Kone tod.hidas (Svthost jumittaa,suoritinkäyttö 100%)

Kone todella hidas, tehtäväpaneelissa kokoajan 99-100% suoritinkäyttö ja tuo svchost ilmeisesti aiheuttaa..
OS on Win Xp prosessional
Viitsikö joku tsekata lokin??! Kokeiltu puhdistaa kone CCleanerilla ja Malmwarella, mutta tuloksetta...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:01:08, on 19.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 208.62.125.146:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: siszyd32.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.thepiratebay.org
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {3B1E1AB9-98C2-4B7E-AE01-59C84302BBDB} - http://update.rayv.com/viewer/webinstall/ActiveXInstall1.0/rayvactivex.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6134 bytes

 

Missä sinun virustorjunnat on ????

Laita varmuudeksi Windowsin palomuuri päälle Ohjauspanelin => tietoturvakeskuksesta.

****************************************

Ole hyvä ja lataa Combofix yhdestä alla olevista linkeistä:

Linkki 1
Linkki 2
Linkki 3

* TÄRKEÄÄ !!! Tallenna ComboFix.exe työpöydällesi

* Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa.

* Tuplaklikkaa Combofix.exe ja noudata ohjeita.

* Osana skannausta Combofix tarkistaa onko palautuskonsoli asennettuna. Nykypäivän haittaohjelmien takia on erittäin suositeltua olla asennettuna palautuskonsoli ennen haittaohjelmien poistoa. Windowsin palautuskonsoli mahdollistaa käynnistyksen erityiseen palautustilaan. Palautuskonsolin kautta voimme auttaa sinua helpommin mikäli haittaohjelmien poiston yhteydessä ilmenee ongelmia.

* Seuraa ohjeita ja salli Combofixin ladata ja asentaa Microsoftin palautuskonsoli, ja kun pyydetään, hyväksy ohjelman takuuehdot asentaaksesi palautuskonsolin.

**Huomaa: Jos palautuskonsoli on jo asennettuna, Combofix jatkaa eteenpäin.



Kun Microsoftin palautuskonsoli on asennettu, sinun pitäisi nähdä seuraava viesti:



Klikkaa Kyllä jatkaaksesi skannausta.

Kun ComboFix on valmis, se luo raportin. Ole hyvä ja kopioi/liitä seuraavat raportit vastaukseesi:
C:\ComboFix.txt
Uusi HijackThis-loki


Varoitus: ÄLÄ aja ComboFixia ilman valvontaa. Se ei ole lelu ja sitä ei tule käyttää rutiininomaisesti päivittäin.

Jos tarvitset apua, katso yksityiskohtaisempi ohje:
http://www.bleepingcomputer.com/combofix/fi/combofixin-kayttoohje

 

Ajoin Combofixin läpi, sen jälkeen heti prossun suoritinkäyttö putosi alas...Mutta kone sammui yhtäkkiä ja ongelma edelleen sama!

Tossa lokit:

ComboFix 09-09-25.01 - JaBe 19.12.2009 19:52.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.358.1035.18.1535.1042 [GMT 2:00]
Sijainti: c:\documents and settings\JaBe\Työpöytä\ComboFix.exe
.
- VÄHENNETYN TOIMINNALLISUUDEN TILA -
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\setup.ini

c:\windows\system32\proquota.exe puuttui
Puhdas kopio palautettiin paikasta - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-11-19 to 2009-12-19 )))))))))))))))))
.

2009-12-19 17:53 . 2008-04-14 16:12 50688 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-12-19 17:53 . 2008-04-14 16:12 50688 ----a-w- c:\windows\system32\proquota.exe
2009-12-19 17:51 . 2009-12-19 17:53 0 ----a-w- c:\windows\system32\drivers\szeio.sys
2009-12-19 17:51 . 2009-12-19 17:51 34816 ---ha-w- c:\windows\system32\cscrator.dll
2009-12-19 17:51 . 2009-12-19 17:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-19 12:37 . 2009-12-19 12:37 -------- d-----w- c:\program files\STOPzilla!
2009-12-19 12:37 . 2009-12-19 12:37 -------- d-----w- c:\program files\Common Files\iS3
2009-12-19 12:36 . 2009-12-19 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-12-19 11:50 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-19 00:14 . 2009-12-19 00:14 -------- d-----w- C:\_OTM
2009-12-18 22:59 . 2008-11-06 00:03 -------- d-----w- C:\SDFix
2009-12-18 22:50 . 2009-12-18 22:50 17792 ----a-w- C:\00006B18.sys
2009-12-16 14:35 . 2009-12-16 14:35 -------- d-----w- c:\program files\Sun
2009-12-15 16:18 . 2009-12-15 16:18 545424 ----a-r- c:\windows\system32\SZComp5.dll
2009-12-15 16:18 . 2009-12-15 16:18 438928 ----a-r- c:\windows\system32\SZBase5.dll
2009-12-15 16:09 . 2009-12-15 16:09 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-12-14 08:24 . 2009-12-14 08:24 163600 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2009-12-10 14:11 . 2009-12-10 14:11 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-12-10 14:11 . 2009-12-10 14:11 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-12-10 14:09 . 2009-12-10 14:09 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-12-10 14:09 . 2009-12-10 14:09 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-12-10 14:08 . 2009-12-10 14:08 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-12-10 14:06 . 2009-12-10 14:06 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-12-10 14:06 . 2009-12-10 14:06 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-12-10 14:05 . 2009-12-10 14:05 94208 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-12-10 14:02 . 2009-12-10 14:02 729088 ----a-r- c:\windows\system32\IS3Base5.dll
2009-12-07 14:59 . 2009-12-07 14:59 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2009-12-07 14:59 . 2009-12-07 14:59 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys
2009-11-28 23:28 . 2009-11-28 23:28 -------- d-----w- c:\documents and settings\JaBe\Application Data\Agency9
2009-11-26 12:25 . 2009-11-26 12:25 -------- d-----w- c:\program files\KONAMI
2009-11-20 15:08 . 2009-11-20 15:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 17:51 . 2009-12-19 17:51 20 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat
2009-12-19 11:53 . 2007-11-26 20:53 19856 ----a-w- c:\documents and settings\JaBe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-18 23:44 . 2009-04-21 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-12-18 21:22 . 2007-11-26 17:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-18 21:15 . 2007-12-11 16:07 -------- d-----w- c:\program files\MSN Messenger
2009-12-18 20:30 . 2007-11-28 19:01 -------- d-----w- c:\program files\Euroword2004
2009-12-16 14:39 . 2008-01-20 15:59 -------- d-----w- c:\program files\CCleaner
2009-12-16 14:29 . 2009-10-03 10:28 -------- d-----w- c:\program files\Java
2009-12-16 00:22 . 2008-02-21 22:27 10534 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-15 01:03 . 2009-12-15 01:03 4 ----a-w- c:\documents and settings\JaBe\Application Data\avdrn.dat
2009-11-26 12:25 . 2008-12-01 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2009-11-08 21:11 . 2009-11-08 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-11-08 21:09 . 2007-12-09 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-11-08 21:09 . 2007-12-09 12:37 -------- d-----w- c:\program files\Nokia
2009-10-29 07:43 . 2001-10-09 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-25 21:07 . 2001-10-09 12:00 80308 ----a-w- c:\windows\system32\perfc00B.dat
2009-10-25 21:07 . 2001-10-09 12:00 406560 ----a-w- c:\windows\system32\perfh00B.dat
2009-10-13 10:34 . 2001-10-09 12:00 270848 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2001-10-09 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2001-10-09 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 02:17 . 2009-01-15 13:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-03 10:32 . 2009-10-03 10:32 0 ----a-w- c:\windows\nsreg.dat
2009-10-02 10:32 . 2009-10-02 10:32 13113 ----a-w- c:\windows\vedosutego.vbs
2009-10-01 12:43 . 2009-10-01 12:43 19472 ----a-w- c:\windows\tegyja.scr
2009-10-01 12:43 . 2009-10-01 12:43 18655 ----a-w- c:\windows\edazujom.com
2009-10-01 12:43 . 2009-10-01 12:43 14730 ----a-w- c:\windows\system32\dituwuni.vbs
2009-10-01 12:43 . 2009-10-01 12:43 12650 ----a-w- c:\documents and settings\JaBe\Local Settings\Application Data\ajyko.bat
2009-10-01 12:43 . 2009-10-01 12:43 12172 ----a-w- c:\documents and settings\JaBe\Application Data\kaxoqif.exe
2009-10-01 12:43 . 2009-10-01 12:43 10793 ----a-w- c:\windows\system32\myhowicum.bat
2009-10-01 12:43 . 2009-10-01 12:43 10442 ----a-w- c:\program files\Common Files\newepola.vbs
2009-10-01 12:43 . 2009-10-01 12:43 19037 ----a-w- c:\program files\Common Files\nadanuc.ban
2009-10-01 12:43 . 2009-10-01 12:43 16272 ----a-w- c:\program files\Common Files\jisukexix.db
2009-10-01 12:43 . 2009-10-01 12:43 13025 ----a-w- c:\windows\system32\quso.com
2009-09-30 23:19 . 2009-09-30 23:19 17232 ----a-w- c:\windows\ipumufola.pif
2009-09-30 23:19 . 2009-09-30 23:19 16486 ----a-w- c:\program files\Common Files\ytol.dat
2009-09-30 23:19 . 2009-09-30 23:19 15238 ----a-w- c:\windows\urah.dll
2009-09-30 23:19 . 2009-09-30 23:19 15030 ----a-w- c:\windows\system32\gedihamub.pif
2009-09-30 23:19 . 2009-09-30 23:19 14504 ----a-w- c:\windows\liqo.dat
2009-09-30 23:19 . 2009-09-30 23:19 13960 ----a-w- c:\documents and settings\JaBe\Application Data\wycywil.vbs
2009-09-30 23:19 . 2009-09-30 23:19 13630 ----a-w- c:\program files\Common Files\solefy.exe
2009-09-30 23:19 . 2009-09-30 23:19 13307 ----a-w- c:\documents and settings\JaBe\Application Data\anamabaju.exe
2009-09-30 23:19 . 2009-09-30 23:19 11453 ----a-w- c:\documents and settings\JaBe\Application Data\obyjamu.pif
2009-09-30 23:19 . 2009-09-30 23:19 10717 ----a-w- c:\windows\zawadyg.sys
2009-09-30 23:17 . 2009-09-30 23:17 19652 ----a-w- c:\windows\oqipykez.dat
2009-09-30 23:17 . 2009-09-30 23:17 19213 ----a-w- c:\documents and settings\All Users\Application Data\cazuqyc.scr
2009-09-30 23:17 . 2009-09-30 23:17 19206 ----a-w- c:\windows\system32\jisaxog.scr
2009-09-30 23:17 . 2009-09-30 23:17 17548 ----a-w- c:\documents and settings\JaBe\Application Data\elejaxut.bat
2009-09-30 23:17 . 2009-09-30 23:17 16617 ----a-w- c:\documents and settings\All Users\Application Data\ipojyxusi.dat
2009-09-30 23:17 . 2009-09-30 23:17 16368 ----a-w- c:\documents and settings\JaBe\Local Settings\Application Data\amypyvyhi.dat
2009-09-30 23:17 . 2009-09-30 23:17 15106 ----a-w- c:\documents and settings\All Users\Application Data\wedy.dat
2009-09-30 23:17 . 2009-09-30 23:17 14883 ----a-w- c:\documents and settings\All Users\Application Data\hasunazak.scr
2009-09-30 23:17 . 2009-09-30 23:17 12994 ----a-w- c:\windows\system32\sozypi.com
2009-09-30 23:17 . 2009-09-30 23:17 12380 ----a-w- c:\documents and settings\JaBe\Application Data\nugajoquj.bat
2009-09-30 23:13 . 2009-09-30 23:13 19511 ----a-w- c:\program files\Common Files\vapudele.dat
2009-09-30 23:13 . 2009-09-30 23:13 18426 ----a-w- c:\windows\helupew.scr
2009-09-30 23:13 . 2009-09-30 23:13 16997 ----a-w- c:\program files\Common Files\jamoqimol.exe
2009-09-30 23:13 . 2009-09-30 23:13 15482 ----a-w- c:\documents and settings\JaBe\Local Settings\Application Data\vubu.reg
2009-09-30 23:13 . 2009-09-30 23:13 14895 ----a-w- c:\documents and settings\All Users\Application Data\zimikakeqy.sys
2009-09-30 23:13 . 2009-09-30 23:13 14741 ----a-w- c:\windows\kekibevyz.dll
2009-09-30 23:13 . 2009-09-30 23:13 14481 ----a-w- c:\documents and settings\All Users\Application Data\wokevewoci.reg
2009-09-30 23:13 . 2009-09-30 23:13 14156 ----a-w- c:\documents and settings\JaBe\Application Data\nezy.scr
2009-09-30 23:13 . 2009-09-30 23:13 11780 ----a-w- c:\windows\azycok.dll
2009-09-30 23:13 . 2009-09-30 23:13 11060 ----a-w- c:\windows\system32\lubiqizuxi.vbs
2009-09-30 21:28 . 2009-09-30 21:28 21376 ----a-w- c:\windows\system32\drivers\dup.sys
2008-02-21 22:29 . 2008-02-21 22:29 8 --sh--r- c:\windows\system32\9627E54FC2.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\System32\nvraidservice.exe" [2004-06-11 83968]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]

c:\documents and settings\JaBe\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
siszyd32.exe [2008-4-14 32256]

c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-12-12 118784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\PESSI\\pes2009.exe"=
"f:\\PESSI\\GCP2009.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [7.12.2009 16:59 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [14.12.2009 10:24 163600]
R1 AMTBDA_P861F;anysee Capture Service;c:\windows\system32\drivers\anyseeTU.SYS [26.2.2007 11:56 311680]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [20.1.2008 19:08 45440]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [20.1.2008 19:08 56960]
S1 Dup;Dup;c:\windows\system32\drivers\dup.sys [30.9.2009 23:28 21376]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8.11.2009 23:09 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [8.11.2009 23:09 8320]

--- Muut muistissa olevat ajurit/palvelut ---

*NewlyCreated* - 00000BFE
*NewlyCreated* - SZEIO
*Deregistered* - 00000BFE
*Deregistered* - szeio

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c76cfaa-8f61-11de-8448-8bf5e02428ee}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c76cfab-8f61-11de-8448-8bf5e02428ee}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c76cfac-8f61-11de-8448-8bf5e02428ee}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c76cfad-8f61-11de-8448-8bf5e02428ee}]
\Shell\AutoRun\command - J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c76cfae-8f61-11de-8448-8bf5e02428ee}]
\Shell\AutoRun\command - J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57ff71f0-8f5e-11de-8447-e3838f893058}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57ff71f2-8f5e-11de-8447-e3838f893058}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f37147fa-8fd9-11de-8449-bee63daf53ee}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/
uInternet Settings,ProxyServer = 208.62.125.146:80
uInternet Settings,ProxyOverride = *.local
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: thepiratebay.org
Trusted Zone: tokem.fi\opaali
DPF: {3B1E1AB9-98C2-4B7E-AE01-59C84302BBDB} - hxxp://update.rayv.com/viewer/webinstall/ActiveXInstall1.0/rayvactivex.cab
FF - ProfilePath - c:\documents and settings\JaBe\Application Data\Mozilla\Firefox\Profiles\bowaxjnb.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOXIN KÄYTÄNNÖT ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - POISTETUT JÄMÄRIVIT - - - -

HKLM-Run-sysgif32 - c:\windows\TEMP\~TM17.tmp
HKLM-Run-anysee_TR - (no file)
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
HKU-Default-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
Notify-AtiExtEvent - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-19 19:53
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\szeio]

.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¹mÓw*]
"AB79C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
Valmistumisajankohta: 2009-12-19 19:56
ComboFix-quarantined-files.txt 2009-12-19 17:55

Ennen ajoa: 8 144 687 104 tavua vapaana
Ajon jälkeen: 8 150 335 488 tavua vapaana

WindowsXP-KB310994-SP2-Pro-BootDisk-FIN.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
228 --- E O F --- 2009-12-09 23:03

Tässä HJT-loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:12, on 19.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Documents and Settings\JaBe\Käynnistä-valikko\Ohjelmat\Käynnistys\siszyd32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 208.62.125.146:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - Startup: siszyd32.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.thepiratebay.org
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {3B1E1AB9-98C2-4B7E-AE01-59C84302BBDB} - http://update.rayv.com/viewer/webinstall/ActiveXInstall1.0/rayvactivex.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6676 bytes

Ajoin Combofixin läpi, sen jälkeen heti prossun suoritinkäyttö putosi alas...Mutta kone sammui yhtäkkiä ja ongelma edelleen sama!

Tossa lokit:

ComboFix 09-09-25.01 - JaBe 19.12.2009 19:52.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.358.1035.18.1535.1042 [GMT 2:00]
Sijainti: c:\documents and settings\JaBe\Työpöytä\ComboFix.exe
.
- VÄHENNETYN TOIMINNALLISUUDEN TILA -
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\setup.ini

c:\windows\system32\proquota.exe puuttui
Puhdas kopio palautettiin paikasta - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-11-19 to 2009-12-19 )))))))))))))))))
.

2009-12-19 17:53 . 2008-04-14 16:12 50688 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-12-19 17:53 . 2008-04-14 16:12 50688 ----a-w- c:\windows\system32\proquota.exe
2009-12-19 17:51 . 2009-12-19 17:53 0 ----a-w- c:\windows\system32\drivers\szeio.sys
2009-12-19 17:51 . 2009-12-19 17:51 34816 ---ha-w- c:\windows\system32\cscrator.dll
2009-12-19 17:51 . 2009-12-19 17:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-19 12:37 . 2009-12-19 12:37 -------- d-----w- c:\program files\STOPzilla!
2009-12-19 12:37 . 2009-12-19 12:37 -------- d-----w- c:\program files\Common Files\iS3
2009-12-19 12:36 . 2009-12-19 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-12-19 11:50 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-19 00:14 . 2009-12-19 00:14 -------- d-----w- C:\_OTM
2009-12-18 22:59 . 2008-11-06 00:03 -------- d-----w- C:\SDFix
2009-12-18 22:50 . 2009-12-18 22:50 17792 ----a-w- C:\00006B18.sys
2009-12-16 14:35 . 2009-12-16 14:35 -------- d-----w- c:\program files\Sun
2009-12-15 16:18 . 2009-12-15 16:18 545424 ----a-r- c:\windows\system32\SZComp5.dll
2009-12-15 16:18 . 2009-12-15 16:18 438928 ----a-r- c:\windows\system32\SZBase5.dll
2009-12-15 16:09 . 2009-12-15 16:09 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-12-14 08:24 . 2009-12-14 08:24 163600 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2009-12-10 14:11 . 2009-12-10 14:11 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-12-10 14:11 . 2009-12-10 14:11 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-12-10 14:09 . 2009-12-10 14:09 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-12-10 14:09 . 2009-12-10 14:09 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-12-10 14:08 . 2009-12-10 14:08 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-12-10 14:06 . 2009-12-10 14:06 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-12-10 14:06 . 2009-12-10 14:06 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-12-10 14:05 . 2009-12-10 14:05 94208 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-12-10 14:02 . 2009-12-10 14:02 729088 ----a-r- c:\windows\system32\IS3Base5.dll
2009-12-07 14:59 . 2009-12-07 14:59 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2009-12-07 14:59 . 2009-12-07 14:59 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys
2009-11-28 23:28 . 2009-11-28 23:28 -------- d-----w- c:\documents and settings\JaBe\Application Data\Agency9
2009-11-26 12:25 . 2009-11-26 12:25 -------- d-----w- c:\program files\KONAMI
2009-11-20 15:08 . 2009-11-20 15:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 17:51 . 2009-12-19 17:51 20 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat
2009-12-19 11:53 . 2007-11-26 20:53 19856 ----a-w- c:\documents and settings\JaBe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-18 23:44 . 2009-04-21 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-12-18 21:22 . 2007-11-26 17:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-18 21:15 . 2007-12-11 16:07 -------- d-----w- c:\program files\MSN Messenger
2009-12-18 20:30 . 2007-11-28 19:01 -------- d-----w- c:\program files\Euroword2004
2009-12-16 14:39 . 2008-01-20 15:59 -------- d-----w- c:\program files\CCleaner
2009-12-16 14:29 . 2009-10-03 10:28 -------- d-----w- c:\program files\Java
2009-12-16 00:22 . 2008-02-21 22:27 10534 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-15 01:03 . 2009-12-15 01:03 4 ----a-w- c:\documents and settings\JaBe\Application Data\avdrn.dat
2009-11-26 12:25 . 2008-12-01 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2009-11-08 21:11 . 2009-11-08 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-11-08 21:09 . 2007-12-09 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-11-08 21:09 . 2007-12-09 12:37 -------- d-----w- c:\program files\Nokia
2009-10-29 07:43 . 2001-10-09 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-25 21:07 . 2001-10-09 12:00 80308 ----a-w- c:\windows\system32\perfc00B.dat
2009-10-25 21:07 . 2001-10-09 12:00 406560 ----a-w- c:\windows\system32\perfh00B.dat
2009-10-13 10:34 . 2001-10-09 12:00 270848 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2001-10-09 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2001-10-09 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 02:17 . 2009-01-15 13:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-03 10:32 . 2009-10-03 10:32 0 ----a-w- c:\windows\nsreg.dat
2009-10-02 10:32 . 2009-10-02 10:32 13113 ----a-w- c:\windows\vedosutego.vbs
2009-10-01 12:43 . 2009-10-01 12:43 19472 ----a-w- c:\windows\tegyja.scr
2009-10-01 12:43 . 2009-10-01 12:43 18655 ----a-w- c:\windows\edazujom.com
2009-10-01 12:43 . 2009-10-01 12:43 14730 ----a-w- c:\windows\system32\dituwuni.vbs
2009-10-01 12:43 . 2009-10-01 12:43 12650 ----a-w- c:\documents and settings\JaBe\Local Settings\Application Data\ajyko.bat
2009-10-01 12:43 . 2009-10-01 12:43 12172 ----a-w- c:\documents and settings\JaBe\Application Data\kaxoqif.exe
2009-10-01 12:43 . 2009-10-01 12:43 10793 ----a-w- c:\windows\system32\myhowicum.bat
2009-10-01 12:43 . 2009-10-01 12:43 10442 ----a-w- c:\program files\Common Files\newepola.vbs
2009-10-01 12:43 . 2009-10-01 12:43 19037 ----a-w- c:\program files\Common Files\nadanuc.ban
2009-10-01 12:43 . 2009-10-01 12:43 16272 ----a-w- c:\program files\Common Files\jisukexix.db
2009-10-01 12:43 . 2009-10-01 12:43 13025 ----a-w- c:\windows\system32\quso.com
2009-09-30 23:19 . 2009-09-30 23:19 17232 ----a-w- c:\windows\ipumufola.pif
2009-09-30 23:19 . 2009-09-30 23:19 16486 ----a-w- c:\program files\Common Files\ytol.dat
2009-09-30 23:19 . 2009-09-30 23:19 15238 ----a-w- c:\windows\urah.dll
2009-09-30 23:19 . 2009-09-30 23:19 15030 ----a-w- c:\windows\system32\gedihamub.pif
2009-09-30 23:19 . 2009-09-30 23:19 14504 ----a-w- c:\windows\liqo.dat
2009-09-30 23:19 . 2009-09-30 23:19 13960 ----a-w- c:\documents and settings\JaBe\Application Data\wycywil.vbs
2009-09-30 23:19 . 2009-09-30 23:19 13630 ----a-w- c:\program files\Common Files\solefy.exe
2009-09-30 23:19 . 2009-09-30 23:19 13307 ----a-w- c:\documents and settings\JaBe\Application Data\anamabaju.exe
2009-09-30 23:19 . 2009-09-30 23:19 11453 ----a-w- c:\documents and settings\JaBe\Application Data\obyjamu.pif
2009-09-30 23:19 . 2009-09-30 23:19 10717 ----a-w- c:\windows\zawadyg.sys
2009-09-30 23:17 . 2009-09-30 23:17 19652 ----a-w- c:\windows\oqipykez.dat
2009-09-30 23:17 . 2009-09-30 23:17 19213 ----a-w- c:\documents and settings\All Users\Application Data\cazuqyc.scr
2009-09-30 23:17 . 2009-09-30 23:17 19206 ----a-w- c:\windows\system32\jisaxog.scr
2009-09-30 23:17 . 2009-09-30 23:17 17548 ----a-w- c:\documents and settings\JaBe\Application Data\elejaxut.bat
2009-09-30 23:17 . 2009-09-30 23:17 16617 ----a-w- c:\documents and settings\All Users\Application Data\ipojyxusi.dat
2009-09-30 23:17 . 2009-09-30 23:17 16368 ----a-w- c:\documents and settings\JaBe\Local Settings\Application Data\amypyvyhi.dat
2009-09-30 23:17 . 2009-09-30 23:17 15106 ----a-w- c:\documents and settings\All Users\Application Data\wedy.dat
2009-09-30 23:17 . 2009-09-30 23:17 14883 ----a-w- c:\documents and settings\All Users\Application Data\hasunazak.scr
2009-09-30 23:17 . 2009-09-30 23:17 12994 ----a-w- c:\windows\system32\sozypi.com
2009-09-30 23:17 . 2009-09-30 23:17 12380 ----a-w- c:\documents and settings\JaBe\Application Data\nugajoquj.bat
2009-09-30 23:13 . 2009-09-30 23:13 19511 ----a-w- c:\program files\Common Files\vapudele.dat
2009-09-30 23:13 . 2009-09-30 23:13 18426 ----a-w- c:\windows\helupew.scr
2009-09-30 23:13 . 2009-09-30 23:13 16997 ----a-w- c:\program files\Common Files\jamoqimol.exe
2009-09-30 23:13 . 2009-09-30 23:13 15482 ----a-w- c:\documents and settings\JaBe\Local Settings\Application Data\vubu.reg
2009-09-30 23:13 . 2009-09-30 23:13 14895 ----a-w- c:\documents and settings\All Users\Application Data\zimikakeqy.sys
2009-09-30 23:13 . 2009-09-30 23:13 14741 ----a-w- c:\windows\kekibevyz.dll
2009-09-30 23:13 . 2009-09-30 23:13 14481 ----a-w- c:\documents and settings\All Users\Application Data\wokevewoci.reg
2009-09-30 23:13 . 2009-09-30 23:13 14156 ----a-w- c:\documents and settings\JaBe\Application Data\nezy.scr
2009-09-30 23:13 . 2009-09-30 23:13 11780 ----a-w- c:\windows\azycok.dll
2009-09-30 23:13 . 2009-09-30 23:13 11060 ----a-w- c:\windows\system32\lubiqizuxi.vbs
2009-09-30 21:28 . 2009-09-30 21:28 21376 ----a-w- c:\windows\system32\drivers\dup.sys
2008-02-21 22:29 . 2008-02-21 22:29 8 --sh--r- c:\windows\system32\9627E54FC2.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\System32\nvraidservice.exe" [2004-06-11 83968]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]

c:\documents and settings\JaBe\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
siszyd32.exe [2008-4-14 32256]

c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-12-12 118784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\PESSI\\pes2009.exe"=
"f:\\PESSI\\GCP2009.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [7.12.2009 16:59 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [14.12.2009 10:24 163600]
R1 AMTBDA_P861F;anysee Capture Service;c:\windows\system32\drivers\anyseeTU.SYS [26.2.2007 11:56 311680]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [20.1.2008 19:08 45440]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [20.1.2008 19:08 56960]
S1 Dup;Dup;c:\windows\system32\drivers\dup.sys [30.9.2009 23:28 21376]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8.11.2009 23:09 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [8.11.2009 23:09 8320]

--- Muut muistissa olevat ajurit/palvelut ---

*NewlyCreated* - 00000BFE
*NewlyCreated* - SZEIO
*Deregistered* - 00000BFE
*Deregistered* - szeio

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c76cfaa-8f61-11de-8448-8bf5e02428ee}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c76cfab-8f61-11de-8448-8bf5e02428ee}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c76cfac-8f61-11de-8448-8bf5e02428ee}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c76cfad-8f61-11de-8448-8bf5e02428ee}]
\Shell\AutoRun\command - J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c76cfae-8f61-11de-8448-8bf5e02428ee}]
\Shell\AutoRun\command - J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57ff71f0-8f5e-11de-8447-e3838f893058}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57ff71f2-8f5e-11de-8447-e3838f893058}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f37147fa-8fd9-11de-8449-bee63daf53ee}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/
uInternet Settings,ProxyServer = 208.62.125.146:80
uInternet Settings,ProxyOverride = *.local
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: thepiratebay.org
Trusted Zone: tokem.fi\opaali
DPF: {3B1E1AB9-98C2-4B7E-AE01-59C84302BBDB} - hxxp://update.rayv.com/viewer/webinstall/ActiveXInstall1.0/rayvactivex.cab
FF - ProfilePath - c:\documents and settings\JaBe\Application Data\Mozilla\Firefox\Profiles\bowaxjnb.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOXIN KÄYTÄNNÖT ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - POISTETUT JÄMÄRIVIT - - - -

HKLM-Run-sysgif32 - c:\windows\TEMP\~TM17.tmp
HKLM-Run-anysee_TR - (no file)
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
HKU-Default-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
Notify-AtiExtEvent - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-19 19:53
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\szeio]

.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¹mÓw*]
"AB79C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
Valmistumisajankohta: 2009-12-19 19:56
ComboFix-quarantined-files.txt 2009-12-19 17:55

Ennen ajoa: 8 144 687 104 tavua vapaana
Ajon jälkeen: 8 150 335 488 tavua vapaana

WindowsXP-KB310994-SP2-Pro-BootDisk-FIN.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
228 --- E O F --- 2009-12-09 23:03

Tässä HJT-loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:12, on 19.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Documents and Settings\JaBe\Käynnistä-valikko\Ohjelmat\Käynnistys\siszyd32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 208.62.125.146:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - Startup: siszyd32.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.thepiratebay.org
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {3B1E1AB9-98C2-4B7E-AE01-59C84302BBDB} - http://update.rayv.com/viewer/webinstall/ActiveXInstall1.0/rayvactivex.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6676 bytes

 

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)



Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

----------------------------------------------------------------------------------
Tarkistetaan koneesi rootkittien varalta RootRepealilla

* Lataa RootRepeal yhdestä seuraavista linkeistä ja tallenna työpöydällesi.
* Suora lataus (Suositeltava)
* Ensisijainen linkki
* Toissijainen linkki

* Zip -pakattu (Suositeltavaa jos hidas internet yhteys tai jos suora lataus ei toimi)

* Ensisijainen linkki
* Toissijainen linkki

* Rar -pakattu (Suositeltavaa jos hidas internet yhteys / muut eivät toimi ja pystyt purkamaan Rar tiedostoja)

* Ensisijainen linkki
* Toissijainen linkki

* Pura RootRepeal.exe pakatusta tiedostosta, jos et käyttänyt suoraa latausta.
* Avaa työpöydältäsi.
* Klikkaa välilehteä.
* Klikkaa nappia.
* Merkkaa kaikki seitsemän laatikkoa:
* Paina ok.
* Merkkaa asemasi kohdalla oleva laatikko (Yleensä C: ), ja paina Ok.
* Anna RootRepealin skannata koneesi. Skannus voi kestää.
* Skannauksen valmistuttua, paina
nappia. Tallenna raportti työpöydälle esim. RootRepeal.txt.

=> Postita tämä raportti RootRepeal.txt
=> (C:\ComboFix.txt)
=> HJT logi seuraavassa viestissäsi.

.

 

Toimenpiteet tehty, rootrepeal:ia en saanut ajettua, jumitti ohjelma.

Nyt tuntuu kone toimivan! Imuroin koneen sisältä pölyistä ja tuntui että vähän nopeutu!

Tässä hjt-loki sekä compofix loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:21, on 20.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 208.62.125.146:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.thepiratebay.org
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {3B1E1AB9-98C2-4B7E-AE01-59C84302BBDB} - http://update.rayv.com/viewer/webinstall/ActiveXInstall1.0/rayvactivex.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6184 bytes

ComboFix 09-12-19.03 - JaBe 20.12.2009 18:11:14.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.358.1035.18.1535.1034 [GMT 2:00]
Sijainti: c:\documents and settings\JaBe\Työpöytä\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\documents and settings\JaBe\Työpöytä\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 091220-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"C:\00006B18.sys"
"c:\documents and settings\JaBe\Application Data\kaxoqif.exe"
"c:\documents and settings\JaBe\Käynnistä-valikko\Ohjelmat\Käynnistys\siszyd32.exe"
"c:\documents and settings\JaBe\Local Settings\Application Data\ajyko.bat"
"c:\program files\Common Files\jisukexix.db"
"c:\program files\Common Files\nadanuc.ban"
"c:\program files\Common Files\newepola.vbs"
"c:\windows\edazujom.com"
"c:\windows\oqipykez.dat"
"c:\windows\system32\cscrator.dll"
"c:\windows\system32\dituwuni.vbs"
"c:\windows\system32\drivers\dup.sys"
"c:\windows\system32\drivers\szeio.sys"
"c:\windows\system32\lubiqizuxi.vbs"
"c:\windows\system32\myhowicum.bat"
"c:\windows\system32\quso.com"
"c:\windows\tegyja.scr"
"c:\windows\urah.dll"
"c:\windows\vedosutego.vbs"
"c:\windows\zawadyg.sys"
.
Seuraavat tiedostot otettiin pois käytöstä ajon aikana:
c:\windows\system32\cscrator.dll


(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_OTM
c:\_otm\MovedFiles\12192009_021457.log
c:\_otm\MovedFiles\12192009_021457.res
c:\_otm\MovedFiles\12192009_021457\C_Documents and Settings\JaBe\Local Settings\Temp\Perflib_Perfdata_fa4.dat
C:\00006B18.sys
c:\documents and settings\All Users\Application Data\wokevewoci.reg
c:\documents and settings\All Users\Tiedostot\oqyhupe.bat
c:\documents and settings\JaBe\Application Data\avdrn.dat
c:\documents and settings\JaBe\Application Data\ebalu.inf
c:\documents and settings\JaBe\Application Data\elejaxut.bat
c:\documents and settings\JaBe\Application Data\iniasd.txt
c:\documents and settings\JaBe\Application Data\kaxoqif.exe
c:\documents and settings\JaBe\Application Data\nugajoquj.bat
c:\documents and settings\JaBe\Application Data\wycywil.vbs
c:\documents and settings\JaBe\Local Settings\Application Data\ajyko.bat
c:\documents and settings\JaBe\Local Settings\Application Data\vubu.reg
c:\program files\Common Files\jisukexix.db
c:\program files\Common Files\nadanuc.ban
c:\program files\Common Files\newepola.vbs
C:\SDFix
c:\sdfix\Add_DBFix_RunOnce_key.inf
c:\sdfix\apps\assosfix.reg
c:\sdfix\apps\Cghtme.exe
c:\sdfix\apps\cliptext.exe
c:\sdfix\apps\CSweg.exe
c:\sdfix\apps\DBFix.inf
c:\sdfix\apps\download.exe
c:\sdfix\apps\dummy.sys
c:\sdfix\apps\Enable_Command_Prompt.inf
c:\sdfix\apps\Enable_Command_Prompt.reg
c:\sdfix\apps\ERDNT.E_E
c:\sdfix\apps\ERDNTDOS.LOC
c:\sdfix\apps\ERDNTWIN.LOC
c:\sdfix\apps\ERUNT.EXE
c:\sdfix\apps\ERUNT.LOC
c:\sdfix\apps\fix.reg
c:\sdfix\apps\FixBeep.reg
c:\sdfix\apps\FixBH.reg
c:\sdfix\apps\FixComponents.reg
c:\sdfix\apps\FIXCU.reg
c:\sdfix\apps\FIXLM.reg
c:\sdfix\apps\FixPath.exe
c:\sdfix\apps\FixRedir.reg
c:\sdfix\apps\FixSchedule.reg
c:\sdfix\apps\FixWebCheck.reg
c:\sdfix\apps\fixXP.reg
c:\sdfix\apps\FixXPsp2.reg
c:\sdfix\apps\grep.exe
c:\sdfix\apps\HaxdFix.reg
c:\sdfix\apps\HPFix.reg
c:\sdfix\apps\HPFix2.reg
c:\sdfix\apps\HPFix3.reg
c:\sdfix\apps\HPFix4.reg
c:\sdfix\apps\HPFix5.reg
c:\sdfix\apps\HPFix6.reg
c:\sdfix\apps\HPFix7.reg
c:\sdfix\apps\HPFix8.reg
c:\sdfix\apps\HPFix9.reg
c:\sdfix\apps\Installed.txt
c:\sdfix\apps\isadmin.exe
c:\sdfix\apps\leg2.txt
c:\sdfix\apps\legacy.txt
c:\sdfix\apps\legacybk.txt
c:\sdfix\apps\locate.com
c:\sdfix\apps\LS.exe
c:\sdfix\apps\MD5File.exe
c:\sdfix\apps\moveex.exe
c:\sdfix\apps\MyGcpvFix.reg
c:\sdfix\apps\MyGkFix2.reg
c:\sdfix\apps\Process.exe
c:\sdfix\apps\procs.exe
c:\sdfix\apps\psservice.exe
c:\sdfix\apps\Rem.txt
c:\sdfix\apps\Rem2.txt
c:\sdfix\apps\Replace\regedit.exe
c:\sdfix\apps\Replace\w2k\AUTOEXEC.NT
c:\sdfix\apps\Replace\w2k\beep.sys
c:\sdfix\apps\Replace\w2k\command.com
c:\sdfix\apps\Replace\w2k\command.PIF
c:\sdfix\apps\Replace\w2k\CONFIG.NT
c:\sdfix\apps\Replace\w2k\null.sys
c:\sdfix\apps\Replace\xp\AUTOEXEC.NT
c:\sdfix\apps\Replace\xp\beep.sys
c:\sdfix\apps\Replace\xp\command.com
c:\sdfix\apps\Replace\xp\command.PIF
c:\sdfix\apps\Replace\xp\CONFIG.NT
c:\sdfix\apps\Replace\xp\null.sys
c:\sdfix\apps\Reset_AppInit_DLLs.reg
c:\sdfix\apps\RestartIt!.exe
c:\sdfix\apps\Restore_SafeBoot_Windows2000.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
c:\sdfix\apps\Restore_SecurityCenter.reg
c:\sdfix\apps\Restore_SharedAccess.reg
c:\sdfix\apps\sc.exe
c:\sdfix\apps\sed.exe
c:\sdfix\apps\SF.exe
c:\sdfix\apps\shutdown.exe
c:\sdfix\apps\srv2.txt
c:\sdfix\apps\srv2bk.txt
c:\sdfix\apps\svc.txt
c:\sdfix\apps\svcbk.txt
c:\sdfix\apps\Swreg.exe
c:\sdfix\apps\swsc.exe
c:\sdfix\apps\UnRAR.exe
c:\sdfix\apps\unzip.exe
c:\sdfix\apps\vfind.exe
c:\sdfix\apps\WINMSG.EXE
c:\sdfix\apps\winsec.reg
c:\sdfix\apps\zip.exe
c:\sdfix\catchme.exe
c:\sdfix\DBFix.bat
c:\sdfix\dummy.sys
c:\sdfix\RunThis.bat
c:\sdfix\SDFIX_ReadMe_Online.url
c:\sdfix\W2K_VirusAlert_Repair.inf
c:\sdfix\XP_VirusAlert_Repair.inf
c:\windows\adyzysu._sy
c:\windows\azycok.dll
c:\windows\edazujom.com
c:\windows\helupew.scr
c:\windows\kekibevyz.dll
c:\windows\omujariq.inf
c:\windows\oqipykez.dat
c:\windows\syluwep.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\dituwuni.vbs
c:\windows\system32\drivers\dup.sys
c:\windows\system32\drivers\szeio.sys
c:\windows\system32\hotizebiq.vbs
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\lubiqizuxi.vbs
c:\windows\system32\lulirule.inf
c:\windows\system32\myhowicum.bat
c:\windows\system32\quso.com
c:\windows\tegyja.scr
c:\windows\umariry.reg
c:\windows\unuce._sy
c:\windows\urah.dll
c:\windows\vedosutego.vbs
c:\windows\yjaju._sy
c:\windows\ywijopa.bat
c:\windows\zabyg._sy
c:\windows\zawadyg.sys

.
((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Dup
-------\Legacy_szeio
-------\Service_szeio


((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-11-20 to 2009-12-20 )))))))))))))))))
.

2009-12-20 16:05 . 2009-12-20 16:04 391168 ----a-w- c:\windows\system32\CF7852.exe
2009-12-19 18:06 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-19 18:06 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-19 18:06 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-19 18:06 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-19 18:06 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-19 18:06 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-19 18:06 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-19 18:06 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-19 18:06 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-19 18:05 . 2009-12-19 18:05 -------- d-----w- c:\program files\Alwil Software
2009-12-19 17:53 . 2008-04-14 16:12 50688 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-12-19 17:53 . 2008-04-14 16:12 50688 ----a-w- c:\windows\system32\proquota.exe
2009-12-19 17:51 . 2009-12-19 17:51 34816 ----a-w- c:\windows\system32\cscrator.dll
2009-12-19 17:51 . 2009-12-19 17:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-19 12:37 . 2009-12-19 12:37 -------- d-----w- c:\program files\STOPzilla!
2009-12-19 12:37 . 2009-12-19 12:37 -------- d-----w- c:\program files\Common Files\iS3
2009-12-19 12:36 . 2009-12-19 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-12-19 11:50 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-16 14:35 . 2009-12-16 14:35 -------- d-----w- c:\program files\Sun
2009-12-15 16:18 . 2009-12-15 16:18 545424 ----a-r- c:\windows\system32\SZComp5.dll
2009-12-15 16:18 . 2009-12-15 16:18 438928 ----a-r- c:\windows\system32\SZBase5.dll
2009-12-15 16:09 . 2009-12-15 16:09 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-12-14 08:24 . 2009-12-14 08:24 163600 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2009-12-10 14:11 . 2009-12-10 14:11 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-12-10 14:11 . 2009-12-10 14:11 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-12-10 14:09 . 2009-12-10 14:09 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-12-10 14:09 . 2009-12-10 14:09 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-12-10 14:08 . 2009-12-10 14:08 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-12-10 14:06 . 2009-12-10 14:06 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-12-10 14:06 . 2009-12-10 14:06 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-12-10 14:05 . 2009-12-10 14:05 94208 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-12-10 14:02 . 2009-12-10 14:02 729088 ----a-r- c:\windows\system32\IS3Base5.dll
2009-12-07 14:59 . 2009-12-07 14:59 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2009-12-07 14:59 . 2009-12-07 14:59 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys
2009-12-02 17:55 . 2009-12-02 17:55 152576 ----a-w- c:\documents and settings\JaBe\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-02 17:55 . 2009-12-02 17:55 79488 ----a-w- c:\documents and settings\JaBe\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-28 23:28 . 2009-11-28 23:28 90112 ----a-w- c:\documents and settings\JaBe\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\DXPlugin.dll
2009-11-28 23:28 . 2009-11-28 23:28 69632 ----a-w- c:\documents and settings\JaBe\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\SystemInfo.dll
2009-11-28 23:28 . 2009-11-28 23:28 6656 ----a-w- c:\documents and settings\JaBe\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\NativeDiskfree.dll
2009-11-28 23:28 . 2009-11-28 23:28 61440 ----a-w- c:\documents and settings\JaBe\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\NativeUnzip.dll
2009-11-28 23:28 . 2009-11-28 23:28 59904 ----a-w- c:\documents and settings\JaBe\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\zlib1.dll
2009-11-28 23:28 . 2009-11-28 23:28 57344 ----a-w- c:\documents and settings\JaBe\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\DXT.dll
2009-11-28 23:28 . 2009-11-28 23:28 315392 ----a-w- c:\documents and settings\JaBe\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\jogl.dll
2009-11-28 23:28 . 2009-11-28 23:28 20480 ----a-w- c:\documents and settings\JaBe\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\jogl_awt.dll
2009-11-28 23:28 . 2009-11-28 23:28 20480 ----a-w- c:\documents and settings\JaBe\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\gluegen-rt.dll
2009-11-28 23:28 . 2009-11-28 23:28 155648 ----a-w- c:\documents and settings\JaBe\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\NativeJpegDecoder.dll
2009-11-28 23:28 . 2009-11-28 23:28 -------- d-----w- c:\documents and settings\JaBe\Application Data\Agency9
2009-11-26 12:25 . 2009-11-26 12:25 -------- d-----w- c:\program files\KONAMI

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 17:51 . 2009-12-19 17:51 20 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat
2009-12-19 11:53 . 2007-11-26 20:53 19856 ----a-w- c:\documents and settings\JaBe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-18 23:44 . 2009-04-21 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-12-18 21:22 . 2007-11-26 17:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-18 21:15 . 2007-12-11 16:07 -------- d-----w- c:\program files\MSN Messenger
2009-12-18 20:30 . 2007-11-28 19:01 -------- d-----w- c:\program files\Euroword2004
2009-12-16 14:39 . 2008-01-20 15:59 -------- d-----w- c:\program files\CCleaner
2009-12-16 14:29 . 2009-10-03 10:28 -------- d-----w- c:\program files\Java
2009-11-26 12:25 . 2008-12-01 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2009-11-08 21:11 . 2009-11-08 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-11-08 21:09 . 2007-12-09 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-11-08 21:09 . 2007-12-09 12:37 -------- d-----w- c:\program files\Nokia
2009-11-08 21:06 . 2009-11-08 21:06 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-11-08 21:06 . 2009-11-08 21:06 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-11-08 21:06 . 2009-11-08 21:06 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2009-11-08 21:05 . 2009-11-08 21:07 24422944 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_fi.exe
2009-10-29 07:43 . 2001-10-09 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-25 21:07 . 2001-10-09 12:00 80308 ----a-w- c:\windows\system32\perfc00B.dat
2009-10-25 21:07 . 2001-10-09 12:00 406560 ----a-w- c:\windows\system32\perfh00B.dat
2009-10-13 10:34 . 2001-10-09 12:00 270848 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2001-10-09 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2001-10-09 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 02:17 . 2009-01-15 13:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-03 10:32 . 2009-10-03 10:32 0 ----a-w- c:\windows\nsreg.dat
2009-09-30 23:19 . 2009-09-30 23:19 17232 ----a-w- c:\windows\ipumufola.pif
2009-09-30 23:19 . 2009-09-30 23:19 16486 ----a-w- c:\program files\Common Files\ytol.dat
2009-09-30 23:19 . 2009-09-30 23:19 15030 ----a-w- c:\windows\system32\gedihamub.pif
2009-09-30 23:19 . 2009-09-30 23:19 14504 ----a-w- c:\windows\liqo.dat
2009-09-30 23:19 . 2009-09-30 23:19 13630 ----a-w- c:\program files\Common Files\solefy.exe
2009-09-30 23:19 . 2009-09-30 23:19 13307 ----a-w- c:\documents and settings\JaBe\Application Data\anamabaju.exe
2009-09-30 23:19 . 2009-09-30 23:19 13307 ----a-w- c:\documents and settings\JaBe\Application Data\anamabaju.exe
2009-09-30 23:19 . 2009-09-30 23:19 11453 ----a-w- c:\documents and settings\JaBe\Application Data\obyjamu.pif
2009-09-30 23:19 . 2009-09-30 23:19 11453 ----a-w- c:\documents and settings\JaBe\Application Data\obyjamu.pif
2009-09-30 23:17 . 2009-09-30 23:17 19213 ----a-w- c:\documents and settings\All Users\Application Data\cazuqyc.scr
2009-09-30 23:17 . 2009-09-30 23:17 19213 ----a-w- c:\documents and settings\All Users\Application Data\cazuqyc.scr
2009-09-30 23:17 . 2009-09-30 23:17 19206 ----a-w- c:\windows\system32\jisaxog.scr
2009-09-30 23:17 . 2009-09-30 23:17 16617 ----a-w- c:\documents and settings\All Users\Application Data\ipojyxusi.dat
2009-09-30 23:17 . 2009-09-30 23:17 16368 ----a-w- c:\documents and settings\JaBe\Local Settings\Application Data\amypyvyhi.dat
2009-09-30 23:17 . 2009-09-30 23:17 15106 ----a-w- c:\documents and settings\All Users\Application Data\wedy.dat
2009-09-30 23:17 . 2009-09-30 23:17 14883 ----a-w- c:\documents and settings\All Users\Application Data\hasunazak.scr
2009-09-30 23:17 . 2009-09-30 23:17 14883 ----a-w- c:\documents and settings\All Users\Application Data\hasunazak.scr
2009-09-30 23:17 . 2009-09-30 23:17 12994 ----a-w- c:\windows\system32\sozypi.com
2009-09-30 23:13 . 2009-09-30 23:13 19511 ----a-w- c:\program files\Common Files\vapudele.dat
2009-09-30 23:13 . 2009-09-30 23:13 16997 ----a-w- c:\program files\Common Files\jamoqimol.exe
2009-09-30 23:13 . 2009-09-30 23:13 14895 ----a-w- c:\documents and settings\All Users\Application Data\zimikakeqy.sys
2009-09-30 23:13 . 2009-09-30 23:13 14895 ----a-w- c:\documents and settings\All Users\Application Data\zimikakeqy.sys
2009-09-30 23:13 . 2009-09-30 23:13 14156 ----a-w- c:\documents and settings\JaBe\Application Data\nezy.scr
2009-09-30 23:13 . 2009-09-30 23:13 14156 ----a-w- c:\documents and settings\JaBe\Application Data\nezy.scr
2008-02-21 22:29 . 2008-02-21 22:29 8 --sha-r- c:\windows\system32\9627E54FC2.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\System32\nvraidservice.exe" [2004-06-11 83968]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-12-12 118784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\PESSI\\pes2009.exe"=
"f:\\PESSI\\GCP2009.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.11.2007 19:00 664064]
R0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19.12.2009 20:06 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.12.2009 20:06 20560]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [20.1.2008 19:08 45440]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [20.1.2008 19:08 56960]
S1 AMTBDA_P861F;anysee Capture Service;c:\windows\system32\drivers\anyseeTU.SYS [26.2.2007 11:56 311680]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8.11.2009 23:09 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [8.11.2009 23:09 8320]
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/
uInternet Settings,ProxyServer = 208.62.125.146:80
uInternet Settings,ProxyOverride = *.local
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: thepiratebay.org
Trusted Zone: tokem.fi\opaali
DPF: {3B1E1AB9-98C2-4B7E-AE01-59C84302BBDB} - hxxp://update.rayv.com/viewer/webinstall/ActiveXInstall1.0/rayvactivex.cab
FF - ProfilePath - c:\documents and settings\JaBe\Application Data\Mozilla\Firefox\Profiles\bowaxjnb.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-20 18:19
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A09D0E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x8a09d0e8
\Driver\ACPI -> ACPI.sys @ 0xba66dcb8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xba3c2bb0
PacketIndicateHandler -> NDIS.sys @ 0xba3cfa21
SendHandler -> NDIS.sys @ 0xba3ad87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¹mÓw*]
"AB79C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'explorer.exe'(3020)
c:\windows\system32\cscrator.dll
c:\windows\system32\webcheck.dll
.
------------------------ Muut prosessit ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\WgaTray.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\windows\system32\msiexec.exe
c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
.
**************************************************************************
.
Valmistumisajankohta: 2009-12-20 18:30:05 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2009-12-20 16:30
ComboFix2.txt 2009-12-19 17:56

Ennen ajoa: 8 010 412 032 tavua vapaana
Ajon jälkeen: 7 897 608 192 tavua vapaana

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 28778260FFAEF2800BF606514A021946

 

Onko sulla tarkoitus olla Proxy Server =>
208.62.125.146 (US) United States Waycross Georgia

--------------------------------------------------------------------------------

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)



Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

---------------------------------------------------------------------------------

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot
(HJT sammuttaa ohjelman ei poista)

O15 - Trusted Zone: http://*.thepiratebay.org
O16 - DPF: {3B1E1AB9-98C2-4B7E-AE01-59C84302BBDB} - http://update.rayv.com/viewer/webinstall...rayvactivex.cab

sekä sammuta ne.(fix Chekked) napista.

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*
*

 

Nyt tuntuu siltä että kone toimii!

Tässä viimeisimmät raportit:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:45, on 21.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 208.62.125.146:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30Series\anysee_TR.exe
O4 - HKLM\..\Run: [anysee CNO(Media Center PlugIn)] C:\Program Files\anysee\Driver\CNO.EXE
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6195 bytes


Tässä combofixin raportti:

ComboFix 09-12-20.08 - JaBe 21.12.2009 20:18:35.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.358.1035.18.1535.1041 [GMT 2:00]
Sijainti: c:\documents and settings\JaBe\Työpöytä\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\documents and settings\JaBe\Työpöytä\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 091221-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\All Users\Application Data\cazuqyc.scr"
"c:\documents and settings\All Users\Application Data\hasunazak.scr"
"c:\documents and settings\All Users\Application Data\ipojyxusi.dat"
"c:\documents and settings\All Users\Application Data\wedy.dat"
"c:\documents and settings\All Users\Application Data\zimikakeqy.sys"
"c:\documents and settings\JaBe\Application Data\anamabaju.exe"
"c:\documents and settings\JaBe\Application Data\nezy.scr"
"c:\documents and settings\JaBe\Application Data\obyjamu.pif"
"c:\documents and settings\JaBe\Local Settings\Application Data\amypyvyhi.dat"
"c:\program files\Common Files\jamoqimol.exe"
"c:\program files\Common Files\solefy.exe"
"c:\program files\Common Files\vapudele.dat"
"c:\program files\Common Files\ytol.dat"
"c:\windows\ipumufola.pif"
"c:\windows\liqo.dat"
"c:\windows\system32\gedihamub.pif"
"c:\windows\system32\jisaxog.scr"
"c:\windows\system32\sozypi.com"
"c:\windows\system32\wininet.dll"
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\cazuqyc.scr
c:\documents and settings\All Users\Application Data\hasunazak.scr
c:\documents and settings\All Users\Application Data\ipojyxusi.dat
c:\documents and settings\All Users\Application Data\wedy.dat
c:\documents and settings\All Users\Application Data\zimikakeqy.sys
c:\documents and settings\JaBe\Application Data\anamabaju.exe
c:\documents and settings\JaBe\Application Data\nezy.scr
c:\documents and settings\JaBe\Application Data\obyjamu.pif
c:\documents and settings\JaBe\Local Settings\Application Data\amypyvyhi.dat
c:\program files\Common Files\jamoqimol.exe
c:\program files\Common Files\solefy.exe
c:\program files\Common Files\vapudele.dat
c:\program files\Common Files\ytol.dat
c:\windows\ipumufola.pif
c:\windows\liqo.dat
c:\windows\system32\gedihamub.pif
c:\windows\system32\jisaxog.scr
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\sozypi.com

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-11-21 to 2009-12-21 )))))))))))))))))
.

2009-12-20 21:04 . 2009-12-20 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\CNO
2009-12-20 21:02 . 2009-12-20 21:04 -------- d-----w- c:\program files\anysee
2009-12-20 17:38 . 2009-12-20 17:38 -------- d-----w- c:\documents and settings\JaBe\Local Settings\Application Data\Nero
2009-12-20 17:37 . 2009-03-30 08:39 496256 ----a-w- c:\windows\system32\drivers\anyseeTU.SYS
2009-12-20 17:26 . 2009-12-20 17:26 -------- d-----w- c:\documents and settings\JaBe\Application Data\InstallShield Installation Information
2009-12-20 17:26 . 2007-03-08 13:17 119016 ----a-w- c:\documents and settings\JaBe\Application Data\InstallShield Installation Information\{44BC46DF-A8CF-4846-A731-EDC2A984D7A4}\setup.exe
2009-12-20 16:05 . 2009-12-20 16:04 391168 ----a-w- c:\windows\system32\CF7852.exe
2009-12-19 18:06 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-19 18:06 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-19 18:06 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-19 18:06 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-19 18:06 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-19 18:06 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-19 18:06 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-19 18:06 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-19 18:06 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-19 18:05 . 2009-12-19 18:05 -------- d-----w- c:\program files\Alwil Software
2009-12-19 17:53 . 2008-04-14 16:12 50688 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-12-19 17:53 . 2008-04-14 16:12 50688 ----a-w- c:\windows\system32\proquota.exe
2009-12-19 17:51 . 2009-12-19 17:51 34816 ----a-w- c:\windows\system32\cscrator.dll.vir
2009-12-19 17:51 . 2009-12-19 17:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-19 11:50 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-16 14:35 . 2009-12-16 14:35 -------- d-----w- c:\program files\Sun
2009-12-02 17:55 . 2009-12-02 17:55 152576 ----a-w- c:\documents and settings\JaBe\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-02 17:55 . 2009-12-02 17:55 79488 ----a-w- c:\documents and settings\JaBe\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-28 23:28 . 2009-11-28 23:28 90112 ----a-w- c:\documents and settings\JaBe\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\DXPlugin.dll
2009-11-28 23:28 . 2009-11-28 23:28 69632 ----a-w- c:\documents and settings\JaBe\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\SystemInfo.dll
2009-11-28 23:28 . 2009-11-28 23:28 6656 ----a-w- c:\documents and settings\JaBe\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\NativeDiskfree.dll
2009-11-28 23:28 . 2009-11-28 23:28 61440 ----a-w- c:\documents and settings\JaBe\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\NativeUnzip.dll
2009-11-28 23:28 . 2009-11-28 23:28 59904 ----a-w- c:\documents and settings\JaBe\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\zlib1.dll
2009-11-28 23:28 . 2009-11-28 23:28 57344 ----a-w- c:\documents and settings\JaBe\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\DXT.dll
2009-11-28 23:28 . 2009-11-28 23:28 315392 ----a-w- c:\documents and settings\JaBe\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\jogl.dll
2009-11-28 23:28 . 2009-11-28 23:28 20480 ----a-w- c:\documents and settings\JaBe\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\jogl_awt.dll
2009-11-28 23:28 . 2009-11-28 23:28 20480 ----a-w- c:\documents and settings\JaBe\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\gluegen-rt.dll
2009-11-28 23:28 . 2009-11-28 23:28 155648 ----a-w- c:\documents and settings\JaBe\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\NativeJpegDecoder.dll
2009-11-28 23:28 . 2009-11-28 23:28 -------- d-----w- c:\documents and settings\JaBe\Application Data\Agency9
2009-11-26 12:25 . 2009-11-26 12:25 -------- d-----w- c:\program files\KONAMI

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 21:02 . 2007-11-26 17:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-20 17:38 . 2007-11-26 20:53 19856 ----a-w- c:\documents and settings\JaBe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-19 17:51 . 2009-12-19 17:51 20 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat
2009-12-18 23:44 . 2009-04-21 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-12-18 21:15 . 2007-12-11 16:07 -------- d-----w- c:\program files\MSN Messenger
2009-12-18 20:30 . 2007-11-28 19:01 -------- d-----w- c:\program files\Euroword2004
2009-12-16 14:39 . 2008-01-20 15:59 -------- d-----w- c:\program files\CCleaner
2009-12-16 14:29 . 2009-10-03 10:28 -------- d-----w- c:\program files\Java
2009-12-15 01:04 . 2009-12-15 01:03 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat
2009-11-26 12:25 . 2008-12-01 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2009-11-08 21:11 . 2009-11-08 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-11-08 21:09 . 2007-12-09 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-11-08 21:09 . 2007-12-09 12:37 -------- d-----w- c:\program files\Nokia
2009-11-08 21:06 . 2009-11-08 21:06 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-11-08 21:06 . 2009-11-08 21:06 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-11-08 21:06 . 2009-11-08 21:06 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2009-11-08 21:05 . 2009-11-08 21:07 24422944 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_fi.exe
2009-10-29 07:43 . 2001-10-09 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-25 21:07 . 2001-10-09 12:00 80308 ----a-w- c:\windows\system32\perfc00B.dat
2009-10-25 21:07 . 2001-10-09 12:00 406560 ----a-w- c:\windows\system32\perfh00B.dat
2009-10-13 10:34 . 2001-10-09 12:00 270848 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2001-10-09 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2001-10-09 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 02:17 . 2009-01-15 13:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-03 10:32 . 2009-10-03 10:32 0 ----a-w- c:\windows\nsreg.dat
2009-09-30 21:32 . 2009-09-30 21:32 16372 ----a-w- c:\documents and settings\JaBe\Local Settings\Application Data\ygil.scr
2009-09-30 21:32 . 2009-09-30 21:32 16358 ----a-w- c:\program files\Common Files\ipaxif.dll
2009-09-30 21:32 . 2009-09-30 21:32 15792 ----a-w- c:\windows\enihyqex.sys
2009-09-30 21:32 . 2009-09-30 21:32 13451 ----a-w- c:\program files\Common Files\uhahoqozec.dat
2009-09-30 21:32 . 2009-09-30 21:32 12547 ----a-w- c:\windows\esekeqyg.sys
2009-09-30 21:32 . 2009-09-30 21:32 17249 ----a-w- c:\documents and settings\JaBe\Local Settings\Application Data\usolytavad.pif
2009-09-30 21:32 . 2009-09-30 21:32 17199 ----a-w- c:\windows\kahojodop.bin
2009-09-30 21:32 . 2009-09-30 21:32 14363 ----a-w- c:\program files\Common Files\upikyvuqo.sys
2009-09-30 21:32 . 2009-09-30 21:32 13913 ----a-w- c:\windows\system32\uzib.sys
2009-09-30 21:32 . 2009-09-30 21:32 13837 ----a-w- c:\documents and settings\JaBe\Application Data\yrula.sys
2009-09-30 21:32 . 2009-09-30 21:32 13837 ----a-w- c:\documents and settings\JaBe\Application Data\yrula.sys
2009-09-30 21:32 . 2009-09-30 21:32 12695 ----a-w- c:\documents and settings\JaBe\Application Data\nahucofes.bin
2009-09-30 21:32 . 2009-09-30 21:32 12614 ----a-w- c:\windows\tecalenesy.sys
2008-02-21 22:29 . 2008-02-21 22:29 8 --sha-r- c:\windows\system32\9627E54FC2.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-12-19_17.53.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-21 16:42 . 2009-12-21 16:42 16384 c:\windows\Temp\Perflib_Perfdata_6e0.dat
+ 2009-12-21 16:42 . 2009-12-21 16:42 16384 c:\windows\Temp\Perflib_Perfdata_670.dat
+ 2009-12-21 16:42 . 2009-12-21 16:42 16384 c:\windows\Temp\Perflib_Perfdata_4f0.dat
- 2008-05-10 18:43 . 2008-04-14 16:11 53760 c:\windows\system32\vfwwdm32.dll
+ 2008-05-10 18:43 . 2008-04-14 17:11 53760 c:\windows\system32\vfwwdm32.dll
- 2007-11-26 17:16 . 2008-04-14 16:11 16896 c:\windows\system32\msyuv.dll
+ 2007-11-26 17:16 . 2004-07-09 02:26 16896 c:\windows\system32\msyuv.dll
+ 2001-10-05 16:31 . 2008-04-14 17:11 47616 c:\windows\system32\iyuv_32.dll
- 2001-10-05 16:31 . 2008-04-14 16:11 47616 c:\windows\system32\iyuv_32.dll
+ 2007-11-26 17:16 . 2004-07-09 02:27 48512 c:\windows\system32\drivers\stream.sys
+ 2007-11-26 19:09 . 2008-04-13 19:45 60160 c:\windows\system32\drivers\drmk.sys
- 2007-11-26 19:09 . 2008-04-13 18:45 60160 c:\windows\system32\drivers\drmk.sys
+ 2007-11-26 17:16 . 2004-07-09 02:26 11392 c:\windows\system32\drivers\BdaSup.sys
+ 2009-12-20 17:43 . 2004-07-09 02:26 47104 c:\windows\system32\dllcache\wstdecod.dll
- 2008-05-10 18:43 . 2008-04-14 16:11 53760 c:\windows\system32\dllcache\vfwwdm32.dll
+ 2008-05-10 18:43 . 2008-04-14 17:11 53760 c:\windows\system32\dllcache\vfwwdm32.dll
+ 2007-11-26 17:16 . 2004-07-09 02:27 48512 c:\windows\system32\dllcache\stream.sys
+ 2009-12-20 17:43 . 2002-08-29 01:41 31744 c:\windows\system32\dllcache\pid.dll
- 2007-11-26 17:16 . 2008-04-14 16:11 16896 c:\windows\system32\dllcache\msyuv.dll
+ 2007-11-26 17:16 . 2004-07-09 02:26 16896 c:\windows\system32\dllcache\msyuv.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 13312 c:\windows\system32\dllcache\msdmo.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 34304 c:\windows\system32\dllcache\mciqtz32.dll
+ 2001-10-05 16:31 . 2008-04-14 17:11 47616 c:\windows\system32\dllcache\iyuv_32.dll
- 2001-10-05 16:31 . 2008-04-14 16:11 47616 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 18432 c:\windows\system32\dllcache\dswave.dll
- 2007-11-26 19:09 . 2008-04-13 18:45 60160 c:\windows\system32\dllcache\drmk.sys
+ 2007-11-26 19:09 . 2008-04-13 19:45 60160 c:\windows\system32\dllcache\drmk.sys
+ 2009-12-20 17:43 . 2004-07-09 02:27 79360 c:\windows\system32\dllcache\dpwsockx.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 80896 c:\windows\system32\dllcache\dpvsetup.exe
+ 2009-12-20 17:43 . 2002-12-11 22:14 19968 c:\windows\system32\dllcache\dpvacm.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 16896 c:\windows\system32\dllcache\dpnsvr.exe
+ 2009-12-20 17:43 . 2003-03-24 07:00 68096 c:\windows\system32\dllcache\dpnhupnp.dll
+ 2009-12-20 17:43 . 2003-03-24 07:00 32768 c:\windows\system32\dllcache\dpnhpast.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 77824 c:\windows\system32\dllcache\dpmodemx.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 28160 c:\windows\system32\dllcache\dplaysvr.exe
+ 2009-12-20 17:43 . 2002-12-11 22:14 98816 c:\windows\system32\dllcache\dmstyle.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 76800 c:\windows\system32\dllcache\dmscript.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 33280 c:\windows\system32\dllcache\dmloader.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 58368 c:\windows\system32\dllcache\dmcompos.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 27136 c:\windows\system32\dllcache\dmband.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 24064 c:\windows\system32\dllcache\ddrawex.dll
+ 2007-11-26 17:16 . 2004-07-09 02:26 11392 c:\windows\system32\dllcache\bdasup.sys
+ 2009-12-20 17:43 . 2002-12-11 22:14 64512 c:\windows\system32\dllcache\amstream.dll
+ 2009-12-20 17:27 . 2004-07-09 02:26 47104 c:\windows\system32\DirectX\DX8B.tmp\wstdecod.dll
+ 2009-12-20 17:27 . 2004-07-09 02:26 18688 c:\windows\system32\DirectX\DX8B.tmp\wstcodec.sys
+ 2009-12-20 17:27 . 2004-07-09 02:26 14976 c:\windows\system32\DirectX\DX8B.tmp\streamip.sys
+ 2009-12-20 17:27 . 2004-07-09 02:27 48512 c:\windows\system32\DirectX\DX8B.tmp\stream.sys
+ 2009-12-20 17:27 . 2004-07-09 02:26 10880 c:\windows\system32\DirectX\DX8B.tmp\slip.sys
+ 2009-12-20 17:27 . 2001-10-30 06:10 31744 c:\windows\system32\DirectX\DX8B.tmp\pid.dll
+ 2009-12-20 17:27 . 2004-07-09 02:26 10112 c:\windows\system32\DirectX\DX8B.tmp\ndisip.sys
+ 2009-12-20 17:27 . 2004-07-09 02:26 83968 c:\windows\system32\DirectX\DX8B.tmp\nabtsfec.sys
+ 2009-12-20 17:27 . 2004-07-09 02:26 16896 c:\windows\system32\DirectX\DX8B.tmp\msyuv.dll
+ 2009-12-20 17:27 . 2004-07-09 02:26 52096 c:\windows\system32\DirectX\DX8B.tmp\msdv.sys
+ 2009-12-20 17:27 . 2002-12-11 22:14 13312 c:\windows\system32\DirectX\DX8B.tmp\msdmo.dll
+ 2009-12-20 17:27 . 2004-07-09 02:26 15104 c:\windows\system32\DirectX\DX8B.tmp\mpe.sys
+ 2009-12-20 17:27 . 2002-12-11 22:14 34304 c:\windows\system32\DirectX\DX8B.tmp\mciqtz32.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 18944 c:\windows\system32\DirectX\DX8B.tmp\encapi.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 46592 c:\windows\system32\DirectX\DX8B.tmp\dxdllreg.exe
+ 2009-12-20 17:27 . 1999-12-14 22:00 10064 c:\windows\system32\DirectX\DX8B.tmp\dxapi.sys
+ 2009-12-20 17:27 . 2002-12-11 22:14 18432 c:\windows\system32\DirectX\DX8B.tmp\dswave.dll
+ 2009-12-20 17:27 . 2004-07-09 02:27 79360 c:\windows\system32\DirectX\DX8B.tmp\dpwsockx.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 80896 c:\windows\system32\DirectX\DX8B.tmp\dpvsetup.exe
+ 2009-12-20 17:27 . 2002-12-11 22:14 19968 c:\windows\system32\DirectX\DX8B.tmp\dpvacm.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 16896 c:\windows\system32\DirectX\DX8B.tmp\dpnsvr.exe
+ 2009-12-20 17:27 . 2003-03-24 07:00 68096 c:\windows\system32\DirectX\DX8B.tmp\dpnhupnp.dll
+ 2009-12-20 17:27 . 2003-03-24 07:00 32768 c:\windows\system32\DirectX\DX8B.tmp\dpnhpast.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 77824 c:\windows\system32\DirectX\DX8B.tmp\dpmodemx.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 28160 c:\windows\system32\DirectX\DX8B.tmp\dplaysvr.exe
+ 2009-12-20 17:27 . 2002-12-11 22:14 98816 c:\windows\system32\DirectX\DX8B.tmp\dmstyle.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 76800 c:\windows\system32\DirectX\DX8B.tmp\dmscript.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 33280 c:\windows\system32\DirectX\DX8B.tmp\dmloader.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 58368 c:\windows\system32\DirectX\DX8B.tmp\dmcompos.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 27136 c:\windows\system32\DirectX\DX8B.tmp\dmband.dll
+ 2009-12-20 17:27 . 2001-10-30 06:10 44032 c:\windows\system32\DirectX\DX8B.tmp\dimap.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 24064 c:\windows\system32\DirectX\DX8B.tmp\ddrawex.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 49424 c:\windows\system32\DirectX\DX8B.tmp\d3dxof.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 37648 c:\windows\system32\DirectX\DX8B.tmp\d3dpmesh.dll
+ 2009-12-20 17:27 . 2004-07-09 02:26 16384 c:\windows\system32\DirectX\DX8B.tmp\ccdecode.sys
+ 2009-12-20 17:27 . 2004-07-09 02:26 11392 c:\windows\system32\DirectX\DX8B.tmp\BdaSup.sys
+ 2009-12-20 17:27 . 2002-12-11 22:14 64512 c:\windows\system32\DirectX\DX8B.tmp\amstream.dll
+ 2009-12-20 21:03 . 2009-12-20 21:03 10134 c:\windows\Installer\{CDFE9268-5C6C-41A9-A048-B0CAD9E8C039}\ARPPRODUCTICON.exe
- 2007-12-08 18:45 . 2009-12-09 23:03 23040 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-12-08 18:45 . 2009-12-20 16:27 23040 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-12-08 18:45 . 2009-12-09 23:03 61440 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-12-08 18:45 . 2009-12-20 16:27 61440 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-12-08 18:45 . 2009-12-09 23:03 27136 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-12-08 18:45 . 2009-12-20 16:27 27136 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-12-08 18:45 . 2009-12-20 16:27 11264 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-12-08 18:45 . 2009-12-09 23:03 11264 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-12-08 18:45 . 2009-12-20 16:27 86016 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-12-08 18:45 . 2009-12-09 23:03 86016 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-12-08 18:45 . 2009-12-20 16:27 12288 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-12-08 18:45 . 2009-12-09 23:03 12288 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-12-20 17:43 . 2004-07-09 02:26 18688 c:\windows\Driver Cache\i386\wstcodec.sys
+ 2009-12-20 17:43 . 2004-07-09 02:26 14976 c:\windows\Driver Cache\i386\streamip.sys
+ 2009-12-20 17:43 . 2004-07-09 02:27 48512 c:\windows\Driver Cache\i386\stream.sys
+ 2009-12-20 17:43 . 2004-07-09 02:26 10880 c:\windows\Driver Cache\i386\slip.sys
+ 2009-12-20 17:43 . 2002-08-29 01:41 31744 c:\windows\Driver Cache\i386\pid.dll
+ 2009-12-20 17:43 . 2004-07-09 02:26 10112 c:\windows\Driver Cache\i386\ndisip.sys
+ 2009-12-20 17:43 . 2004-07-09 02:26 83968 c:\windows\Driver Cache\i386\nabtsfec.sys
+ 2009-12-20 17:43 . 2004-07-09 02:26 16896 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-12-20 17:43 . 2004-07-09 02:26 52096 c:\windows\Driver Cache\i386\msdv.sys
+ 2009-12-20 17:43 . 2004-07-09 02:26 15104 c:\windows\Driver Cache\i386\mpe.sys
+ 2009-12-20 17:43 . 2004-07-09 02:26 16384 c:\windows\Driver Cache\i386\ccdecode.sys
+ 2009-12-20 17:43 . 2004-07-09 02:26 11392 c:\windows\Driver Cache\i386\bdasup.sys
- 2009-07-18 00:42 . 2009-07-18 00:42 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-12-20 21:02 . 2009-12-20 21:02 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-07-18 00:42 . 2009-07-18 00:42 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-12-20 21:02 . 2009-12-20 21:02 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2001-10-05 16:31 . 2001-10-05 14:31 8192 c:\windows\system32\tsbyuv.dll
- 2001-10-05 16:31 . 2001-10-05 13:31 8192 c:\windows\system32\tsbyuv.dll
- 2007-11-26 17:16 . 2008-04-14 16:11 4096 c:\windows\system32\ksuser.dll
+ 2007-11-26 17:16 . 2002-12-11 22:14 4096 c:\windows\system32\ksuser.dll
+ 2001-10-05 16:31 . 2001-10-05 14:31 8192 c:\windows\system32\dllcache\tsbyuv.dll
- 2001-10-05 16:31 . 2001-10-05 13:31 8192 c:\windows\system32\dllcache\tsbyuv.dll
+ 2007-11-26 17:16 . 2002-12-11 22:14 4096 c:\windows\system32\dllcache\ksuser.dll
- 2007-11-26 17:16 . 2008-04-14 16:11 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 3072 c:\windows\system32\dllcache\dpnlobby.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 3072 c:\windows\system32\dllcache\dpnaddr.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 8192 c:\windows\system32\dllcache\d3d8thk.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 4096 c:\windows\system32\DirectX\DX8B.tmp\swenum.sys
+ 2009-12-20 17:27 . 2002-12-11 22:14 5504 c:\windows\system32\DirectX\DX8B.tmp\mstee.sys
+ 2009-12-20 17:27 . 2001-08-23 03:00 4608 c:\windows\system32\DirectX\DX8B.tmp\mspqm.sys
+ 2009-12-20 17:27 . 2002-12-11 22:14 5248 c:\windows\system32\DirectX\DX8B.tmp\mspclock.sys
+ 2009-12-20 17:27 . 2002-12-11 22:14 7424 c:\windows\system32\DirectX\DX8B.tmp\mskssrv.sys
+ 2009-12-20 17:27 . 2002-12-11 22:14 4096 c:\windows\system32\DirectX\DX8B.tmp\ksuser.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 3072 c:\windows\system32\DirectX\DX8B.tmp\dpnlobby.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 3072 c:\windows\system32\DirectX\DX8B.tmp\dpnaddr.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 8192 c:\windows\system32\DirectX\DX8B.tmp\d3d8thk.dll
- 2007-12-08 18:45 . 2009-12-09 23:03 4096 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-12-08 18:45 . 2009-12-20 16:27 4096 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-12-20 17:43 . 2002-12-11 22:14 4096 c:\windows\Driver Cache\i386\swenum.sys
+ 2009-12-20 17:43 . 2002-12-11 22:14 5504 c:\windows\Driver Cache\i386\mstee.sys
+ 2009-12-20 17:43 . 2001-08-23 03:00 4608 c:\windows\Driver Cache\i386\mspqm.sys
+ 2009-12-20 17:43 . 2002-12-11 22:14 5248 c:\windows\Driver Cache\i386\mspclock.sys
+ 2009-12-20 17:43 . 2002-12-11 22:14 7424 c:\windows\Driver Cache\i386\mskssrv.sys
+ 2009-12-20 17:43 . 2002-12-11 22:14 4096 c:\windows\Driver Cache\i386\ksuser.dll
+ 2007-11-26 17:16 . 2004-07-09 02:26 354816 c:\windows\system32\PsisDecd.dll
+ 2001-10-05 16:32 . 2008-04-14 17:12 294912 c:\windows\system32\msh263.drv
- 2001-10-05 16:32 . 2008-04-14 16:12 294912 c:\windows\system32\msh263.drv
+ 2007-11-26 19:09 . 2008-04-13 20:19 146048 c:\windows\system32\drivers\portcls.sys
- 2007-11-26 19:09 . 2008-04-13 19:19 146048 c:\windows\system32\drivers\portcls.sys
+ 2009-12-20 17:43 . 2002-12-11 22:14 733184 c:\windows\system32\dllcache\qedwipes.dll
+ 2009-12-20 17:43 . 2004-07-09 02:27 470528 c:\windows\system32\dllcache\qdvd.dll
+ 2009-12-20 17:43 . 2004-07-09 02:27 316928 c:\windows\system32\dllcache\qdv.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 257024 c:\windows\system32\dllcache\qcap.dll
+ 2007-11-26 17:16 . 2004-07-09 02:26 354816 c:\windows\system32\dllcache\psisdecd.dll
- 2007-11-26 19:09 . 2008-04-13 19:19 146048 c:\windows\system32\dllcache\portcls.sys
+ 2007-11-26 19:09 . 2008-04-13 20:19 146048 c:\windows\system32\dllcache\portcls.sys
+ 2009-12-20 17:43 . 2004-07-09 02:27 974848 c:\windows\system32\dllcache\dxdiag.exe
+ 2009-12-20 17:43 . 2002-12-11 22:14 602624 c:\windows\system32\dllcache\dx7vb.dll
+ 2009-12-20 17:43 . 2004-07-09 02:27 381952 c:\windows\system32\dllcache\dsound.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 491520 c:\windows\system32\dllcache\dsdmoprp.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 186880 c:\windows\system32\dllcache\dsdmo.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 112128 c:\windows\system32\dllcache\dpvvox.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 381952 c:\windows\system32\dllcache\dpvoice.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 723968 c:\windows\system32\dllcache\dpnet.dll
+ 2009-12-20 17:43 . 2004-07-09 02:27 230400 c:\windows\system32\dllcache\dplayx.dll
+ 2009-12-20 17:43 . 2004-07-09 02:27 122880 c:\windows\system32\dllcache\dmusic.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 100864 c:\windows\system32\dllcache\dmsynth.dll
+ 2009-12-20 17:43 . 2004-07-09 02:27 181248 c:\windows\system32\dllcache\dmime.dll
+ 2009-12-20 17:43 . 2002-08-29 01:40 667648 c:\windows\system32\dllcache\dinput8.dll
+ 2009-12-20 17:43 . 2002-08-29 01:40 648704 c:\windows\system32\dllcache\dinput.dll
+ 2009-12-20 17:43 . 2003-05-30 07:00 132608 c:\windows\system32\dllcache\devenum.dll
+ 2009-12-20 17:43 . 2004-07-09 02:27 292864 c:\windows\system32\dllcache\ddraw.dll
+ 2009-12-20 17:43 . 2003-05-30 07:00 797184 c:\windows\system32\dllcache\d3dim700.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 733184 c:\windows\system32\DirectX\DX8B.tmp\qedwipes.dll
+ 2009-12-20 17:27 . 2004-07-09 02:27 470528 c:\windows\system32\DirectX\DX8B.tmp\qdvd.dll
+ 2009-12-20 17:27 . 2004-07-09 02:27 316928 c:\windows\system32\DirectX\DX8B.tmp\qdv.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 257024 c:\windows\system32\DirectX\DX8B.tmp\qcap.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 173056 c:\windows\system32\DirectX\DX8B.tmp\qasf.dll
+ 2009-12-20 17:27 . 2004-07-09 02:26 354816 c:\windows\system32\DirectX\DX8B.tmp\psisdecd.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 324096 c:\windows\system32\DirectX\DX8B.tmp\mswebdvd.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 130304 c:\windows\system32\DirectX\DX8B.tmp\ks.sys
+ 2009-12-20 17:27 . 2001-10-30 06:10 206336 c:\windows\system32\DirectX\DX8B.tmp\gcdef.dll
+ 2009-12-20 17:27 . 2004-07-09 02:27 974848 c:\windows\system32\DirectX\DX8B.tmp\dxdiag.exe
+ 2009-12-20 17:27 . 2002-12-11 22:14 602624 c:\windows\system32\DirectX\DX8B.tmp\dx7vb.dll
+ 2009-12-20 17:27 . 2004-07-09 02:27 381952 c:\windows\system32\DirectX\DX8B.tmp\dsound.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 491520 c:\windows\system32\DirectX\DX8B.tmp\dsdmoprp.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 186880 c:\windows\system32\DirectX\DX8B.tmp\dsdmo.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 112128 c:\windows\system32\DirectX\DX8B.tmp\dpvvox.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 381952 c:\windows\system32\DirectX\DX8B.tmp\dpvoice.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 723968 c:\windows\system32\DirectX\DX8B.tmp\dpnet.dll
+ 2009-12-20 17:27 . 2004-07-09 02:27 230400 c:\windows\system32\DirectX\DX8B.tmp\dplayx.dll
+ 2009-12-20 17:27 . 2004-07-09 02:27 122880 c:\windows\system32\DirectX\DX8B.tmp\dmusic.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 100864 c:\windows\system32\DirectX\DX8B.tmp\dmsynth.dll
+ 2009-12-20 17:27 . 2004-07-09 02:27 181248 c:\windows\system32\DirectX\DX8B.tmp\dmime.dll
+ 2009-12-20 17:27 . 2001-10-30 06:10 664576 c:\windows\system32\DirectX\DX8B.tmp\dinput8.dll
+ 2009-12-20 17:27 . 2001-10-30 06:10 645120 c:\windows\system32\DirectX\DX8B.tmp\dinput.dll
+ 2009-12-20 17:27 . 2001-10-30 06:10 459264 c:\windows\system32\DirectX\DX8B.tmp\diactfrm.dll
+ 2009-12-20 17:27 . 2003-05-30 07:00 132608 c:\windows\system32\DirectX\DX8B.tmp\devenum.dll
+ 2009-12-20 17:27 . 2004-07-09 02:27 292864 c:\windows\system32\DirectX\DX8B.tmp\ddraw.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 364816 c:\windows\system32\DirectX\DX8B.tmp\d3drm.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 591120 c:\windows\system32\DirectX\DX8B.tmp\d3dramp.dll
+ 2009-12-20 17:27 . 2003-05-30 07:00 797184 c:\windows\system32\DirectX\DX8B.tmp\d3dim700.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 446224 c:\windows\system32\DirectX\DX8B.tmp\d3dim.dll
+ 2009-12-20 21:03 . 2009-12-20 21:03 476160 c:\windows\Installer\67549.msi
+ 2007-12-08 18:45 . 2009-12-20 16:27 409600 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-12-08 18:45 . 2009-12-09 23:03 409600 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-12-08 18:45 . 2009-12-09 23:03 286720 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-12-08 18:45 . 2009-12-20 16:27 286720 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-12-08 18:45 . 2009-12-09 23:03 249856 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-12-08 18:45 . 2009-12-20 16:27 249856 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-12-08 18:45 . 2009-12-09 23:03 794624 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-12-08 18:45 . 2009-12-20 16:27 794624 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-12-08 18:45 . 2009-12-20 16:27 135168 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-12-08 18:45 . 2009-12-09 23:03 135168 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-12-08 18:45 . 2009-12-20 16:27 593920 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-12-08 18:45 . 2009-12-09 23:03 593920 c:\windows\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-12-20 17:43 . 2004-07-09 02:26 354816 c:\windows\Driver Cache\i386\psisdecd.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 130304 c:\windows\Driver Cache\i386\ks.sys
+ 2009-12-20 21:02 . 2009-12-20 21:02 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-07-18 00:42 . 2009-07-18 00:42 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-07-18 00:42 . 2009-07-18 00:42 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-12-20 21:02 . 2009-12-20 21:02 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-07-18 00:42 . 2009-07-18 00:42 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-12-20 21:02 . 2009-12-20 21:02 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-12-20 21:02 . 2009-12-20 21:02 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-07-18 00:42 . 2009-07-18 00:42 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-12-20 21:02 . 2009-12-20 21:02 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-07-18 00:42 . 2009-07-18 00:42 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-12-20 21:02 . 2009-12-20 21:02 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-18 00:42 . 2009-07-18 00:42 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-18 00:42 . 2009-07-18 00:42 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-20 21:02 . 2009-12-20 21:02 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-18 00:42 . 2009-07-18 00:42 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-20 21:02 . 2009-12-20 21:02 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-18 00:42 . 2009-07-18 00:42 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-20 21:02 . 2009-12-20 21:02 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-18 00:42 . 2009-07-18 00:42 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-20 21:02 . 2009-12-20 21:02 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-18 00:42 . 2009-07-18 00:42 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-20 21:02 . 2009-12-20 21:02 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-18 00:42 . 2009-07-18 00:42 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-20 21:02 . 2009-12-20 21:02 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-18 00:42 . 2009-07-18 00:42 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-20 21:02 . 2009-12-20 21:02 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-20 21:02 . 2009-12-20 21:02 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-07-18 00:42 . 2009-07-18 00:42 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2007-11-26 15:37 . 2009-12-21 12:52 1412904 c:\windows\system32\FNTCACHE.DAT
+ 2009-12-20 17:43 . 2002-12-11 22:14 1798144 c:\windows\system32\dllcache\qedit.dll
+ 2009-12-20 17:43 . 2004-07-09 02:26 1230336 c:\windows\system32\dllcache\msvidctl.dll
+ 2009-12-20 17:43 . 2003-05-30 07:00 1189888 c:\windows\system32\dllcache\dx8vb.dll
+ 2009-12-20 17:43 . 2002-12-11 22:14 1294336 c:\windows\system32\dllcache\dsound3d.dll
+ 2009-12-20 17:43 . 2004-07-09 02:27 1201152 c:\windows\system32\dllcache\d3d8.dll
+ 2009-12-20 17:27 . 2003-05-30 07:00 1962496 c:\windows\system32\DirectX\DX8B.tmp\quartz.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 1798144 c:\windows\system32\DirectX\DX8B.tmp\qedit.dll
+ 2009-12-20 17:27 . 2004-07-09 02:26 1230336 c:\windows\system32\DirectX\DX8B.tmp\MSVidCtl.dll
+ 2009-12-20 17:27 . 2004-07-09 02:27 1769472 c:\windows\system32\DirectX\DX8B.tmp\dxdiagn.dll
+ 2009-12-20 17:27 . 2003-05-30 07:00 1189888 c:\windows\system32\DirectX\DX8B.tmp\dx8vb.dll
+ 2009-12-20 17:27 . 2002-12-11 22:14 1294336 c:\windows\system32\DirectX\DX8B.tmp\dsound3d.dll
+ 2009-12-20 17:27 . 2004-07-09 02:27 1703936 c:\windows\system32\DirectX\DX8B.tmp\d3d9.dll
+ 2009-12-20 17:27 . 2004-07-09 02:27 1201152 c:\windows\system32\DirectX\DX8B.tmp\d3d8.dll
+ 2009-12-16 20:58 . 2009-12-16 20:58 5382144 c:\windows\Installer\66107.msp
- 2009-07-18 00:42 . 2009-07-18 00:42 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-20 21:02 . 2009-12-20 21:02 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-18 00:42 . 2009-07-18 00:42 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-20 21:02 . 2009-12-20 21:02 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
-- Snapshot nollattu tähän hetkeen --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\System32\nvraidservice.exe" [2004-06-11 83968]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"anysee_TR"="c:\program files\anysee\anysee-E30Series\anysee_TR.exe" [2009-03-16 1417216]
"anysee CNO(Media Center PlugIn)"="c:\program files\anysee\Driver\CNO.EXE" [2009-03-30 1028096]

c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-12-12 118784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\PESSI\\pes2009.exe"=
"f:\\PESSI\\GCP2009.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19.12.2009 20:06 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.12.2009 20:06 20560]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [20.1.2008 19:08 45440]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [20.1.2008 19:08 56960]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.11.2007 19:00 664064]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S1 AMTBDA_P861F;anysee Capture Service;c:\windows\system32\drivers\anyseeTU.SYS [20.12.2009 19:37 496256]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8.11.2009 23:09 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [8.11.2009 23:09 8320]
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/
uInternet Settings,ProxyServer = 208.62.125.146:80
uInternet Settings,ProxyOverride = *.local
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: thepiratebay.org
Trusted Zone: tokem.fi\opaali
DPF: {3B1E1AB9-98C2-4B7E-AE01-59C84302BBDB} - hxxp://update.rayv.com/viewer/webinstall/ActiveXInstall1.0/rayvactivex.cab
FF - ProfilePath - c:\documents and settings\JaBe\Application Data\Mozilla\Firefox\Profiles\bowaxjnb.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 20:23
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¹mÓw*]
"AB79C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
Valmistumisajankohta: 2009-12-21 20:26:53
ComboFix-quarantined-files.txt 2009-12-21 18:26
ComboFix2.txt 2009-12-20 16:30
ComboFix3.txt 2009-12-19 17:56

Ennen ajoa: 6 918 492 160 tavua vapaana
Ajon jälkeen: 6 900 502 528 tavua vapaana

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B4FBD10E6F4F7D4BE550B39C8E03A7B9