HJT logi, kone takkuillut hieman

Tuossa logini. Katsooko joku turhat rivit pois. Service Pack 3:sta ei ilmeisesti vielä suomenkieliselle XP:lle ole luvassa.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:26:52, on 26.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PD91Agent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\JPM\Työpöytä\utorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Webteh\BSplayerPro\bsplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.163.152.230:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: khfCstUl - khfCstUl.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PD91Engine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ubersoldier 2 Drivers Auto Removal (pr2anmue) (pr2anmue) - City Interactive Sp z o.o. - C:\WINDOWS\system32\pr2anmue.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6335 bytes

 

Service Pack 3 suomenkieliselle XP:lle on MikkiSoftalla (hae ja Päivitä)

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)



Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

----------------------------------------

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O20 - Winlogon Notify: khfCstUl - khfCstUl.dll (file missing)

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

 

Asensin Service Pack 3:n ja yritin ajaa CompoFixiä. Valitti tällaista.
Can't read temp00 ermission denied

Cannot create file "C:\CompoFix\temp00 Käyttö estetty. Mitenhän saisin ohjelman ajettua loppuun?

HiJackThis logi näyttää nyt tältä:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25, on 2008-06-27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PD91Agent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\CF5319.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.163.152.230:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PD91Engine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ubersoldier 2 Drivers Auto Removal (pr2anmue) (pr2anmue) - City Interactive Sp z o.o. - C:\WINDOWS\system32\pr2anmue.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5957 bytes

 

Aja ComboFix vikasietotilassa.

 

Siitä CompoFix logia. Miltä näyttää?

ComboFix 08-06-20.4 - JPM 2008-06-27 22:01:32.5 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.806 [GMT 3:00]
Running from: C:\Documents and Settings\JPM\Omat tiedostot\Compo\ComboFix.exe
Command switches used :: C:\Documents and Settings\JPM\Omat tiedostot\Compo\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-27 to 2008-06-27 )))))))))))))))))
.

2008-06-27 21:53 . 2008-06-27 21:53 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-06-27 21:53 . 2008-06-27 21:53 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-06-27 20:58 . 2008-06-27 20:58 <KANSIO> d-------- C:\Documents and Settings\NetworkService.NT-HALLINTA\Application Data\Autodesk
2008-06-27 19:37 . 2008-06-27 19:43 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
2008-06-27 19:36 . 2008-04-14 09:12 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe
2008-06-27 19:30 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002756_.tmp
2008-06-27 19:27 . 2008-06-27 19:27 <KANSIO> d-------- C:\WINDOWS\EHome
2008-06-24 09:33 . 2008-06-24 09:33 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-23 20:28 . 2008-06-23 20:28 <KANSIO> d-------- C:\Documents and Settings\Jõrjestelmõnvalvoja
2008-06-23 20:16 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-23 20:00 . 2008-06-23 20:00 <KANSIO> d-------- C:\Documents and Settings\JPM\Application Data\Malwarebytes
2008-06-23 20:00 . 2008-06-23 20:00 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-23 20:00 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-23 19:59 . 2008-06-23 20:00 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-23 19:59 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-23 19:33 . 2008-06-23 19:38 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-06-23 13:10 . 2008-06-23 12:18 262,144 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2008-06-23 12:19 . 2008-06-23 12:19 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-06-23 12:18 . 2008-06-23 12:19 <KANSIO> d-------- C:\Program Files\COMODO
2008-06-23 12:18 . 2008-06-23 12:18 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-06-23 12:18 . 2008-06-23 12:18 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-06-23 12:18 . 2008-06-23 12:18 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-06-23 11:57 . 2008-06-23 12:43 <KANSIO> d-------- C:\Program Files\Avira
2008-06-23 11:57 . 2008-06-23 12:43 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-06-23 10:25 . 2008-06-23 10:25 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-06-22 16:52 . 2008-06-22 16:52 <KANSIO> d-------- C:\Documents and Settings\JPM\Application Data\Nero
2008-06-22 16:51 . 2008-06-22 16:51 <KANSIO> d-------- C:\Program Files\Common Files\Nero
2008-06-22 16:51 . 2008-06-22 16:51 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-06-22 16:51 . 2006-03-17 11:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll
2008-06-22 16:51 . 2006-03-17 11:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll
2008-06-22 16:51 . 2006-03-17 11:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll
2008-06-22 16:51 . 2006-03-17 14:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-06-22 16:51 . 2006-03-17 11:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll
2008-06-20 08:44 . 2008-06-23 08:22 1,282 --a------ C:\rollback.ini
2008-06-12 16:08 . 2008-06-12 16:08 162,432 --a------ C:\WINDOWS\system32\drivers\ithsgt.sys
2008-06-12 16:08 . 2008-06-12 16:08 12,032 --a------ C:\WINDOWS\system32\drivers\lilsgt.sys
2008-06-12 16:02 . 2008-06-12 16:02 <KANSIO> d-------- C:\Program Files\Atari
2008-06-12 15:54 . 2008-04-10 12:08 71,184 -ra------ C:\WINDOWS\system32\drivers\DefragFS.sys
2008-06-11 10:47 . 2008-06-14 20:34 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:47 . 2008-06-14 20:34 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 10:47 . 2008-05-08 17:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-09 07:41 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-06-09 07:41 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-06-09 07:41 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-06-09 07:41 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-06-09 07:41 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-06-09 07:41 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-06-09 07:40 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-06-09 07:40 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-06-09 07:40 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-06-09 07:40 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-06-09 07:40 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-06-09 07:40 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-06-09 07:40 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-06-09 07:40 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-06-08 09:34 . 2008-06-24 09:28 <KANSIO> d-------- C:\Documents and Settings\JPM\Application Data\Games
2008-06-08 09:27 . 2004-08-09 06:04 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-06-05 21:46 . 2008-06-05 21:46 <KANSIO> d-------- C:\Documents and Settings\NetworkService.NT-HALLINTA\Omat tiedostot

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 18:47 --------- d-----w C:\Documents and Settings\JPM\Application Data\uTorrent
2008-06-24 06:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-23 17:16 --------- d-----w C:\Program Files\Java
2008-06-23 16:34 --------- d-----w C:\Program Files\Lavasoft
2008-06-23 09:23 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
2008-06-23 09:18 --------- d-----w C:\Documents and Settings\JPM\Application Data\Comodo
2008-06-23 08:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 21:25 --------- d-----w C:\Documents and Settings\JPM\Application Data\LimeWire
2008-06-22 13:52 --------- d-----w C:\Program Files\Nero
2008-06-17 09:36 --------- d-----w C:\Documents and Settings\JPM\Application Data\dvdcss
2008-06-17 09:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-06-12 12:52 --------- d-----w C:\Program Files\RAXCO
2008-06-08 06:32 --------- d-----w C:\Program Files\AGEIA Technologies
2008-06-08 06:31 278,984 -c--a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-05-28 07:29 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-05-26 16:48 --------- d-----w C:\Program Files\LimeWire
2008-05-16 09:01 --------- d-----w C:\Documents and Settings\JPM\Application Data\Autodesk
2008-05-16 09:01 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Autodesk
2008-05-12 18:57 --------- d-----w C:\Program Files\Glary Utilities
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,704 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-04 07:41 55,776 -c--a-w C:\Documents and Settings\JPM\Application Data\GDIPFONTCACHEV1.DAT
2008-05-01 14:08 --------- d-----w C:\Documents and Settings\JPM\Application Data\GlarySoft
2008-04-28 16:57 --------- d-----w C:\Documents and Settings\JPM\Application Data\DAEMON Tools Pro
2008-04-28 16:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro
2008-04-28 16:36 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-21 06:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-16 10:00 230,664 ----a-w C:\WINDOWS\system32\PDBoot.exe
2008-04-14 06:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 06:15 331,264 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 06:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 06:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 06:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 06:11 997,888 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 06:10 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 06:09 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 06:09 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 06:09 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 06:09 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 05:49 2,191,360 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 05:49 2,068,224 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 05:48 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 05:46 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 05:45 80,384 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 05:45 2,957,312 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-14 05:44 48,640 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 05:43 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 05:42 171,520 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-14 05:41 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 05:41 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 05:40 65,536 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 05:39 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-14 05:38 7,680 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-14 05:38 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 08:45 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 08:40 440,832 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 08:36 2,921,984 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 08:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 08:35 186,368 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 08:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 08:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 07:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 07:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 07:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 07:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 07:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 06:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 06:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 06:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 05:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-04-01 14:51 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-12-07 10:02 22,328 -c--a-w C:\Documents and Settings\JPM\Application Data\PnkBstrK.sys
2007-10-09 11:28 47,360 -c--a-w C:\Documents and Settings\JPM\Application Data\pcouffin.sys
2004-10-01 12:00 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot_2008-06-27_21.08.09,71 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-27 17:56:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-27 19:00:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-27 18:01:16 59,780 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-27 18:21:43 59,780 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-27 18:01:16 72,804 ----a-w C:\WINDOWS\system32\perfc00B.dat
+ 2008-06-27 18:21:43 72,804 ----a-w C:\WINDOWS\system32\perfc00B.dat
- 2008-06-27 18:01:16 397,560 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-27 18:21:43 397,560 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-06-27 18:01:16 372,140 ----a-w C:\WINDOWS\system32\perfh00B.dat
+ 2008-06-27 18:21:43 372,140 ----a-w C:\WINDOWS\system32\perfh00B.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 09:12 15360]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 16:08 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-04 19:28 7393280]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 18:01 68096 C:\WINDOWS\SOUNDMAN.EXE]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-06-23 12:19 278264]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-23 12:18 1655552]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 09:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"vidc.CDVC"= cdvccodc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Documents and Settings\\JPM\\Työpöytä\\utorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCPortti
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017

R0 ps7anmue;Ubersoldier 2 Synchronization Driver (ps7anmue);C:\WINDOWS\system32\drivers\ps7anmue.sys [2008-02-21 11:37]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-06-23 12:18]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-06-23 12:18]
S2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2008-06-12 16:08]
S2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2008-06-12 16:08]
S2 PD91Agent;PD91Agent;"C:\Program Files\Raxco\PerfectDisk\PD91Agent.exe" [2008-04-16 13:00]
S2 pr2anmue;Ubersoldier 2 Drivers Auto Removal (pr2anmue);C:\WINDOWS\system32\pr2anmue.exe svc []
S3 PD91Engine;PD91Engine;"C:\Program Files\Raxco\PerfectDisk\PD91Engine.exe" [2008-04-16 13:00]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 21:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9da2dddc-7b2f-11db-b6b0-00138fa0c309}]
\Shell\AutoRun\command - G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9da2dddd-7b2f-11db-b6b0-00138fa0c309}]
\Shell\AutoRun\command - H:\autorun.exe

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-23 09:12:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-27 18:56:04 C:\WINDOWS\Tasks\GlaryInitialize.job"
- C:\Program Files\Glary Utilities\initialize.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 22:03:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-27 22:05:10
ComboFix-quarantined-files.txt 2008-06-27 19:04:37
ComboFix2.txt 2008-06-23 17:27:54

Pre-Run: 14,424,530,944 tavua vapaana
Post-Run: 14,412,206,080 tavua vapaana

236 --- E O F --- 2008-06-20 06:19:03

 

Combo näytti hyvältä !!!

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt

* Lähetä lokin sisältö seuraavassa viestissäsi.
.