 16:15 53,248 --a------ C:\Windows\System32\CSVer.dll
2008-05-22 21:28 . 2008-05-22 21:28 <KANSIO> d-------- C:\Windows\System32\Hauppauge
2008-05-22 21:28 . 2008-05-22 21:28 <KANSIO> d-------- C:\Program Files\WinTV
2008-05-22 21:28 . 2007-05-01 15:26 258,104 --a------ C:\Windows\System32\hcwpnp32.dll
2008-05-22 21:28 . 2006-10-10 10:15 98,360 --a------ C:\Windows\System32\hcwi2c32.dll
2008-05-22 21:28 . 2006-10-10 17:47 36,921 --a------ C:\Windows\System32\hcwutl32_priv.dll
2008-05-22 21:28 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32.dll
2008-05-22 21:00 . 2008-05-22 21:00 <KANSIO> d-------- C:\NVIDIA
2008-05-22 20:41 . 2008-05-22 20:41 <KANSIO> d-------- C:\Users\All Users\PC Drivers HeadQuarters
2008-05-22 20:41 . 2008-05-22 20:41 <KANSIO> d-------- C:\ProgramData\PC Drivers HeadQuarters
2008-05-22 19:39 . 2008-06-12 15:55 12 --a------ C:\Windows\bthservsdp.dat
2008-05-22 17:55 . 2008-06-14 21:25 <KANSIO> d-------- C:\Users\Salee\AppData\Roaming\foobar2000
2008-05-22 17:55 . 2008-05-29 12:13 <KANSIO> d-------- C:\Program Files\Trillian
2008-05-22 17:55 . 2008-05-22 17:55 <KANSIO> d-------- C:\Program Files\foobar2000
2008-05-21 22:26 . 2008-05-21 22:26 <KANSIO> d--hs---- C:\Windows\ftpcache
2008-05-21 03:50 . 2008-05-28 23:49 <KANSIO> d-------- C:\Users\Salee\AppData\Roaming\SystemRequirementsLab
2008-05-21 03:50 . 2008-05-28 23:49 <KANSIO> d-------- C:\Program Files\SystemRequirementsLab
2008-05-21 03:49 . 2008-05-21 03:49 <KANSIO> d-------- C:\Program Files\Java
2008-05-21 03:47 . 2008-05-21 03:47 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-05-21 00:51 . 2008-05-21 00:51 <KANSIO> d-------- C:\Windows\PCHEALTH
2008-05-21 00:47 . 2008-05-21 00:50 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-21 00:46 . 2008-05-29 12:03 <KANSIO> d-------- C:\Users\All Users\WLInstaller
2008-05-21 00:46 . 2008-05-29 12:03 <KANSIO> d-------- C:\ProgramData\WLInstaller
2008-05-21 00:17 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-05-20 23:43 . 2008-05-20 23:43 <KANSIO> d-------- C:\Windows\System32\Macromed
2008-05-20 23:33 . 2008-05-27 23:33 <KANSIO> d-------- C:\Users\Salee\AppData\Roaming\dvdcss
2008-05-20 23:16 . 2008-05-20 23:16 <KANSIO> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-20 23:16 . 2008-05-22 21:03 32,215 --a------ C:\Users\Salee\AppData\Roaming\nvModes.dat
2008-05-20 23:13 . 2008-05-20 23:13 <KANSIO> d-------- C:\Users\Salee\AppData\Roaming\DAEMON Tools
2008-05-20 23:13 . 2008-05-20 23:13 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-05-20 23:09 . 2008-05-20 23:09 <KANSIO> d-------- C:\Program Files\uTorrent
2008-05-20 23:08 . 2008-06-12 03:05 <KANSIO> d-------- C:\Users\Salee\AppData\Roaming\uTorrent
2008-05-20 23:08 . 2008-05-20 23:08 <KANSIO> d-------- C:\Program Files\CCleaner
2008-05-20 22:56 . 2008-05-20 22:56 1,820 --a------ C:\Windows\System32\rasctrnm.h
2008-05-20 22:49 . 2008-05-20 22:49 25,656 --a------ C:\Windows\System32\drivers\msahci.sys
2008-05-20 22:48 . 2006-11-02 12:46 8,704 --a------ C:\Windows\System32\hccoin.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 00:06 --------- d-----w C:\Program Files\Windows Mail
2008-06-05 14:37 174 --sha-w C:\Program Files\desktop.ini
2008-06-05 14:27 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-05 14:27 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-05 14:27 --------- d-----w C:\Program Files\Windows Journal
2008-06-05 14:27 --------- d-----w C:\Program Files\Windows Defender
2008-06-05 14:27 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-05 14:27 --------- d-----w C:\Program Files\Windows Calendar
2008-06-05 14:19 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-05 14:19 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-22 18:42 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-22 18:42 315,392 ----a-w C:\Windows\HideWin.exe
2008-05-20 18:59 --------- d-----w C:\Users\Salee\AppData\Roaming\vlc
2008-05-20 15:32 --------- d-sh--w C:\ProgramData\Työpöytä
2008-05-20 15:32 --------- d-sh--w C:\ProgramData\Tiedostot
2008-05-20 15:32 --------- d-sh--w C:\ProgramData\Suosikit
2008-05-20 15:32 --------- d-sh--w C:\ProgramData\Mallit
2008-05-20 15:32 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-15_ 1.39.34,75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-14 19:27:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-14 23:27:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-14 19:27:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-14 23:27:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-14 19:27:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-14 23:27:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 12:39 486856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 10:33 125952]
"Steam"="E:\Program Files\Steam\Steam.exe" [2008-06-13 00:54 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 15:15 480560]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 19:29 102400]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 14:13 202032]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 19:31 1033512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-14 19:26 4874240 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-23 18:02 178712]
"tvjbmonitor"="E:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe" [2006-12-26 17:08 53248]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-02-27 04:48 13515296]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-02-27 04:48 92704]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-05 13:09:54 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{CBFD63AC-346C-4E00-B5C1-FBAFADA172F9}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{91BC5ECE-3B04-4DE0-A09D-5350798E8F40}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{37446A51-8AAD-4198-A902-89E653621597}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{061BD9DE-8704-43FF-81DD-D632ACC47595}"= UDP:E:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{55B0D29E-F1FB-42BC-BD06-89B0231920E7}"= TCP:E:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{88C8237C-62B3-4FF4-B71E-D4366B70C5B7}"= UDP:E:\Program Files\Sierra\FEAR\FEARMP.exe:FEARMP
"{F192CFB4-3802-46AB-960D-AD97C3CD1014}"= TCP:E:\Program Files\Sierra\FEAR\FEARMP.exe:FEARMP
"TCP Query User{22561AC7-1E05-4430-BC0B-EA04A94ED2FE}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{8ACB6481-C1B5-4CDF-BC9C-D5080353C44C}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{1193437A-EC55-4D53-9F0A-88BC78B16E1D}"= UDP:E:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{CE64EEF7-6EDB-4B55-B5D2-636C7E6616C1}"= TCP:E:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{D421A770-1966-42E5-9593-6DC2BDBBF4CA}E:\\program files\\ea games\\battlefield 1942 secret weapons of wwii demo\\bf1942.exe"= UDP:E:\program files\ea games\battlefield 1942 secret weapons of wwii demo\bf1942.exe:BF1942
"UDP Query User{D0DDFBF5-B342-4233-93C8-FD60ED6D999D}E:\\program files\\ea games\\battlefield 1942 secret weapons of wwii demo\\bf1942.exe"= TCP:E:\program files\ea games\battlefield 1942 secret weapons of wwii demo\bf1942.exe:BF1942
"TCP Query User{B0826FEE-F060-4A6F-8531-B99E836097F4}E:\\program files\\valve\\steam\\steamapps\\jilpex\\counter-strike source\\hl2.exe"= UDP:E:\program files\valve\steam\steamapps\jilpex\counter-strike source\hl2.exe:hl2
"UDP Query User{7880DE73-B11F-4F0A-B6D3-62DFADC042D4}E:\\program files\\valve\\steam\\steamapps\\jilpex\\counter-strike source\\hl2.exe"= TCP:E:\program files\valve\steam\steamapps\jilpex\counter-strike source\hl2.exe:hl2
"{A17D1A18-A521-4226-9DBE-9559B4A0A321}"= UDP:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2
"{0F817693-4CCE-4A2E-BAC4-67449B358CF5}"= TCP:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2
"TCP Query User{A40DABA9-D2A3-4AD6-831F-4C4DF2FD61B1}E:\\program files\\ubisoft\\xiii\\system\\xiii.exe"= UDP:E:\program files\ubisoft\xiii\system\xiii.exe:XIII
"UDP Query User{232E27A3-9405-4F38-8916-C79039421CE2}E:\\program files\\ubisoft\\xiii\\system\\xiii.exe"= TCP:E:\program files\ubisoft\xiii\system\xiii.exe:XIII
"TCP Query User{90702A79-AF25-4AAD-9825-0C0133E138FC}E:\\program files\\raven\\sof platinum\\sof.exe"= UDP:E:\program files\raven\sof platinum\sof.exe:SoF
"UDP Query User{0719B91C-D02E-4798-9784-F5B5F155D6D5}E:\\program files\\raven\\sof platinum\\sof.exe"= TCP:E:\program files\raven\sof platinum\sof.exe:SoF
"{EB32271E-0A63-4C41-940C-48E9D4320208}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{117560CA-55A2-49C5-959F-FB8AB7E90979}E:\\program files\\valve\\steam\\steamapps\\6salee9\\garrysmod\\hl2.exe"= UDP:E:\program files\valve\steam\steamapps\6salee9\garrysmod\hl2.exe:hl2
"UDP Query User{9C5018D3-10C3-40EA-A2AB-6FD70E02E147}E:\\program files\\valve\\steam\\steamapps\\6salee9\\garrysmod\\hl2.exe"= TCP:E:\program files\valve\steam\steamapps\6salee9\garrysmod\hl2.exe:hl2
"TCP Query User{4AA04A76-EC15-44EC-A779-A6583054F898}E:\\program files\\valve\\steam\\steamapps\\6salee9\\garrysmod\\hl2.exe"= UDP:E:\program files\valve\steam\steamapps\6salee9\garrysmod\hl2.exe:hl2
"UDP Query User{5C4E427C-4F42-4CA1-92D9-874F59BFC775}E:\\program files\\valve\\steam\\steamapps\\6salee9\\garrysmod\\hl2.exe"= TCP:E:\program files\valve\steam\steamapps\6salee9\garrysmod\hl2.exe:hl2
"TCP Query User{3D14DC28-B357-45A8-A39F-4FB2F3C94D09}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{B77AF78F-9390-4E3B-8AE1-E2E589068473}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{111F4435-BED7-4208-9FE7-B570ACD543B3}E:\\westwood\\sun\\game.exe"= UDP:E:\westwood\sun\game.exe:Main executable for Tiberian Sun
"UDP Query User{108453D7-109D-4553-B1CE-E73C146077D4}E:\\westwood\\sun\\game.exe"= TCP:E:\westwood\sun\game.exe:Main executable for Tiberian Sun
"TCP Query User{C481F1FB-96E7-4111-8EF6-78A96362A5D1}D:\\pelit\\tom clancy's rainbow six vegas\\rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:\pelit\tom clancy's rainbow six vegas\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"UDP Query User{E72B3001-0279-4553-B075-EF7EB83673A8}D:\\pelit\\tom clancy's rainbow six vegas\\rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:\pelit\tom clancy's rainbow six vegas\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"TCP Query User{66E9C779-AE98-4227-8030-33DADB419F2E}E:\\program files\\steam\\steamapps\\6salee9\\garrysmod\\hl2.exe"= UDP:E:\program files\steam\steamapps\6salee9\garrysmod\hl2.exe:hl2
"UDP Query User{F1BB79C2-CF42-46E0-B041-9E86AD9E28E9}E:\\program files\\steam\\steamapps\\6salee9\\garrysmod\\hl2.exe"= TCP:E:\program files\steam\steamapps\6salee9\garrysmod\hl2.exe:hl2
"TCP Query User{714047A0-27A8-4590-857F-4EDE9F201BF1}E:\\program files\\revconnect\\dcplusplus.exe"= UDP:E:\program files\revconnect\dcplusplus.exeC++
"UDP Query User{C1DFF5AF-23C9-460A-86DC-E1F3967B367B}E:\\program files\\revconnect\\dcplusplus.exe"= TCP:E:\program files\revconnect\dcplusplus.exeC++
"TCP Query User{B81FF7B3-1307-41B6-8F8F-561434EEA8F0}E:\\program files\\steam\\steamapps\\jilpex\\garrysmod\\hl2.exe"= UDP:E:\program files\steam\steamapps\jilpex\garrysmod\hl2.exe:hl2
"UDP Query User{1CD2D35E-4ABB-4EDE-9DD4-61A89A8103C8}E:\\program files\\steam\\steamapps\\jilpex\\garrysmod\\hl2.exe"= TCP:E:\program files\steam\steamapps\jilpex\garrysmod\hl2.exe:hl2

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 02:18]
R3 btwaudio;Bluetooth-äänilaite;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 10:45]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 10:45]
S3 EC168BDA;EC168BDA service;C:\Windows\system32\DRIVERS\EC168BDA.sys [2007-10-17 14:50]
S3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-06-10 19:02]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-13 00:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65c73263-26a9-11dd-a592-001b24947626}]
\shell\AutoRun\command - G:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2a04eef-2680-11dd-b63e-806e6f6e6963}]
\shell\AutoRun\command - F:\SETUP.EXE

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 02:28:19
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-15 2:29:06
ComboFix-quarantined-files.txt 2008-06-14 23:29:02
ComboFix2.txt 2008-06-14 22:39:54

Pre-Run: 28,870,950,912 tavua vapaana
Post-Run: 28,834,365,440 tavua vapaana

271 --- E O F --- 2008-06-14 17:38:22

 

päivitä Malwarebytes ja aja se

=============

Lataa TÄSTÄ VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Fix Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

==============

Scannaa koneesi Kaspersky Online Scannerin

Ohjelman käynnistyessä kysytään sallitaanko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
" Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
" Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
" Klikkaa nyt asetuksia, Scan Settings
" Tarkista asetuksista, että seuraavat ovat valittuina:
o Scan using the following Anti-Virus database:
+ Extended (Jos valittavissa, muuten valitse Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
" Klikkaa OK
" Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
" Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
" Klikkaa nyt Save as Text-painiketta.
" Tallenna tiedosto työpöydällesi.
" Mikäli haluat jatkaa asian käsittelyä foorumissa niin kopioi tiedoston sisältö viestiisi.

 

onko noi niinku vaihtoehtoisia skannauksia vai teenkö kaikki tossa järjestyksessä?

 

kaikki vain tuossa järjestyksessä lävitse

 

tos on toi malware logi

Malwarebytes' Anti-Malware 1.17
Tietokantaversio: 856

3:05:36 15.6.2008
mbam-log-6-15-2008 (03-05-36).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|)
Tarkistetut kohteet: 137685
Kulunut aika: 22 minute(s), 36 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 1

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\Users\Salee\Downloads\image23.JPG (Backdoor.Bot) -> Quarantined and deleted successfully.

 

vundofix ei löytänyt mitään ja sit ku pistin et vundo fix niin se ei tehny mitään vaikka odotin joku 30min :S
ja se ei käskeny restartata konetta joten suljin sen enkä saanu logi tiedostoa.

tossa on kumminki toi hijackthis logi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:48, on 14.6.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
E:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
E:\Program Files\Steam\steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [tvjbmonitor] E:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "E:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6553 bytes

 

joo tuo kaspersky online scanneri ei oikee mee läpi, se oli koko yön päällä jo on jumittanu jossain 42 prosentis 11 tuntia eikä mee eteenpäin siitä... :S

 

mites se kone toimii

 

Niin ja sen online skannerin settings valikko ei ollu aivan vastaava. siel ei ollu kaikkii noita kohtii mikkä piti ruksii. Pistin sen lataamaan uusinta versiota. ei se mitään pöpöjä kyllä löytänyt skannin aikana.

En ole nyt kyseisellä koneella koska se on kaverin kone jota skannataan mut huomenna varmaan meen käymään et sais sen vaikka toimimaan.

Kyllä koneesta lähti pari saastunutta tiedostoo ton combofixin avulla (ainakin kun malwarebytesillä skannasin uudelleen)
mutta joku sielä on vielä jumittamassa.

 

Windows Defender
Jos tässä on realiaikainen suojaus päällä niin se pois päältä

Avaa Windows Defender.
Klikkaa Tools ja General Settings.
Selaa alas ja ota rasti pois Turn on real-time protection (recommended)-kohdasta.
Tämän jälkeen klikkaa Save ja sulje Windows Defender.