Logia tarkastukseen

BeatMasta · Jun 17, 2008

jos joku vois kattoo noi logit ja kertoo onkohan siel mitää kummajaisii.. kiitokset vaivan näöstä!!

Hjt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:29:49, on 18.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\IObit\Advanced Win\MemCleaner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced Win\MemCleaner.exe /m
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 4873 bytes

combofix:

ComboFix 08-06-16.5 - KingBass 2008-06-18 0:07:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1035.18.246 [GMT 3:00]
Running from: C:\Documents and Settings\KingBass\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\msvrc20.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-17 to 2008-06-17 )))))))))))))))))
.

2008-06-17 21:40 . 2008-06-17 21:40 <KANSIO> d-------- C:\Program Files\MSN Messenger
2008-06-17 20:20 . 2008-06-17 20:29 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2008-06-17 02:03 . 2008-06-17 13:03 <KANSIO> d-------- C:\RVAXO
2008-06-17 01:59 . 2008-05-29 21:30 828,824 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-06-17 01:59 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2008-06-16 16:44 . 2008-06-16 16:44 <KANSIO> d-------- C:\Documents and Settings\KingBass\Application Data\IObit
2008-06-16 12:57 . 2008-06-16 12:57 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-16 12:55 . 2008-06-16 12:56 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-06-16 02:44 . 2008-06-16 02:44 <KANSIO> d-------- C:\Documents and Settings\KingBass\DoctorWeb
2008-06-16 00:57 . 2008-06-16 02:04 <KANSIO> d-------- C:\Program Files\Windows Live Safety Center
2008-06-16 00:41 . 2008-05-01 16:35 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-06-16 00:40 . 2008-06-16 00:40 <KANSIO> d-------- C:\Intel
2008-06-14 18:32 . 2008-06-14 18:32 42 --a------ C:\WINDOWS\system32\.dat
2008-06-14 18:32 . 2008-06-14 18:32 25 --a------ C:\WINDOWS\system32\.ini
2008-06-14 18:30 . 1997-01-16 00:00 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2008-06-14 17:56 . 2008-06-14 18:26 <KANSIO> d-------- C:\Program Files\Winamp
2008-06-14 17:56 . 2008-06-16 15:22 <KANSIO> d-------- C:\Documents and Settings\KingBass\Application Data\Winamp
2008-06-14 16:43 . 2008-06-14 16:43 <KANSIO> d-------- C:\Program Files\Malwarebytes
2008-06-14 16:43 . 2008-06-14 16:43 <KANSIO> d-------- C:\Documents and Settings\KingBass\Application Data\Malwarebytes
2008-06-14 16:43 . 2008-06-14 16:43 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-14 16:43 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-14 16:43 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-13 22:16 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-13 22:15 . 2008-06-13 22:16 <KANSIO> d-------- C:\Program Files\Java
2008-06-13 22:14 . 2008-06-13 22:14 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-06-13 07:21 . 2008-06-13 07:21 <KANSIO> d-------- C:\WINDOWS\Sun
2008-06-13 00:16 . 2008-06-18 00:04 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 00:16 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-13 00:16 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-13 00:16 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-13 00:16 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-13 00:15 . 2008-06-17 22:39 <KANSIO> d-------- C:\Program Files\Spyware Doctor
2008-06-13 00:15 . 2008-06-13 00:15 <KANSIO> d-------- C:\Documents and Settings\KingBass\Application Data\PC Tools
2008-06-12 17:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-12 17:48 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-12 17:48 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-12 03:00 . 2008-06-17 13:21 <KANSIO> d-------- C:\Program Files\PokerStars
2008-06-12 01:32 . 2008-06-12 01:32 <KANSIO> d-------- C:\Program Files\ToniArts
2008-06-12 01:22 . 2008-06-12 01:22 <KANSIO> d-------- C:\Program Files\ASIO4ALL v2
2008-06-12 01:21 . 2008-06-12 01:26 <KANSIO> d-------- C:\Program Files\VstPlugins
2008-06-12 01:21 . 2002-07-08 01:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-06-12 01:21 . 2006-06-20 11:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-06-12 01:20 . 2008-06-12 01:20 <KANSIO> d-------- C:\Program Files\Outsim
2008-06-12 01:17 . 2008-06-12 01:26 <KANSIO> d-------- C:\Program Files\Image-Line
2008-06-12 01:10 . 2008-06-16 23:30 <KANSIO> d-------- C:\Documents and Settings\KingBass\Contacts
2008-06-12 01:09 . 2008-06-17 21:40 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-12 01:04 . 2008-06-17 20:20 <KANSIO> d-------- C:\Program Files\Windows Live
2008-06-12 01:04 . 2008-06-12 01:07 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-12 01:04 . 2008-06-12 01:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-12 01:02 . 2008-06-12 01:02 <KANSIO> d-------- C:\Program Files\uTorrent
2008-06-12 01:02 . 2008-06-17 20:26 <KANSIO> d-------- C:\Documents and Settings\KingBass\Application Data\uTorrent
2008-06-12 01:00 . 2008-06-12 01:00 <KANSIO> d-------- C:\Program Files\CodecComPack
2008-06-12 00:51 . 2008-06-12 00:51 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2008-06-12 00:49 . 2008-06-12 00:49 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-06-12 00:49 . 2008-06-12 00:50 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-12 00:37 . 2008-06-12 00:37 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-12 00:37 . 2008-06-12 00:37 <KANSIO> d-------- C:\Program Files\CCleaner
2008-06-12 00:21 . 2008-06-12 00:21 <KANSIO> d-------- C:\Program Files\IObit
2008-06-12 00:03 . 2008-04-23 07:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-12 00:03 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-12 00:03 . 2007-03-08 08:10 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-12 00:03 . 2008-04-23 07:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-12 00:03 . 2008-04-23 07:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-12 00:03 . 2008-04-23 07:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-12 00:03 . 2008-04-23 07:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-12 00:03 . 2008-04-23 07:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-12 00:03 . 2008-04-22 10:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-11 23:33 . 2008-06-11 23:37 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
2008-06-11 23:33 . 2008-04-14 09:12 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe
2008-06-11 23:14 . 2008-06-11 23:14 <KANSIO> d-------- C:\Program Files\DAEMON Tools
2008-06-11 23:11 . 2008-06-11 23:11 <KANSIO> d-------- C:\Documents and Settings\KingBass\Application Data\DAEMON Tools
2008-06-11 23:11 . 2008-06-11 23:11 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-11 23:08 . 2006-03-23 20:12 139,264 --a------ C:\WINDOWS\system32\igfxres.dll
2008-06-11 23:06 . 2001-08-18 00:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-06-11 23:05 . 2008-06-11 23:05 <KANSIO> d-------- C:\Program Files\Intel
2008-06-11 23:04 . 2008-04-14 09:11 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-06-11 23:02 . 2008-06-17 23:16 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot2
2008-06-11 23:02 . 2008-06-11 23:02 <KANSIO> d-------- C:\Program Files\Dell
2008-06-11 23:02 . 2008-06-11 23:02 <KANSIO> d--h----- C:\Documents and Settings\Default User\Verkkoympäristö
2008-06-11 23:02 . 2008-06-11 23:02 <KANSIO> d-------- C:\Documents and Settings\Default User\Työpöytä
2008-06-11 23:02 . 2008-06-11 23:02 <KANSIO> d--h----- C:\Documents and Settings\Default User\Tulostinympäristö
2008-06-11 23:02 . 2008-06-11 23:02 <KANSIO> d-------- C:\Documents and Settings\Default User\Suosikit
2008-06-11 23:02 . 2008-06-11 20:12 <KANSIO> d--h----- C:\Documents and Settings\Default User\Mallit
2008-06-11 23:02 . 2008-06-11 23:02 <KANSIO> dr------- C:\Documents and Settings\Default User\Käynnistä-valikko
2008-06-11 23:02 . 2008-06-12 01:25 <KANSIO> d-------- C:\Documents and Settings\All Users\Työpöytä
2008-06-11 23:02 . 2008-06-11 20:13 <KANSIO> dr------- C:\Documents and Settings\All Users\Tiedostot
2008-06-11 23:02 . 2008-06-11 23:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Suosikit
2008-06-11 23:02 . 2008-06-11 23:02 <KANSIO> d--h----- C:\Documents and Settings\All Users\Mallit
2008-06-11 23:02 . 2008-06-11 23:39 <KANSIO> dr------- C:\Documents and Settings\All Users\Käynnistä-valikko
2008-06-11 23:01 . 2008-06-11 20:19 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-06-11 21:26 . 2008-06-11 21:26 <KANSIO> d--hs---- C:\Documents and Settings\KingBass\UserData
2008-06-11 21:17 . 2008-05-08 17:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 21:04 . 2008-06-17 20:21 <KANSIO> d-------- C:\Program Files\PowerArchiver
2008-06-11 21:04 . 2008-06-11 21:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ConeXware
2008-06-11 21:01 . 2008-04-14 18:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 22:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-11 22:26 --------- d-----w C:\Program Files\VstPlugins
2008-06-11 19:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-11 19:57 --------- d-----w C:\Program Files\Analog Devices
2008-06-11 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo
2008-06-11 17:36 87,056 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
2008-06-11 17:36 24,208 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-06-11 17:36 143,104 ----a-w C:\WINDOWS\system32\guard32.dll
2008-06-11 17:36 --------- d-----w C:\Program Files\COMODO
2008-06-11 17:36 --------- d-----w C:\Documents and Settings\KingBass\Application Data\Comodo
2008-06-11 17:31 --------- d-----w C:\Program Files\Broadcom
2008-06-11 17:23 --------- d-----w C:\Program Files\Alwil Software
2008-06-11 17:17 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,704 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 06:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 06:15 331,264 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 06:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 06:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 06:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 06:11 997,888 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 06:10 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 06:09 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 06:09 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 06:09 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 06:09 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-14 06:09 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 05:49 2,147,840 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 05:49 2,026,496 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 05:48 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 05:46 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 05:45 80,384 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 05:44 48,640 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 05:43 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 05:41 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 05:41 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 05:40 65,536 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 08:45 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 08:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 08:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 08:40 440,832 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 08:36 2,921,984 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 08:35 186,368 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 08:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 08:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 07:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 07:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 07:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 07:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 07:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 06:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 06:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 06:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 05:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 09:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-11 20:36 1655552]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 20:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 20:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 20:17 118784]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"SmartRAM"="C:\Program Files\IObit\Advanced Win\MemCleaner.exe" [2007-10-29 16:43 662016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 09:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\CODECC~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-06-11 20:36]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-06-11 20:36]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-16 13:30:01 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job"
- C:\Program Files\IObit\Advanced Win\AutoCare.exe
"2008-06-16 17:00:28 C:\WINDOWS\Tasks\AwcProUpdate.job"
- C:\Program Files\IObit\Advanced Win\AutoUpdate.ex
- C:\Program Files\IObit\Advanced Win\
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 00:11:47
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-06-18 0:13:38
ComboFix-quarantined-files.txt 2008-06-17 21:13:31

Pre-Run: 8,089,915,392 tavua vapaana
Post-Run: 8,083,685,376 tavua vapaana

237 --- E O F --- 2008-06-12 15:28:52

Log in or Sign up

Logia tarkastukseen

BeatMasta Guest

Share This Page

Log in or Sign up

Logia tarkastukseen

BeatMasta Guest

Share This Page

Useful Searches