HJT logi

Terve! jos joku viisaampi osaa kahtoo onko tuossa hjt logissa mitään ihmeellistä?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:48, on 10.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\winudmr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q304&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Windows Controls Center] winudmr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212615650081
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1212654995156
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6843 bytes

 

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Tommonen sieltä tuli.


ComboFix 08-06-10.3 - Omistaja 2008-06-11 16:29:23.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.711 [GMT 3:00]
Running from: C:\Documents and Settings\Omistaja\Omat tiedostot\mozilla\ComboFix.exe
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-11 to 2008-06-11 )))))))))))))))))
.

2008-06-11 16:26 . 2008-06-11 16:26 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-11 16:24 . 2008-06-11 16:25 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-11 16:15 . 2008-04-14 18:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 16:12 . 2008-05-08 17:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 16:05 . 2008-06-11 16:06 2,232 --a------ C:\is155815.exe
2008-06-10 18:43 . 2008-06-10 20:20 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2008-06-09 11:45 . 2008-06-09 11:45 29,342 -r-hs---- C:\WINDOWS\winudmr.exe
2008-06-07 13:01 . 2008-06-07 13:01 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-06 15:33 . 2008-06-10 19:19 <KANSIO> d-------- C:\Program Files\Spyware Terminator
2008-06-06 15:33 . 2008-06-06 15:33 <KANSIO> d-------- C:\Program Files\Hattrick Forever
2008-06-06 15:33 . 2008-06-10 18:39 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Spyware Terminator
2008-06-06 15:33 . 2008-06-10 19:19 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-06 15:33 . 2008-06-06 15:33 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-06 15:23 . 2008-06-06 15:23 <KANSIO> d-------- C:\Program Files\mp3DirectCut
2008-06-06 10:49 . 2008-06-06 10:51 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 10:49 . 2008-06-06 10:49 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Malwarebytes
2008-06-06 10:49 . 2008-06-06 10:49 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 10:49 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 10:49 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 10:29 . 2008-06-06 10:49 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-05 20:53 . 2008-06-05 20:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-05 20:53 . 2008-06-05 20:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-05 20:08 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-05 20:08 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-05 13:25 . 2008-06-05 13:25 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-05 13:25 . 2008-06-08 16:47 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Contacts
2008-06-05 12:21 . 2008-06-09 23:50 <KANSIO> d-------- C:\Program Files\RevConnect
2008-06-05 12:06 . 2008-06-05 12:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-05 11:34 . 2008-06-05 11:36 <KANSIO> d-------- C:\Program Files\Winamp
2008-06-05 11:34 . 2008-06-05 11:46 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Winamp
2008-06-05 11:34 . 2007-03-08 02:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-06-05 11:34 . 2007-03-08 02:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-05 11:34 . 2007-03-08 02:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-05 11:33 . 2008-06-05 11:33 <KANSIO> d-------- C:\Program Files\CCleaner
2008-06-05 11:31 . 2008-06-06 15:37 <KANSIO> d-------- C:\Program Files\Webteh
2008-06-05 11:31 . 2008-06-05 11:31 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\BSplayer Pro
2008-06-05 11:31 . 2008-06-06 15:37 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\BSplayer
2008-06-05 11:29 . 2008-06-11 16:27 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\OpenOffice.org2
2008-06-05 11:27 . 2008-06-05 11:27 <KANSIO> d-------- C:\Program Files\OpenOffice.org 2.3
2008-06-05 11:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-05 11:21 . 2008-06-05 13:21 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-05 11:17 . 2008-06-10 18:42 <KANSIO> d-------- C:\Program Files\Windows Live
2008-06-05 11:16 . 2008-06-05 13:20 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-05 10:22 . 2008-06-05 11:16 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2008-06-05 10:22 . 2008-06-05 10:22 <KANSIO> d-------- C:\WINDOWS\system32\fi
2008-06-05 10:22 . 2008-06-05 10:22 <KANSIO> d-------- C:\WINDOWS\l2schemas
2008-06-05 10:09 . 2008-04-14 19:11 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-06-05 09:47 . 2008-06-05 09:47 <KANSIO> d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko
2008-06-05 09:37 . 2004-06-03 05:54 7,406 --a------ C:\WINDOWS\system32\doc.ico
2008-06-05 09:37 . 2008-06-11 16:27 248 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-06-05 09:35 . 2008-06-05 09:36 <KANSIO> d-------- C:\WINDOWS\I386
2008-06-05 09:29 . 2008-06-07 13:01 <KANSIO> dr------- C:\Program Files
2008-06-05 09:29 . 2008-06-05 11:23 <KANSIO> dr------- C:\Documents and Settings\Omistaja\Suosikit
2008-06-05 09:29 . 2008-06-08 16:54 <KANSIO> dr------- C:\Documents and Settings\Omistaja\Omat tiedostot
2008-06-05 09:29 . 2008-06-05 09:33 <KANSIO> dr------- C:\Documents and Settings\Omistaja\Käynnistä-valikko
2008-06-05 09:29 . 2008-06-05 09:33 <KANSIO> dr------- C:\Documents and Settings\Default User\Käynnistä-valikko
2008-06-05 09:29 . 2008-06-05 00:46 <KANSIO> dr------- C:\Documents and Settings\All Users\Tiedostot
2008-06-05 09:29 . 2008-06-05 10:23 <KANSIO> dr------- C:\Documents and Settings\All Users\Käynnistä-valikko
2008-06-05 09:28 . 2008-06-11 16:26 <KANSIO> dr-hsc--- C:\WINDOWS\system32\dllcache
2008-06-05 09:28 . 2008-06-05 09:33 <KANSIO> dr------- C:\WINDOWS\system32\config\systemprofile\Käynnistä-valikko
2008-06-05 09:23 . 2008-06-05 09:23 <KANSIO> d-------- C:\WINDOWS\provisioning
2008-06-05 09:23 . 2008-06-05 10:22 <KANSIO> d-------- C:\WINDOWS\peernet
2008-06-05 09:22 . 2008-06-05 09:22 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
2008-06-05 09:17 . 2008-06-05 10:15 <KANSIO> d-------- C:\WINDOWS\EHome
2008-06-05 08:30 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-06-05 08:30 . 2008-04-14 09:12 11,264 --------- C:\WINDOWS\system32\spnpinst.exe
2008-06-05 08:30 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-06-05 08:30 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-06-05 08:07 . 2008-04-14 19:11 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-05 07:47 . 2008-04-14 19:11 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-06-05 00:52 . 2008-06-05 00:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-05 00:48 . 2008-06-05 00:48 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Sonic
2008-06-05 00:47 . 2008-06-05 00:47 3,514 -rahs---- C:\WINDOWS\system32\drivers\HP_PJ411AA-ABX a609.fi_YC_Pavi_QCZB429_E43FIheBLF2_4_IKelut_SASUSTek Computer INC._V2.02_B3.09_T040709_WXH1_L40B_M1024_J120_7AMD_8Athlon XP 3000+_92,16_111063044_N11063065_P_Z11C1048C_K_A11063059_U11063038_G10DE0322.MRK
2008-06-05 00:46 . 2004-01-01 11:49 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-06-05 00:46 . 2004-01-01 09:06 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-06-05 00:46 . 2004-01-01 12:30 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-06-05 00:46 . 2004-01-01 11:43 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intervideo
2008-06-05 00:45 . 2008-06-05 00:45 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Sonic
2008-06-05 00:45 . 2008-06-05 00:45 <KANSIO> d-------- C:\Program Files\Common Files\Sonic
2008-06-05 00:44 . 2008-06-05 09:33 <KANSIO> dr------- C:\WINDOWS\system32\config\systemprofile\Omat tiedostot
2008-06-05 00:44 . 2008-06-05 00:44 <KANSIO> d-------- C:\Program Files\Sonic
2008-06-05 00:44 . 2008-06-05 00:44 <KANSIO> d-------- C:\Program Files\RecordNow!
2008-06-05 00:44 . 2008-06-05 00:44 <KANSIO> d-------- C:\Program Files\Common Files\SureThing Shared
2008-06-05 00:43 . 2004-01-01 11:49 <KANSIO> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-06-05 00:43 . 2008-06-05 09:33 <KANSIO> dr------- C:\Documents and Settings\Default User\Omat tiedostot
2008-06-05 00:43 . 2008-04-14 19:11 354,304 --a------ C:\WINDOWS\system32\winhttp.dll
2008-06-05 00:43 . 2008-04-14 19:11 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-06-05 00:43 . 2008-04-14 19:11 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-06-05 00:43 . 2008-04-14 19:11 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-06-05 00:40 . 2008-06-05 00:40 <KANSIO> d--hs---- C:\Documents and Settings\Omistaja\UserData
2008-06-05 00:37 . 2008-06-05 00:37 <KANSIO> d-------- C:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 08:27 --------- d-----w C:\Program Files\Java
2008-06-04 21:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-04 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,704 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 16:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 16:15 331,264 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 16:11 997,888 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 16:10 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 16:09 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 16:09 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 15:59 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 15:51 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 15:51 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 15:51 68,096 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 15:51 46,720 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 15:51 120,064 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 15:49 2,191,360 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 15:49 2,068,224 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 15:48 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 15:47 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 15:47 154,112 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 15:46 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 15:46 37,120 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 15:46 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 15:46 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 15:45 80,384 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 15:45 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
2008-04-14 15:45 40,704 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 15:45 40,320 ------w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 15:45 2,957,312 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-14 15:44 48,640 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 15:43 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 15:43 52,096 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 15:42 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 15:42 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 15:42 171,520 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-14 15:41 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 15:41 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 15:40 65,536 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 15:40 57,472 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 15:39 51,840 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 15:39 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 15:38 39,808 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 15:38 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 15:37 7,680 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-14 15:37 41,728 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 15:37 41,344 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 15:36 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 15:36 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 15:36 187,904 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-14 06:11 992,256 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 06:11 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-11_16.15.04,07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-11 13:05:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 13:27:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 15:59:41 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 13:01:50 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:01:50 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:01:50 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:01:50 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:01:50 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:56 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:01:50 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:01:50 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:01:51 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:01:51 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:01:51 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:01:51 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:01:51 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:56:25 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:01:51 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:01:52 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:01:52 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 15:31:54 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:01:53 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:01:53 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:01:53 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:01:53 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:01:53 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:31:14 214,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:32:23 380,640 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:01:53 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:01:53 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:01:53 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:01:53 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2008-03-01 13:01:50 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:41 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-03-01 13:01:50 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:41 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-03-01 13:01:50 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:42 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:01:50 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:42 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 13:01:50 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:42 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 13:01:50 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:42 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-02-29 08:55:56 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:41:08 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 13:01:50 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:42 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 13:01:50 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:42 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-03-01 13:01:51 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:42 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 13:01:51 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:42 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 13:01:51 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:42 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 13:01:51 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:42 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 13:01:51 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:42 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-02-29 08:56:25 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:41:30 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-03-01 13:01:51 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:42 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-03-01 13:01:52 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:42 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 13:01:52 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:42 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 15:31:54 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-23 19:16:44 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 13:01:53 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:42 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 13:01:53 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:42 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 13:01:53 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:42 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 13:01:53 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:42 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 13:01:53 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:42 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-05-07 05:12:01 1,288,704 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
- 2008-03-01 13:01:53 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:42 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 13:01:53 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:43 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 13:01:53 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:43 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 13:01:53 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:43 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2005-01-28 10:44:28 2,370,296 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-12-07 05:29:34 2,374,472 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2008-03-01 13:01:50 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:42 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 13:01:50 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:42 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 13:01:50 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:42 133,120 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-03-01 13:01:50 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:42 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:55:56 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:41:08 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 13:01:50 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:42 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 13:01:50 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:42 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
- 2008-03-01 13:01:51 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:42 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 13:01:51 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:42 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 13:01:51 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:42 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-03-01 13:01:51 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:42 44,544 ------w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 13:01:51 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:42 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-03-01 13:01:51 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:42 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 11:35:06 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-03-01 13:01:52 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:42 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 13:01:52 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:42 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 15:31:54 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-23 19:16:44 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 13:01:53 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:42 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 13:01:53 193,024 ------w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:42 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2008-03-01 13:01:53 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:42 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2008-03-01 13:01:53 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:42 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2008-03-01 13:01:53 44,544 ------w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:42 44,544 ------w C:\WINDOWS\system32\pngfilt.dll
- 2008-03-01 13:01:53 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:42 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 13:01:53 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:43 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-03-01 13:01:53 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:43 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2005-01-28 10:44:28 2,370,296 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-12-07 05:29:34 2,374,472 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2008-06-11 13:27:43 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5fc.dat
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 02:34 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 16:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 04:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 04:16 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57 81920]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-02-23 22:43 3026944]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 21:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 08:28 36352]
"Windows Controls Center"="winudmr.exe" [2008-06-09 11:45 29342 C:\WINDOWS\winudmr.exe]

C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 13:19:24 237568]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\svho.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 16:31:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-11 16:32:21
ComboFix-quarantined-files.txt 2008-06-11 13:32:15
ComboFix2.txt 2008-06-11 13:15:23

Pre-Run: 94,713,593,856 tavua vapaana
Post-Run: 94,698,500,096 tavua vapaana

414 --- E O F --- 2008-06-11 13:26:34

 

Lataa SmitfraudFix (c) S!Ri
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita ponnahtava rapport – muistion sisältö viestiketjuusi.
Löytyy myös C:\rapport.txt

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat
(AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja.
A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä,
silloin ne saattavat varoittaa käyttäjää.

 

joo tällänen

SmitFraudFix v2.323

Scan done at 17:22:44,82, ke 11.06.2008
Run from C:\Documents and Settings\Omistaja\Omat tiedostot\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\winudmr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Omistaja


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Omistaja\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Omistaja\Suosikit


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Rhine II Fast Ethernet Adapter - Paketinajoituksen miniportti
DNS Server Search Order: 192.168.10.1
DNS Server Search Order: 192.89.123.26
DNS Server Search Order: 0.0.0.0

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4C14F098-6995-4400-998E-29204D0BEE4E}: DhcpNameServer=192.168.10.1 192.89.123.26 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4C14F098-6995-4400-998E-29204D0BEE4E}: DhcpNameServer=192.168.10.1 192.89.123.26 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4C14F098-6995-4400-998E-29204D0BEE4E}: DhcpNameServer=192.168.10.1 192.89.123.26 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4C14F098-6995-4400-998E-29204D0BEE4E}: DhcpNameServer=192.168.10.1 192.89.123.26 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.1 192.89.123.26 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.1 192.89.123.26 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.1 192.89.123.26 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.1 192.89.123.26 0.0.0.0


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.


==========

scannaa hjt:llä merkkaa paina Fix checked

O4 - HKLM\..\Run: [Windows Controls Center] winudmr.exe

 

tällänen

ComboFix 08-06-10.3 - Omistaja 2008-06-11 17:53:31.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.675 [GMT 3:00]
Running from: C:\Documents and Settings\Omistaja\Omat tiedostot\mozilla\ComboFix.exe
Command switches used :: C:\Documents and Settings\Omistaja\Omat tiedostot\CFScript.txt
* Created a new restore point
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-11 to 2008-06-11 )))))))))))))))))
.

2008-06-11 17:34 . 2008-06-11 17:34 2,232 --a------ C:\mzdza.exe
2008-06-11 17:22 . 2008-06-11 17:22 1,908 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-11 17:00 . 2008-06-11 17:00 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\AdobeUM
2008-06-11 16:59 . 2008-06-11 16:59 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-06-11 16:26 . 2008-06-11 16:26 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-11 16:24 . 2008-06-11 16:25 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-11 16:15 . 2008-04-14 18:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 16:12 . 2008-05-08 17:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 16:05 . 2008-06-11 16:06 2,232 --a------ C:\is155815.exe
2008-06-10 18:43 . 2008-06-10 20:20 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2008-06-09 11:45 . 2008-06-09 11:45 29,342 -r-hs---- C:\WINDOWS\winudmr.exe
2008-06-07 13:01 . 2008-06-07 13:01 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-06 15:33 . 2008-06-10 19:19 <KANSIO> d-------- C:\Program Files\Spyware Terminator
2008-06-06 15:33 . 2008-06-06 15:33 <KANSIO> d-------- C:\Program Files\Hattrick Forever
2008-06-06 15:33 . 2008-06-10 18:39 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Spyware Terminator
2008-06-06 15:33 . 2008-06-10 19:19 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-06 15:33 . 2008-06-06 15:33 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-06 15:23 . 2008-06-06 15:23 <KANSIO> d-------- C:\Program Files\mp3DirectCut
2008-06-06 10:49 . 2008-06-06 10:51 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 10:49 . 2008-06-06 10:49 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Malwarebytes
2008-06-06 10:49 . 2008-06-06 10:49 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 10:49 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 10:49 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 10:29 . 2008-06-06 10:49 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-05 20:53 . 2008-06-05 20:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-05 20:53 . 2008-06-05 20:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-05 20:08 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-05 20:08 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-05 13:25 . 2008-06-05 13:25 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-05 13:25 . 2008-06-08 16:47 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Contacts
2008-06-05 12:21 . 2008-06-11 17:18 <KANSIO> d-------- C:\Program Files\RevConnect
2008-06-05 12:06 . 2008-06-05 12:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-05 11:34 . 2008-06-05 11:36 <KANSIO> d-------- C:\Program Files\Winamp
2008-06-05 11:34 . 2008-06-05 11:46 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Winamp
2008-06-05 11:34 . 2007-03-08 02:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-06-05 11:34 . 2007-03-08 02:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-05 11:34 . 2007-03-08 02:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-05 11:33 . 2008-06-05 11:33 <KANSIO> d-------- C:\Program Files\CCleaner
2008-06-05 11:31 . 2008-06-06 15:37 <KANSIO> d-------- C:\Program Files\Webteh
2008-06-05 11:31 . 2008-06-05 11:31 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\BSplayer Pro
2008-06-05 11:31 . 2008-06-06 15:37 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\BSplayer
2008-06-05 11:29 . 2008-06-11 16:27 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\OpenOffice.org2
2008-06-05 11:27 . 2008-06-05 11:27 <KANSIO> d-------- C:\Program Files\OpenOffice.org 2.3
2008-06-05 11:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-05 11:21 . 2008-06-05 13:21 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-05 11:17 . 2008-06-10 18:42 <KANSIO> d-------- C:\Program Files\Windows Live
2008-06-05 11:16 . 2008-06-05 13:20 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-05 10:22 . 2008-06-05 11:16 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2008-06-05 10:22 . 2008-06-05 10:22 <KANSIO> d-------- C:\WINDOWS\system32\fi
2008-06-05 10:22 . 2008-06-05 10:22 <KANSIO> d-------- C:\WINDOWS\l2schemas
2008-06-05 10:09 . 2008-04-14 19:11 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-06-05 09:47 . 2008-06-05 09:47 <KANSIO> d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko
2008-06-05 09:37 . 2004-06-03 05:54 7,406 --a------ C:\WINDOWS\system32\doc.ico
2008-06-05 09:37 . 2008-06-11 16:27 248 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-06-05 09:35 . 2008-06-05 09:36 <KANSIO> d-------- C:\WINDOWS\I386
2008-06-05 09:29 . 2008-06-07 13:01 <KANSIO> dr------- C:\Program Files
2008-06-05 09:29 . 2008-06-05 11:23 <KANSIO> dr------- C:\Documents and Settings\Omistaja\Suosikit
2008-06-05 09:29 . 2008-06-11 17:53 <KANSIO> dr------- C:\Documents and Settings\Omistaja\Omat tiedostot
2008-06-05 09:29 . 2008-06-05 09:33 <KANSIO> dr------- C:\Documents and Settings\Omistaja\Käynnistä-valikko
2008-06-05 09:29 . 2008-06-05 09:33 <KANSIO> dr------- C:\Documents and Settings\Default User\Käynnistä-valikko
2008-06-05 09:29 . 2008-06-05 00:46 <KANSIO> dr------- C:\Documents and Settings\All Users\Tiedostot
2008-06-05 09:29 . 2008-06-05 10:23 <KANSIO> dr------- C:\Documents and Settings\All Users\Käynnistä-valikko
2008-06-05 09:28 . 2008-06-11 16:26 <KANSIO> dr-hsc--- C:\WINDOWS\system32\dllcache
2008-06-05 09:28 . 2008-06-05 09:33 <KANSIO> dr------- C:\WINDOWS\system32\config\systemprofile\Käynnistä-valikko
2008-06-05 09:23 . 2008-06-05 09:23 <KANSIO> d-------- C:\WINDOWS\provisioning
2008-06-05 09:23 . 2008-06-05 10:22 <KANSIO> d-------- C:\WINDOWS\peernet
2008-06-05 09:22 . 2008-06-05 09:22 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
2008-06-05 09:17 . 2008-06-05 10:15 <KANSIO> d-------- C:\WINDOWS\EHome
2008-06-05 08:30 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-06-05 08:30 . 2008-04-14 09:12 11,264 --------- C:\WINDOWS\system32\spnpinst.exe
2008-06-05 08:30 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-06-05 08:30 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-06-05 08:07 . 2008-04-14 19:11 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-05 07:47 . 2008-04-14 19:11 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-06-05 00:52 . 2008-06-05 00:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-05 00:48 . 2008-06-05 00:48 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Sonic
2008-06-05 00:47 . 2008-06-05 00:47 3,514 -rahs---- C:\WINDOWS\system32\drivers\HP_PJ411AA-ABX a609.fi_YC_Pavi_QCZB429_E43FIheBLF2_4_IKelut_SASUSTek Computer INC._V2.02_B3.09_T040709_WXH1_L40B_M1024_J120_7AMD_8Athlon XP 3000+_92,16_111063044_N11063065_P_Z11C1048C_K_A11063059_U11063038_G10DE0322.MRK
2008-06-05 00:46 . 2004-01-01 11:49 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-06-05 00:46 . 2004-01-01 09:06 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-06-05 00:46 . 2004-01-01 12:30 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-06-05 00:46 . 2004-01-01 11:43 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intervideo
2008-06-05 00:45 . 2008-06-05 00:45 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Sonic
2008-06-05 00:45 . 2008-06-05 00:45 <KANSIO> d-------- C:\Program Files\Common Files\Sonic
2008-06-05 00:44 . 2008-06-05 09:33 <KANSIO> dr------- C:\WINDOWS\system32\config\systemprofile\Omat tiedostot
2008-06-05 00:44 . 2008-06-05 00:44 <KANSIO> d-------- C:\Program Files\Sonic
2008-06-05 00:44 . 2008-06-05 00:44 <KANSIO> d-------- C:\Program Files\RecordNow!
2008-06-05 00:44 . 2008-06-05 00:44 <KANSIO> d-------- C:\Program Files\Common Files\SureThing Shared
2008-06-05 00:43 . 2004-01-01 11:49 <KANSIO> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-06-05 00:43 . 2008-06-05 09:33 <KANSIO> dr------- C:\Documents and Settings\Default User\Omat tiedostot
2008-06-05 00:43 . 2008-04-14 19:11 354,304 --a------ C:\WINDOWS\system32\winhttp.dll
2008-06-05 00:43 . 2008-04-14 19:11 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-06-05 00:43 . 2008-04-14 19:11 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-06-05 00:43 . 2008-04-14 19:11 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-06-05 00:40 . 2008-06-05 00:40 <KANSIO> d--hs---- C:\Documents and Settings\Omistaja\UserData
2008-06-05 00:37 . 2008-06-05 00:37 <KANSIO> d-------- C:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 08:27 --------- d-----w C:\Program Files\Java
2008-06-04 21:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-04 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,704 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 16:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 16:15 331,264 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 16:11 997,888 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 16:10 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 16:09 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 16:09 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 15:59 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 15:51 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 15:51 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 15:51 68,096 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 15:51 46,720 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 15:51 120,064 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 15:49 2,191,360 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 15:49 2,068,224 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 15:48 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 15:47 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 15:47 154,112 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 15:46 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 15:46 37,120 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 15:46 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 15:46 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 15:45 80,384 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 15:45 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
2008-04-14 15:45 40,704 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 15:45 40,320 ------w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 15:45 2,957,312 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-14 15:44 48,640 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 15:43 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 15:43 52,096 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 15:42 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 15:42 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 15:42 171,520 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-14 15:41 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 15:41 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 15:40 65,536 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 15:40 57,472 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 15:39 51,840 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 15:39 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 15:38 39,808 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 15:38 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 15:37 7,680 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-14 15:37 41,728 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 15:37 41,344 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 15:36 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 15:36 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 15:36 187,904 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-14 06:11 992,256 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 06:11 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 02:34 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 16:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 04:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 04:16 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57 81920]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-02-23 22:43 3026944]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 21:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 08:28 36352]
"Windows Controls Center"="winudmr.exe" [2008-06-09 11:45 29342 C:\WINDOWS\winudmr.exe]

C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 13:19:24 237568]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\svho.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 17:54:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-11 17:54:58
ComboFix-quarantined-files.txt 2008-06-11 14:54:54
ComboFix2.txt 2008-06-11 13:32:22
ComboFix3.txt 2008-06-11 13:15:23

Pre-Run: 94,646,390,784 tavua vapaana
Post-Run: 94,630,486,016 tavua vapaana

262 --- E O F --- 2008-06-11 13:26:34

 

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

 

ComboFix 08-06-10.3 - Omistaja 2008-06-11 18:25:02.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.706 [GMT 3:00]
Running from: C:\Documents and Settings\Omistaja\Omat tiedostot\mozilla\ComboFix.exe
Command switches used :: C:\Documents and Settings\Omistaja\Omat tiedostot\CFScript.txt
* Created a new restore point
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-11 to 2008-06-11 )))))))))))))))))
.

2008-06-11 17:34 . 2008-06-11 17:34 2,232 --a------ C:\mzdza.exe
2008-06-11 17:22 . 2008-06-11 17:22 1,908 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-11 17:00 . 2008-06-11 17:00 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\AdobeUM
2008-06-11 16:59 . 2008-06-11 16:59 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-06-11 16:26 . 2008-06-11 16:26 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-11 16:24 . 2008-06-11 16:25 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-11 16:15 . 2008-04-14 18:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 16:12 . 2008-05-08 17:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 16:05 . 2008-06-11 16:06 2,232 --a------ C:\is155815.exe
2008-06-10 18:43 . 2008-06-10 20:20 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2008-06-09 11:45 . 2008-06-09 11:45 29,342 -r-hs---- C:\WINDOWS\winudmr.exe
2008-06-07 13:01 . 2008-06-07 13:01 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-06 15:33 . 2008-06-10 19:19 <KANSIO> d-------- C:\Program Files\Spyware Terminator
2008-06-06 15:33 . 2008-06-06 15:33 <KANSIO> d-------- C:\Program Files\Hattrick Forever
2008-06-06 15:33 . 2008-06-10 18:39 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Spyware Terminator
2008-06-06 15:33 . 2008-06-10 19:19 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-06 15:33 . 2008-06-06 15:33 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-06 15:23 . 2008-06-06 15:23 <KANSIO> d-------- C:\Program Files\mp3DirectCut
2008-06-06 10:49 . 2008-06-06 10:51 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 10:49 . 2008-06-06 10:49 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Malwarebytes
2008-06-06 10:49 . 2008-06-06 10:49 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 10:49 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 10:49 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 10:29 . 2008-06-06 10:49 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-05 20:53 . 2008-06-05 20:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-05 20:53 . 2008-06-05 20:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-05 20:08 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-05 20:08 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-05 13:25 . 2008-06-05 13:25 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-05 13:25 . 2008-06-08 16:47 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Contacts
2008-06-05 12:21 . 2008-06-11 17:18 <KANSIO> d-------- C:\Program Files\RevConnect
2008-06-05 12:06 . 2008-06-05 12:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-05 11:34 . 2008-06-05 11:36 <KANSIO> d-------- C:\Program Files\Winamp
2008-06-05 11:34 . 2008-06-05 11:46 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Winamp
2008-06-05 11:34 . 2007-03-08 02:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-06-05 11:34 . 2007-03-08 02:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-05 11:34 . 2007-03-08 02:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-05 11:33 . 2008-06-05 11:33 <KANSIO> d-------- C:\Program Files\CCleaner
2008-06-05 11:31 . 2008-06-06 15:37 <KANSIO> d-------- C:\Program Files\Webteh
2008-06-05 11:31 . 2008-06-05 11:31 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\BSplayer Pro
2008-06-05 11:31 . 2008-06-06 15:37 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\BSplayer
2008-06-05 11:29 . 2008-06-11 17:59 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\OpenOffice.org2
2008-06-05 11:27 . 2008-06-05 11:27 <KANSIO> d-------- C:\Program Files\OpenOffice.org 2.3
2008-06-05 11:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-05 11:21 . 2008-06-05 13:21 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-05 11:17 . 2008-06-10 18:42 <KANSIO> d-------- C:\Program Files\Windows Live
2008-06-05 11:16 . 2008-06-05 13:20 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-05 10:22 . 2008-06-05 11:16 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2008-06-05 10:22 . 2008-06-05 10:22 <KANSIO> d-------- C:\WINDOWS\system32\fi
2008-06-05 10:22 . 2008-06-05 10:22 <KANSIO> d-------- C:\WINDOWS\l2schemas
2008-06-05 10:09 . 2008-04-14 19:11 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-06-05 09:47 . 2008-06-05 09:47 <KANSIO> d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko
2008-06-05 09:37 . 2004-06-03 05:54 7,406 --a------ C:\WINDOWS\system32\doc.ico
2008-06-05 09:37 . 2008-06-11 17:59 248 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-06-05 09:35 . 2008-06-05 09:36 <KANSIO> d-------- C:\WINDOWS\I386
2008-06-05 09:29 . 2008-06-07 13:01 <KANSIO> dr------- C:\Program Files
2008-06-05 09:29 . 2008-06-05 11:23 <KANSIO> dr------- C:\Documents and Settings\Omistaja\Suosikit
2008-06-05 09:29 . 2008-06-11 18:24 <KANSIO> dr------- C:\Documents and Settings\Omistaja\Omat tiedostot
2008-06-05 09:29 . 2008-06-05 09:33 <KANSIO> dr------- C:\Documents and Settings\Omistaja\Käynnistä-valikko
2008-06-05 09:29 . 2008-06-05 09:33 <KANSIO> dr------- C:\Documents and Settings\Default User\Käynnistä-valikko
2008-06-05 09:29 . 2008-06-05 00:46 <KANSIO> dr------- C:\Documents and Settings\All Users\Tiedostot
2008-06-05 09:29 . 2008-06-05 10:23 <KANSIO> dr------- C:\Documents and Settings\All Users\Käynnistä-valikko
2008-06-05 09:28 . 2008-06-11 16:26 <KANSIO> dr-hsc--- C:\WINDOWS\system32\dllcache
2008-06-05 09:28 . 2008-06-05 09:33 <KANSIO> dr------- C:\WINDOWS\system32\config\systemprofile\Käynnistä-valikko
2008-06-05 09:23 . 2008-06-05 09:23 <KANSIO> d-------- C:\WINDOWS\provisioning
2008-06-05 09:23 . 2008-06-05 10:22 <KANSIO> d-------- C:\WINDOWS\peernet
2008-06-05 09:22 . 2008-06-05 09:22 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
2008-06-05 09:17 . 2008-06-05 10:15 <KANSIO> d-------- C:\WINDOWS\EHome
2008-06-05 08:30 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-06-05 08:30 . 2008-04-14 09:12 11,264 --------- C:\WINDOWS\system32\spnpinst.exe
2008-06-05 08:30 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-06-05 08:30 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-06-05 08:07 . 2008-04-14 19:11 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-05 07:47 . 2008-04-14 19:11 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-06-05 00:52 . 2008-06-05 00:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-05 00:48 . 2008-06-05 00:48 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Sonic
2008-06-05 00:47 . 2008-06-05 00:47 3,514 -rahs---- C:\WINDOWS\system32\drivers\HP_PJ411AA-ABX a609.fi_YC_Pavi_QCZB429_E43FIheBLF2_4_IKelut_SASUSTek Computer INC._V2.02_B3.09_T040709_WXH1_L40B_M1024_J120_7AMD_8Athlon XP 3000+_92,16_111063044_N11063065_P_Z11C1048C_K_A11063059_U11063038_G10DE0322.MRK
2008-06-05 00:46 . 2004-01-01 11:49 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-06-05 00:46 . 2004-01-01 09:06 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-06-05 00:46 . 2004-01-01 12:30 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-06-05 00:46 . 2004-01-01 11:43 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intervideo
2008-06-05 00:45 . 2008-06-05 00:45 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Sonic
2008-06-05 00:45 . 2008-06-05 00:45 <KANSIO> d-------- C:\Program Files\Common Files\Sonic
2008-06-05 00:44 . 2008-06-05 09:33 <KANSIO> dr------- C:\WINDOWS\system32\config\systemprofile\Omat tiedostot
2008-06-05 00:44 . 2008-06-05 00:44 <KANSIO> d-------- C:\Program Files\Sonic
2008-06-05 00:44 . 2008-06-05 00:44 <KANSIO> d-------- C:\Program Files\RecordNow!
2008-06-05 00:44 . 2008-06-05 00:44 <KANSIO> d-------- C:\Program Files\Common Files\SureThing Shared
2008-06-05 00:43 . 2004-01-01 11:49 <KANSIO> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-06-05 00:43 . 2008-06-05 09:33 <KANSIO> dr------- C:\Documents and Settings\Default User\Omat tiedostot
2008-06-05 00:43 . 2008-04-14 19:11 354,304 --a------ C:\WINDOWS\system32\winhttp.dll
2008-06-05 00:43 . 2008-04-14 19:11 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-06-05 00:43 . 2008-04-14 19:11 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-06-05 00:43 . 2008-04-14 19:11 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-06-05 00:40 . 2008-06-05 00:40 <KANSIO> d--hs---- C:\Documents and Settings\Omistaja\UserData
2008-06-05 00:37 . 2008-06-05 00:37 <KANSIO> d-------- C:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 08:27 --------- d-----w C:\Program Files\Java
2008-06-04 21:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-04 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,704 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 16:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 16:15 331,264 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 16:11 997,888 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 16:10 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 16:09 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 16:09 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 15:59 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 15:51 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 15:51 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 15:51 68,096 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 15:51 46,720 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 15:51 120,064 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 15:49 2,191,360 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 15:49 2,068,224 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 15:48 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 15:47 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 15:47 154,112 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 15:46 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 15:46 37,120 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 15:46 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 15:46 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 15:45 80,384 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 15:45 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
2008-04-14 15:45 40,704 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 15:45 40,320 ------w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 15:45 2,957,312 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-14 15:44 48,640 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 15:43 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 15:43 52,096 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 15:42 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 15:42 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 15:42 171,520 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-14 15:41 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 15:41 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 15:40 65,536 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 15:40 57,472 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 15:39 51,840 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 15:39 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 15:38 39,808 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 15:38 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 15:37 7,680 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-14 15:37 41,728 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 15:37 41,344 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 15:36 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 15:36 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 15:36 187,904 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-14 06:11 992,256 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 06:11 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys
.

((((((((((((((((((((((((((((( snapshot_2008-06-11_16.32.07,57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-11 13:27:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 14:59:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 14:59:48 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_624.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 02:34 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 16:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 04:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 04:16 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57 81920]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-02-23 22:43 3026944]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 21:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 08:28 36352]

C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 13:19:24 237568]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\svho.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 18:26:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-11 18:27:53
ComboFix-quarantined-files.txt 2008-06-11 15:27:34
ComboFix2.txt 2008-06-11 14:54:59
ComboFix3.txt 2008-06-11 13:32:22
ComboFix4.txt 2008-06-11 13:15:23

Pre-Run: 94,615,404,544 tavua vapaana
Post-Run: 94,599,000,064 tavua vapaana

269 --- E O F --- 2008-06-11 13:26:34

 

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

===========

scannaa hjt:llä merkkaa paina Fix checked

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Windows Controls Center] winudmr.exe

=============

sammuta ja käynnistä

============

Päivitä Malwarebytes' Anti-Malware ja aja sen jälkeen

===========

scannaa uusi combofix loki
scannaa uusi hjt:n loki viimisenä

 

tuota C:\WINDOWS\winudmr.exe ei löydy tuolta kansiosta.

ComboFix 08-06-10.3 - Omistaja 2008-06-11 19:51:18.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.695 [GMT 3:00]
Running from: C:\Documents and Settings\Omistaja\Omat tiedostot\mozilla\ComboFix.exe
Command switches used :: C:\Documents and Settings\Omistaja\Omat tiedostot\CFScript.txt
* Created a new restore point
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-11 to 2008-06-11 )))))))))))))))))
.

2008-06-11 17:34 . 2008-06-11 17:34 2,232 --a------ C:\mzdza.exe
2008-06-11 17:22 . 2008-06-11 17:22 1,908 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-11 17:00 . 2008-06-11 17:00 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\AdobeUM
2008-06-11 16:59 . 2008-06-11 16:59 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-06-11 16:26 . 2008-06-11 16:26 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-11 16:24 . 2008-06-11 16:25 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-11 16:15 . 2008-04-14 18:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 16:12 . 2008-05-08 17:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 16:05 . 2008-06-11 16:06 2,232 --a------ C:\is155815.exe
2008-06-10 18:43 . 2008-06-10 20:20 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2008-06-09 11:45 . 2008-06-09 11:45 29,342 -r-hs---- C:\WINDOWS\winudmr.exe
2008-06-07 13:01 . 2008-06-07 13:01 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-06 15:33 . 2008-06-10 19:19 <KANSIO> d-------- C:\Program Files\Spyware Terminator
2008-06-06 15:33 . 2008-06-06 15:33 <KANSIO> d-------- C:\Program Files\Hattrick Forever
2008-06-06 15:33 . 2008-06-10 18:39 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Spyware Terminator
2008-06-06 15:33 . 2008-06-10 19:19 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-06 15:33 . 2008-06-06 15:33 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-06 15:23 . 2008-06-06 15:23 <KANSIO> d-------- C:\Program Files\mp3DirectCut
2008-06-06 10:49 . 2008-06-06 10:51 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 10:49 . 2008-06-06 10:49 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Malwarebytes
2008-06-06 10:49 . 2008-06-06 10:49 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 10:49 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 10:49 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 10:29 . 2008-06-06 10:49 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-05 20:53 . 2008-06-05 20:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-05 20:53 . 2008-06-05 20:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-05 20:08 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-05 20:08 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-05 13:25 . 2008-06-05 13:25 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-05 13:25 . 2008-06-08 16:47 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Contacts
2008-06-05 12:21 . 2008-06-11 17:18 <KANSIO> d-------- C:\Program Files\RevConnect
2008-06-05 12:06 . 2008-06-05 12:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-05 11:34 . 2008-06-05 11:36 <KANSIO> d-------- C:\Program Files\Winamp
2008-06-05 11:34 . 2008-06-05 11:46 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Winamp
2008-06-05 11:34 . 2007-03-08 02:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-06-05 11:34 . 2007-03-08 02:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-05 11:34 . 2007-03-08 02:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-05 11:33 . 2008-06-05 11:33 <KANSIO> d-------- C:\Program Files\CCleaner
2008-06-05 11:31 . 2008-06-06 15:37 <KANSIO> d-------- C:\Program Files\Webteh
2008-06-05 11:31 . 2008-06-05 11:31 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\BSplayer Pro
2008-06-05 11:31 . 2008-06-06 15:37 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\BSplayer
2008-06-05 11:29 . 2008-06-11 18:32 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\OpenOffice.org2
2008-06-05 11:27 . 2008-06-05 11:27 <KANSIO> d-------- C:\Program Files\OpenOffice.org 2.3
2008-06-05 11:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-05 11:21 . 2008-06-05 13:21 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-05 11:17 . 2008-06-10 18:42 <KANSIO> d-------- C:\Program Files\Windows Live
2008-06-05 11:16 . 2008-06-05 13:20 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-05 10:22 . 2008-06-05 11:16 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2008-06-05 10:22 . 2008-06-05 10:22 <KANSIO> d-------- C:\WINDOWS\system32\fi
2008-06-05 10:22 . 2008-06-05 10:22 <KANSIO> d-------- C:\WINDOWS\l2schemas
2008-06-05 10:09 . 2008-04-14 19:11 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-06-05 09:47 . 2008-06-05 09:47 <KANSIO> d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko
2008-06-05 09:37 . 2004-06-03 05:54 7,406 --a------ C:\WINDOWS\system32\doc.ico
2008-06-05 09:37 . 2008-06-11 18:31 248 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-06-05 09:35 . 2008-06-05 09:36 <KANSIO> d-------- C:\WINDOWS\I386
2008-06-05 09:29 . 2008-06-07 13:01 <KANSIO> dr------- C:\Program Files
2008-06-05 09:29 . 2008-06-05 11:23 <KANSIO> dr------- C:\Documents and Settings\Omistaja\Suosikit
2008-06-05 09:29 . 2008-06-11 19:51 <KANSIO> dr------- C:\Documents and Settings\Omistaja\Omat tiedostot
2008-06-05 09:29 . 2008-06-05 09:33 <KANSIO> dr------- C:\Documents and Settings\Omistaja\Käynnistä-valikko
2008-06-05 09:29 . 2008-06-05 09:33 <KANSIO> dr------- C:\Documents and Settings\Default User\Käynnistä-valikko
2008-06-05 09:29 . 2008-06-05 00:46 <KANSIO> dr------- C:\Documents and Settings\All Users\Tiedostot
2008-06-05 09:29 . 2008-06-05 10:23 <KANSIO> dr------- C:\Documents and Settings\All Users\Käynnistä-valikko
2008-06-05 09:28 . 2008-06-11 16:26 <KANSIO> dr-hsc--- C:\WINDOWS\system32\dllcache
2008-06-05 09:28 . 2008-06-05 09:33 <KANSIO> dr------- C:\WINDOWS\system32\config\systemprofile\Käynnistä-valikko
2008-06-05 09:23 . 2008-06-05 09:23 <KANSIO> d-------- C:\WINDOWS\provisioning
2008-06-05 09:23 . 2008-06-05 10:22 <KANSIO> d-------- C:\WINDOWS\peernet
2008-06-05 09:22 . 2008-06-05 09:22 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
2008-06-05 09:17 . 2008-06-05 10:15 <KANSIO> d-------- C:\WINDOWS\EHome
2008-06-05 08:30 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-06-05 08:30 . 2008-04-14 09:12 11,264 --------- C:\WINDOWS\system32\spnpinst.exe
2008-06-05 08:30 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-06-05 08:30 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-06-05 08:07 . 2008-04-14 19:11 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-05 07:47 . 2008-04-14 19:11 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-06-05 00:52 . 2008-06-05 00:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-05 00:48 . 2008-06-05 00:48 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Sonic
2008-06-05 00:47 . 2008-06-05 00:47 3,514 -rahs---- C:\WINDOWS\system32\drivers\HP_PJ411AA-ABX a609.fi_YC_Pavi_QCZB429_E43FIheBLF2_4_IKelut_SASUSTek Computer INC._V2.02_B3.09_T040709_WXH1_L40B_M1024_J120_7AMD_8Athlon XP 3000+_92,16_111063044_N11063065_P_Z11C1048C_K_A11063059_U11063038_G10DE0322.MRK
2008-06-05 00:46 . 2004-01-01 11:49 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-06-05 00:46 . 2004-01-01 09:06 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-06-05 00:46 . 2004-01-01 12:30 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-06-05 00:46 . 2004-01-01 11:43 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intervideo
2008-06-05 00:45 . 2008-06-05 00:45 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Sonic
2008-06-05 00:45 . 2008-06-05 00:45 <KANSIO> d-------- C:\Program Files\Common Files\Sonic
2008-06-05 00:44 . 2008-06-05 09:33 <KANSIO> dr------- C:\WINDOWS\system32\config\systemprofile\Omat tiedostot
2008-06-05 00:44 . 2008-06-05 00:44 <KANSIO> d-------- C:\Program Files\Sonic
2008-06-05 00:44 . 2008-06-05 00:44 <KANSIO> d-------- C:\Program Files\RecordNow!
2008-06-05 00:44 . 2008-06-05 00:44 <KANSIO> d-------- C:\Program Files\Common Files\SureThing Shared
2008-06-05 00:43 . 2004-01-01 11:49 <KANSIO> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-06-05 00:43 . 2008-06-05 09:33 <KANSIO> dr------- C:\Documents and Settings\Default User\Omat tiedostot
2008-06-05 00:43 . 2008-04-14 19:11 354,304 --a------ C:\WINDOWS\system32\winhttp.dll
2008-06-05 00:43 . 2008-04-14 19:11 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-06-05 00:43 . 2008-04-14 19:11 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-06-05 00:43 . 2008-04-14 19:11 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-06-05 00:40 . 2008-06-05 00:40 <KANSIO> d--hs---- C:\Documents and Settings\Omistaja\UserData
2008-06-05 00:37 . 2008-06-05 00:37 <KANSIO> d-------- C:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 08:27 --------- d-----w C:\Program Files\Java
2008-06-04 21:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-04 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,704 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 16:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 16:15 331,264 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 16:11 997,888 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 16:10 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 16:09 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 16:09 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 15:59 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 15:51 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 15:51 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 15:51 68,096 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 15:51 46,720 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 15:51 120,064 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 15:49 2,191,360 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 15:49 2,068,224 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 15:48 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 15:47 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 15:47 154,112 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 15:46 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 15:46 37,120 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 15:46 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 15:46 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 15:45 80,384 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 15:45 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
2008-04-14 15:45 40,704 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 15:45 40,320 ------w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 15:45 2,957,312 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-14 15:44 48,640 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 15:43 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 15:43 52,096 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 15:42 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 15:42 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 15:42 171,520 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-14 15:41 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 15:41 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 15:40 65,536 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 15:40 57,472 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 15:39 51,840 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 15:39 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 15:38 39,808 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 15:38 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 15:37 7,680 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-14 15:37 41,728 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 15:37 41,344 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 15:36 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 15:36 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 15:36 187,904 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-14 06:11 992,256 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 06:11 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys
.

((((((((((((((((((((((((((((( snapshot_2008-06-11_16.32.07,57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-11 13:27:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 15:31:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 15:31:58 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_610.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 02:34 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 16:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 04:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 04:16 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57 81920]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-02-23 22:43 3026944]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 21:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 08:28 36352]

C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 13:19:24 237568]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\svho.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 19:52:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-11 19:54:03
ComboFix-quarantined-files.txt 2008-06-11 16:53:39
ComboFix2.txt 2008-06-11 15:27:55
ComboFix3.txt 2008-06-11 14:54:59
ComboFix4.txt 2008-06-11 13:32:22
ComboFix5.txt 2008-06-11 13:15:23

Pre-Run: 94,598,193,152 tavua vapaana
Post-Run: 94,581,972,992 tavua vapaana

269 --- E O F --- 2008-06-11 13:26:34

 

mites tämän hommn oikeen teet mikä tuossa alla on.

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.


=============

ei pidäkkään löytyä

 

aluks kopioin qoobox nimisen kansion sinne ja sitten kopioin nuo kuvakkeet sinne. vai miten se pitää tehä?

 

tämä alla oleva tyhjään muistioon

File::
C:\mzdza.exe
C:\is155815.exe

tallennat sen nimellä CFScript.txt työpöydälle
missä toi punanen pallo valkosella x:llä varustettuna möllöttää

sitten raahaat sen CFScript.txt tiedoston siihen punasen pallukan päälle jossa se valkoinen x on ja pudotat sen sinne

juri miten tuo kuva osoittaa

Sitten annat sen ohjelman toimia ja sen jälkeen sammutat ja käynnistät.

 

ComboFix 08-06-10.3 - Omistaja 2008-06-11 20:54:26.6 - NTFSx86
Running from: C:\Documents and Settings\Omistaja\Omat tiedostot\mozilla\ComboFix.exe
Command switches used :: C:\Documents and Settings\Omistaja\Omat tiedostot\CFScript.txt
* Created a new restore point

FILE ::
C:\is155815.exe
C:\mzdza.exe
C:\WINDOWS\winudmr.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\is155815.exe
C:\mzdza.exe
C:\WINDOWS\winudmr.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-11 to 2008-06-11 )))))))))))))))))
.

2008-06-11 17:22 . 2008-06-11 17:22 1,908 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-11 17:00 . 2008-06-11 17:00 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\AdobeUM
2008-06-11 16:59 . 2008-06-11 16:59 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-06-11 16:26 . 2008-06-11 16:26 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-11 16:24 . 2008-06-11 16:25 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-11 16:15 . 2008-04-14 18:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 16:12 . 2008-05-08 17:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 18:43 . 2008-06-10 20:20 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2008-06-07 13:01 . 2008-06-07 13:01 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-06 15:33 . 2008-06-10 19:19 <KANSIO> d-------- C:\Program Files\Spyware Terminator
2008-06-06 15:33 . 2008-06-06 15:33 <KANSIO> d-------- C:\Program Files\Hattrick Forever
2008-06-06 15:33 . 2008-06-10 18:39 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Spyware Terminator
2008-06-06 15:33 . 2008-06-10 19:19 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-06 15:33 . 2008-06-06 15:33 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-06 15:23 . 2008-06-06 15:23 <KANSIO> d-------- C:\Program Files\mp3DirectCut
2008-06-06 10:49 . 2008-06-11 20:02 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 10:49 . 2008-06-06 10:49 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Malwarebytes
2008-06-06 10:49 . 2008-06-06 10:49 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 10:49 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 10:49 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 10:29 . 2008-06-06 10:49 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-05 20:53 . 2008-06-05 20:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-05 20:53 . 2008-06-05 20:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-05 20:08 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-05 20:08 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-05 13:25 . 2008-06-05 13:25 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-05 13:25 . 2008-06-08 16:47 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Contacts
2008-06-05 12:21 . 2008-06-11 17:18 <KANSIO> d-------- C:\Program Files\RevConnect
2008-06-05 12:06 . 2008-06-05 12:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-05 11:34 . 2008-06-05 11:36 <KANSIO> d-------- C:\Program Files\Winamp
2008-06-05 11:34 . 2008-06-05 11:46 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Winamp
2008-06-05 11:34 . 2007-03-08 02:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-06-05 11:34 . 2007-03-08 02:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-05 11:34 . 2007-03-08 02:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-05 11:33 . 2008-06-05 11:33 <KANSIO> d-------- C:\Program Files\CCleaner
2008-06-05 11:31 . 2008-06-06 15:37 <KANSIO> d-------- C:\Program Files\Webteh
2008-06-05 11:31 . 2008-06-05 11:31 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\BSplayer Pro
2008-06-05 11:31 . 2008-06-06 15:37 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\BSplayer
2008-06-05 11:29 . 2008-06-11 20:00 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\OpenOffice.org2
2008-06-05 11:27 . 2008-06-05 11:27 <KANSIO> d-------- C:\Program Files\OpenOffice.org 2.3
2008-06-05 11:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-05 11:21 . 2008-06-05 13:21 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-05 11:17 . 2008-06-10 18:42 <KANSIO> d-------- C:\Program Files\Windows Live
2008-06-05 11:16 . 2008-06-05 13:20 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-05 10:22 . 2008-06-05 11:16 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2008-06-05 10:22 . 2008-06-05 10:22 <KANSIO> d-------- C:\WINDOWS\system32\fi
2008-06-05 10:22 . 2008-06-05 10:22 <KANSIO> d-------- C:\WINDOWS\l2schemas
2008-06-05 10:09 . 2008-04-14 19:11 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-06-05 09:47 . 2008-06-05 09:47 <KANSIO> d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko
2008-06-05 09:37 . 2004-06-03 05:54 7,406 --a------ C:\WINDOWS\system32\doc.ico
2008-06-05 09:37 . 2008-06-11 20:00 248 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-06-05 09:35 . 2008-06-05 09:36 <KANSIO> d-------- C:\WINDOWS\I386
2008-06-05 09:29 . 2008-06-07 13:01 <KANSIO> dr------- C:\Program Files
2008-06-05 09:29 . 2008-06-05 11:23 <KANSIO> dr------- C:\Documents and Settings\Omistaja\Suosikit
2008-06-05 09:29 . 2008-06-11 20:54 <KANSIO> dr------- C:\Documents and Settings\Omistaja\Omat tiedostot
2008-06-05 09:29 . 2008-06-05 09:33 <KANSIO> dr------- C:\Documents and Settings\Omistaja\Käynnistä-valikko
2008-06-05 09:29 . 2008-06-05 09:33 <KANSIO> dr------- C:\Documents and Settings\Default User\Käynnistä-valikko
2008-06-05 09:29 . 2008-06-05 00:46 <KANSIO> dr------- C:\Documents and Settings\All Users\Tiedostot
2008-06-05 09:29 . 2008-06-05 10:23 <KANSIO> dr------- C:\Documents and Settings\All Users\Käynnistä-valikko
2008-06-05 09:28 . 2008-06-11 16:26 <KANSIO> dr-hsc--- C:\WINDOWS\system32\dllcache
2008-06-05 09:28 . 2008-06-05 09:33 <KANSIO> dr------- C:\WINDOWS\system32\config\systemprofile\Käynnistä-valikko
2008-06-05 09:23 . 2008-06-05 09:23 <KANSIO> d-------- C:\WINDOWS\provisioning
2008-06-05 09:23 . 2008-06-05 10:22 <KANSIO> d-------- C:\WINDOWS\peernet
2008-06-05 09:22 . 2008-06-05 09:22 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
2008-06-05 09:17 . 2008-06-05 10:15 <KANSIO> d-------- C:\WINDOWS\EHome
2008-06-05 08:30 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-06-05 08:30 . 2008-04-14 09:12 11,264 --------- C:\WINDOWS\system32\spnpinst.exe
2008-06-05 08:30 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-06-05 08:30 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-06-05 08:07 . 2008-04-14 19:11 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-05 07:47 . 2008-04-14 19:11 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-06-05 00:52 . 2008-06-05 00:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-05 00:48 . 2008-06-05 00:48 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Sonic
2008-06-05 00:47 . 2008-06-05 00:47 3,514 -rahs---- C:\WINDOWS\system32\drivers\HP_PJ411AA-ABX a609.fi_YC_Pavi_QCZB429_E43FIheBLF2_4_IKelut_SASUSTek Computer INC._V2.02_B3.09_T040709_WXH1_L40B_M1024_J120_7AMD_8Athlon XP 3000+_92,16_111063044_N11063065_P_Z11C1048C_K_A11063059_U11063038_G10DE0322.MRK
2008-06-05 00:46 . 2004-01-01 11:49 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-06-05 00:46 . 2004-01-01 09:06 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-06-05 00:46 . 2004-01-01 12:30 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-06-05 00:46 . 2004-01-01 11:43 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intervideo
2008-06-05 00:45 . 2008-06-05 00:45 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Sonic
2008-06-05 00:45 . 2008-06-05 00:45 <KANSIO> d-------- C:\Program Files\Common Files\Sonic
2008-06-05 00:44 . 2008-06-05 09:33 <KANSIO> dr------- C:\WINDOWS\system32\config\systemprofile\Omat tiedostot
2008-06-05 00:44 . 2008-06-05 00:44 <KANSIO> d-------- C:\Program Files\Sonic
2008-06-05 00:44 . 2008-06-05 00:44 <KANSIO> d-------- C:\Program Files\RecordNow!
2008-06-05 00:44 . 2008-06-05 00:44 <KANSIO> d-------- C:\Program Files\Common Files\SureThing Shared
2008-06-05 00:43 . 2004-01-01 11:49 <KANSIO> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-06-05 00:43 . 2008-06-05 09:33 <KANSIO> dr------- C:\Documents and Settings\Default User\Omat tiedostot
2008-06-05 00:43 . 2008-04-14 19:11 354,304 --a------ C:\WINDOWS\system32\winhttp.dll
2008-06-05 00:43 . 2008-04-14 19:11 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-06-05 00:43 . 2008-04-14 19:11 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-06-05 00:43 . 2008-04-14 19:11 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-06-05 00:40 . 2008-06-05 00:40 <KANSIO> d--hs---- C:\Documents and Settings\Omistaja\UserData
2008-06-05 00:37 . 2008-06-05 00:37 <KANSIO> d-------- C:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 08:27 --------- d-----w C:\Program Files\Java
2008-06-04 21:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-04 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,704 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 16:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 16:15 331,264 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 16:11 997,888 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 16:10 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 16:09 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 16:09 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 15:59 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 15:51 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 15:51 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 15:51 68,096 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 15:51 46,720 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 15:51 120,064 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 15:49 2,191,360 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 15:49 2,068,224 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 15:48 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 15:47 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 15:47 154,112 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 15:46 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 15:46 37,120 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 15:46 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 15:46 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 15:45 80,384 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 15:45 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
2008-04-14 15:45 40,704 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 15:45 40,320 ------w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 15:45 2,957,312 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-14 15:44 48,640 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 15:43 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 15:43 52,096 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 15:42 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 15:42 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 15:42 171,520 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-14 15:41 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 15:41 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 15:40 65,536 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 15:40 57,472 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 15:39 51,840 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 15:39 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 15:38 39,808 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 15:38 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 15:37 7,680 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-14 15:37 41,728 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 15:37 41,344 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 15:36 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 15:36 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 15:36 187,904 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-14 06:11 992,256 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 06:11 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys
.

((((((((((((((((((((((((((((( snapshot_2008-06-11_16.32.07,57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-11 13:27:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 17:00:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 17:00:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5f0.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 02:34 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 16:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 04:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 04:16 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57 81920]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-02-23 22:43 3026944]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 08:28 36352]

C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 13:19:24 237568]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\svho.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 20:56:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-11 20:57:26
ComboFix-quarantined-files.txt 2008-06-11 17:57:08
ComboFix2.txt 2008-06-11 16:54:03
ComboFix3.txt 2008-06-11 15:27:55
ComboFix4.txt 2008-06-11 14:54:59
ComboFix5.txt 2008-06-11 13:32:22

Pre-Run: 94,569,193,472 tavua vapaana
Post-Run: 94,556,413,952 tavua vapaana

274 --- E O F --- 2008-06-11 13:26:34

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02:35, on 11.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q304&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212615650081
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1212654995156
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6431 bytes

 

nyt aja tuo Malwarebytes' Anti-Malware