Mese virus. mukana HJT ja Combofix

Tumppi007 · Jun 2, 2008

Sain ton meseviruksen ja se ei kai ole vieläkään lähtenyt kokonaan olen ajanut f-securen,ad-awaren ja malwarebytesii 2päivää koko ajan eikä lähe...

tossa on Combofix loki ja sen jälkeen otettu hjt

ComboFix 08-06-01.6 - Antti 2008-06-02 9:09:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.2842 [GMT 3:00]
Running from: C:\Documents and Settings\Antti\Työpöytä\Imutukset\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\BMabe67e85.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cedcxosu.dll
C:\WINDOWS\system32\degjQBeg.ini
C:\WINDOWS\system32\degjQBeg.ini2
C:\WINDOWS\system32\etaroapb.ini
C:\WINDOWS\system32\gMTwDJlm.ini
C:\WINDOWS\system32\gnhfofek.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\winsys.exe

----- BITS: Possible infected sites -----

hxxp://sync.avustaja.sonera.fi
.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-02 to 2008-06-02 )))))))))))))))))
.

2008-06-01 22:57 . 2008-06-01 22:57 <KANSIO> d-------- C:\Program Files\FDRLab
2008-06-01 22:57 . 2008-06-01 22:57 <KANSIO> d-------- C:\Documents and Settings\Antti\Application Data\FDRLab
2008-06-01 12:42 . 2008-06-01 12:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-01 12:42 . 2008-06-01 12:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-30 17:05 . 2008-05-30 17:05 <KANSIO> d-------- C:\Documents and Settings\LocalService\Ty”p”yt„
2008-05-30 14:10 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp1A0.tmp
2008-05-30 14:10 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp19F.tmp
2008-05-30 13:50 . 2008-05-30 13:52 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-30 11:21 . 2008-05-30 11:21 86,498 --a------ C:\setup.0xe
2008-05-29 23:30 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-29 23:30 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-29 23:08 . 2008-05-29 23:08 86,340 --a------ C:\profile.0om
2008-05-29 20:18 . 2008-05-29 20:18 86,340 --a------ C:\img.0om
2008-05-29 15:25 . 2008-05-29 23:08 86,340 --a------ C:\WINDOWS\winudspm.0xe
2008-05-24 08:07 . 2008-05-24 08:11 <KANSIO> d-------- C:\WINDOWS\NV260264.TMP
2008-05-24 08:07 . 2007-11-06 12:30 158,263 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-24 08:05 . 2008-05-24 08:13 163,177 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-24 08:03 . 2008-05-24 08:11 <KANSIO> d-------- C:\WINDOWS\nview
2008-05-24 08:03 . 2006-10-14 09:07 1,777,664 -ra------ C:\WINDOWS\system32\msicpl.dll
2008-05-24 08:03 . 2007-11-13 09:34 266,240 -ra------ C:\WINDOWS\system32\HookShield.dll
2008-05-24 08:03 . 2007-11-13 09:34 262,144 -ra------ C:\WINDOWS\system32\HookMAp.dll
2008-05-24 08:03 . 2007-10-30 11:37 208,896 -ra------ C:\WINDOWS\system32\WinSys2.exe
2008-05-24 08:03 . 2006-12-15 05:58 208,896 -ra------ C:\WINDOWS\system32\sw20.exe
2008-05-24 08:03 . 2006-07-13 00:00 131,072 -ra------ C:\WINDOWS\system32\smdll.dll
2008-05-24 08:03 . 2007-05-28 18:13 130,048 -ra------ C:\WINDOWS\system32\MadCHook.dll
2008-05-24 08:03 . 2006-12-15 05:58 69,632 -ra------ C:\WINDOWS\system32\sw24.exe
2008-05-24 08:03 . 2006-08-14 06:31 32,768 -ra------ C:\WINDOWS\system32\Auxiliary.dll
2008-05-23 16:39 . 2008-06-01 19:50 <KANSIO> d-------- C:\Program Files\Last.fm
2008-05-23 16:39 . 2008-05-23 16:39 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-05-19 18:16 . 2008-05-19 19:11 <KANSIO> d-------- C:\Program Files\UBISOFT
2008-05-19 18:07 . 2008-05-19 18:07 <KANSIO> d-------- C:\WINDOWS\nvidia icons
2008-05-19 18:07 . 2008-05-19 18:08 <KANSIO> d-------- C:\Program Files\AGEIA Technologies
2008-05-19 18:06 . 2008-05-19 18:33 <KANSIO> d-------- C:\WINDOWS\NV36602564.TMP
2008-05-19 18:05 . 2008-05-19 18:05 <KANSIO> d-------- C:\NVIDIA
2008-05-19 17:58 . 2008-05-19 17:58 <KANSIO> d-------- C:\Program Files\SystemRequirementsLab
2008-05-19 17:58 . 2008-05-19 17:58 <KANSIO> d-------- C:\Documents and Settings\Antti\Application Data\SystemRequirementsLab
2008-05-19 16:10 . 2008-05-19 16:10 <KANSIO> d-------- C:\WINDOWS\system32\AGEIA
2008-05-19 16:10 . 2008-05-19 18:08 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-18 20:54 . 2008-05-28 14:52 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Chat Republic Games
2008-05-18 14:40 . 2008-05-18 14:40 <KANSIO> d-------- C:\Documents and Settings\Antti\Application Data\OLYMPUS
2008-05-18 14:39 . 2008-05-18 14:39 <KANSIO> d-------- C:\WINDOWS\system32\QuickTime
2008-05-18 14:39 . 2008-05-18 14:39 <KANSIO> d-------- C:\Program Files\OLYMPUS
2008-05-18 14:39 . 2004-06-08 17:41 319,488 --------- C:\WINDOWS\system32\Pvmjpg21.dll
2008-05-18 14:39 . 2005-04-30 17:02 86,016 --a------ C:\WINDOWS\system32\bgsvcgen.exe
2008-05-18 14:39 . 2005-04-30 17:09 57,344 --a------ C:\WINDOWS\system32\GenSvcInst.exe
2008-05-18 14:39 . 2005-05-11 00:33 32,256 --a------ C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2008-05-18 14:38 . 2008-05-18 14:38 <KANSIO> d-------- C:\Program Files\PIXELA
2008-05-17 14:17 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-05-17 14:17 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-05-16 14:12 . 2008-05-16 14:12 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-16 14:07 . 2008-05-30 14:13 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
2008-05-16 13:47 . 2008-05-16 13:47 <KANSIO> d-------- C:\Program Files\OpenAL
2008-05-16 13:47 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-05-16 13:47 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-05-16 13:47 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmp14F.tmp
2008-05-16 13:47 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmp14E.tmp
2008-05-16 13:47 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-05-16 13:47 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-05-16 13:47 . 2008-05-30 14:10 444,952 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-05-16 13:47 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-05-16 13:47 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-05-16 13:44 . 2008-05-30 13:54 <KANSIO> d-------- C:\Program Files\Codemasters
2008-05-16 07:04 . 2008-05-16 07:04 <KANSIO> d-------- C:\Program Files\eRightSoft
2008-05-14 17:40 . 2008-05-14 17:40 2,337,865 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-05-13 16:10 . 2008-05-13 16:10 360,064 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-05-12 21:21 . 2008-05-28 20:39 <KANSIO> d-------- C:\Program Files\Common Files\Nero
2008-05-12 20:55 . 2008-05-12 20:55 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2008-05-11 22:36 . 2008-05-11 22:36 268 --ah----- C:\sqmdata00.sqm
2008-05-11 22:36 . 2008-05-11 22:36 244 --ah----- C:\sqmnoopt00.sqm
2008-05-06 16:54 . 2008-05-06 16:54 390,432 --a------ C:\WINDOWS\system32\PhysX.cpl
2008-05-05 19:26 . 2008-05-05 19:26 <KANSIO> d-------- C:\Program Files\Google
2008-05-03 05:46 . 2008-05-03 05:46 1,241,088 --a------ C:\WINDOWS\system32\nvcuda.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 05:49 --------- d-----w C:\Documents and Settings\Antti\Application Data\uTorrent
2008-05-30 11:12 --------- d-----w C:\Program Files\PowerArchiver
2008-05-30 11:10 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-05-30 10:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 20:30 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 18:00 --------- d-----w C:\Program Files\DC++
2008-05-28 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-27 19:24 --------- d-----w C:\Program Files\mIRC
2008-05-14 14:40 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-14 14:40 22,328 ----a-w C:\Documents and Settings\Antti\Application Data\PnkBstrK.sys
2008-05-14 14:40 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-13 19:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 13:10 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-05-03 02:46 442,368 ----a-w C:\WINDOWS\system32\nvudisp.exe
2008-04-30 14:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-30 10:55 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
2008-04-29 12:25 --------- d-----w C:\Documents and Settings\Antti\Application Data\Ubisoft
2008-04-29 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-28 18:44 --------- d-----w C:\Program Files\BitComet
2008-04-28 17:37 --------- d-----w C:\Program Files\B2BPOKER
2008-04-28 15:41 --------- d-----w C:\Program Files\uTorrent
2008-04-26 10:12 --------- d-----w C:\Documents and Settings\Antti\Application Data\EPSON
2008-04-25 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-24 16:25 --------- d-----w C:\Documents and Settings\Antti\Application Data\Malwarebytes
2008-04-24 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-24 09:00 --------- d-----w C:\Program Files\Trend Micro
2008-04-23 19:23 --------- d-----w C:\Documents and Settings\Antti\Application Data\vlc
2008-04-23 19:09 --------- d-----w C:\Program Files\VideoLAN
2008-04-23 10:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-23 09:58 --------- d-----w C:\Program Files\epson
2008-04-23 09:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL
2008-04-23 09:57 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-04-23 09:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
2008-04-18 13:04 --------- d-----w C:\Program Files\Microsoft Works
2008-04-18 13:04 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-18 13:04 --------- d-----w C:\Program Files\Common Files\L&H
2008-04-18 13:03 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-18 12:10 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-17 19:06 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-17 16:24 --------- d-----w C:\Documents and Settings\Antti\Application Data\Nero
2008-04-17 16:15 --------- d-----w C:\Program Files\Nero
2008-04-17 07:40 --------- d-----w C:\Documents and Settings\Antti\Application Data\F-Secure
2008-04-17 07:08 --------- d-----w C:\Program Files\Apple Software Update
2008-04-17 07:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-17 04:13 --------- d-----w C:\Program Files\Java
2008-04-17 04:12 --------- d-----w C:\Program Files\Common Files\Java
2008-04-17 03:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-16 19:26 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-16 11:37 --------- d-----w C:\Program Files\Disc2Phone
2008-04-16 10:28 --------- d-----w C:\Program Files\MpcStar
2008-04-16 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-15 18:51 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-13 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania United
2008-04-13 17:15 --------- d-----w C:\Documents and Settings\Antti\Application Data\Lavasoft
2008-04-13 17:13 --------- d-----w C:\Program Files\F-Secure Internet Security
2008-04-13 17:10 51,040 ----a-w C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-13 17:10 30,016 ----a-w C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-13 16:39 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-13 16:39 --------- d-----w C:\Program Files\Windows Live
2008-04-13 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-13 13:55 --------- d-----w C:\Program Files\Winamp
2008-04-13 10:39 --------- d-----w C:\Program Files\Sonera
2008-04-13 10:39 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-04-12 08:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-12 08:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg
2008-04-12 05:48 --------- d-----w C:\Program Files\AdVantage
2008-04-12 05:47 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-04-12 05:46 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-04-12 05:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-12 05:44 --------- d-----w C:\Documents and Settings\Antti\Application Data\DAEMON Tools
2008-04-12 05:31 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-12 02:23 --------- d-----w C:\Documents and Settings\Antti\Application Data\Creative
2008-04-11 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\ConeXware
2008-04-11 22:10 --------- d-----w C:\Program Files\Lavalys
2008-04-11 19:08 --------- d-----w C:\Program Files\Webteh
2008-04-11 18:53 --------- d-----w C:\Program Files\Razer
2008-04-11 18:53 --------- d-----w C:\Program Files\DIFX
2008-04-11 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Razer
2008-04-11 18:49 --------- d-----w C:\Documents and Settings\Antti\Application Data\InstallShield
2008-04-11 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-04-11 18:06 --------- d-----w C:\Program Files\Creative
2008-04-11 18:04 --------- d--h--w C:\Program Files\Creative Installation Information
2008-04-11 18:04 --------- d-----w C:\Program Files\Common Files\Creative
2008-04-11 17:49 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-12 11:45 48 ----a-w C:\Documents and Settings\Antti\readme.bat
.

------- Sigcheck -------

2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-03-02 15:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-05-13 16:10 360064 3f89432724dc5d72689e16f3354bccfc C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-05-13 16:10 360064 3f89432724dc5d72689e16f3354bccfc C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-04-24_12.13.25.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-30 11:10:02 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-05-30 11:10:03 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-05-30 11:10:03 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-05-30 11:09:55 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-30 11:09:56 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-30 11:09:58 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-30 11:09:58 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-30 11:09:58 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-30 11:09:59 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-30 11:10:00 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-30 11:10:00 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-30 11:10:01 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-30 11:10:04 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-30 11:10:04 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-05-30 11:10:04 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-05-30 11:10:04 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-05-30 11:10:04 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-05-30 11:10:02 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2008-04-24 09:10:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-02 07:59:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-24 01:04:41 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-05-30 10:28:08 4,263,936 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-05-30 10:28:08 241,664 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-24 01:04:41 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-24 15:58:30 3,145,728 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-04-24 15:58:30 221,184 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2000-08-31 05:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 05:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
- 2008-05-20 19:19:25 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-05-14 14:12:08 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-05-20 19:19:25 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-05-14 14:12:08 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-05-20 19:19:25 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-05-14 14:12:08 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-05-20 19:19:24 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-05-14 14:12:08 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-05-20 19:19:25 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-05-14 14:12:08 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-05-20 19:19:25 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-05-14 14:12:08 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-05-20 19:19:25 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-05-14 14:12:09 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-05-20 19:19:25 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-05-14 14:12:09 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-05-20 19:19:25 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-05-14 14:12:08 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-05-20 19:19:25 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-05-14 14:12:08 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-05-20 19:19:25 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-05-14 14:12:09 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-05-20 19:19:24 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-05-14 14:12:07 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-05-20 19:19:24 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-05-14 14:12:07 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-05-13 20:00:03 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
+ 2005-03-18 13:23:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 13:23:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 13:23:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2004-09-29 09:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 13:23:10 145,920 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 13:23:10 159,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 13:23:14 364,544 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 13:23:12 178,176 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 13:23:14 223,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2004-12-01 12:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-05 16:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 14:23:14 567,296 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 12:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-22 14:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 11:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-05 14:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 04:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 08:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2007-04-14 12:57:04 53,248 ----a-w C:\WINDOWS\system32\AgCPanelFrench.dll
+ 2007-04-14 12:57:04 53,248 ----a-w C:\WINDOWS\system32\AgCPanelGerman.dll
+ 2007-04-14 12:57:04 53,248 ----a-w C:\WINDOWS\system32\AgCPanelJapanese.dll
+ 2007-04-14 12:57:04 53,248 ----a-w C:\WINDOWS\system32\AgCPanelKorean.dll
+ 2007-04-14 12:57:04 53,248 ----a-w C:\WINDOWS\system32\AgCPanelPortugese.dll
+ 2007-04-14 12:57:04 53,248 ----a-w C:\WINDOWS\system32\AgCPanelSimplifiedChinese.dll
+ 2007-04-14 12:57:06 53,248 ----a-w C:\WINDOWS\system32\AgCPanelSpanish.dll
+ 2007-04-14 12:57:06 53,248 ----a-w C:\WINDOWS\system32\AgCPanelSwedish.dll
+ 2007-04-14 12:57:06 53,248 ----a-w C:\WINDOWS\system32\AgCPanelTraditionalChinese.dll
+ 2008-04-28 08:11:16 199,885 ----a-w C:\WINDOWS\system32\AGEIA\AG1011\app.bin
+ 2008-04-28 08:11:16 119,473 ----a-w C:\WINDOWS\system32\AGEIA\AG1011\diag.bin
+ 2008-04-28 08:11:16 214,629 ----a-w C:\WINDOWS\system32\AGEIA\AG1021\app.bin
+ 2008-04-28 08:11:16 116,977 ----a-w C:\WINDOWS\system32\AGEIA\AG1021\diag.bin
+ 2008-05-03 11:20:08 274,432 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-07-19 15:14:42 1,358,192 ----a-w C:\WINDOWS\system32\D3DCompiler_35.dll
+ 2007-10-12 12:14:00 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
+ 2007-07-19 15:14:42 444,776 ----a-w C:\WINDOWS\system32\d3dx10_35.dll
+ 2007-10-02 06:56:34 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
+ 2007-07-19 15:14:42 3,727,720 ----a-w C:\WINDOWS\system32\d3dx9_35.dll
+ 2007-10-12 12:14:00 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
- 2006-03-02 12:00:00 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2006-03-02 12:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-02-26 12:00:47 294,912 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
- 2006-03-02 12:00:00 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2006-03-02 12:00:00 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2006-03-02 12:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2006-03-02 12:00:00 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2006-03-02 12:00:00 159,775 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-25 04:51:05 166,688 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2006-03-02 12:00:00 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2006-03-02 12:00:00 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2006-03-02 12:00:00 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2006-03-02 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2006-03-02 12:00:00 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2006-03-02 12:00:00 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2006-03-02 12:00:00 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2006-03-02 12:00:00 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2006-03-02 12:00:00 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2006-03-02 12:00:00 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:51:06 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2006-03-02 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-04-28 08:11:28 120,960 -c--a-w C:\WINDOWS\system32\DRVSTORE\PhysX32_126D1C23E2B6AB265C2ADA744A3E64441F8F8A78\physX32.sys
+ 2007-04-14 11:10:40 113,536 -c--a-w C:\WINDOWS\system32\DRVSTORE\PhysX32_AF7F37E9A9915C11C74CCDC4D0974682050F02B7\physX32.sys
- 2006-03-17 09:45:52 1,757,184 ----a-w C:\WINDOWS\system32\imagX7.dll
+ 2006-03-17 08:45:52 1,757,184 ----a-w C:\WINDOWS\system32\imagX7.dll
- 2006-03-17 09:45:54 497,296 ----a-w C:\WINDOWS\system32\imagXpr7.dll
+ 2006-03-17 08:45:54 497,296 ----a-w C:\WINDOWS\system32\imagXpr7.dll
- 2006-03-17 09:45:54 258,048 ----a-w C:\WINDOWS\system32\imagXR7.dll
+ 2006-03-17 08:45:54 258,048 ----a-w C:\WINDOWS\system32\imagXR7.dll
- 2006-03-17 09:45:54 802,816 ----a-w C:\WINDOWS\system32\imagXRA7.dll
+ 2006-03-17 08:45:54 802,816 ----a-w C:\WINDOWS\system32\imagXRA7.dll
+ 2006-12-19 06:30:26 81,920 ----a-w C:\WINDOWS\system32\IoctlSvc.exe
+ 2005-05-24 09:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 12:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 12:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-04-05 19:56:22 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
- 2006-03-02 12:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 12:00:47 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2006-03-02 12:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2006-03-02 12:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2006-03-02 12:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2006-03-02 12:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2006-03-02 12:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2006-03-02 12:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2006-03-02 12:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2006-03-02 12:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2006-03-02 12:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2006-03-02 12:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2006-03-02 12:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2006-03-02 12:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2006-03-02 12:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2006-03-02 12:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2002-10-04 23:04:17 45,056 ----a-w C:\WINDOWS\system32\ogg.dll
+ 2002-10-06 18:42:57 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll
- 2008-04-16 11:36:25 55,748 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-30 10:51:11 55,748 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-16 11:36:25 67,796 ----a-w C:\WINDOWS\system32\perfc00B.dat
+ 2008-05-30 10:51:11 67,796 ----a-w C:\WINDOWS\system32\perfc00B.dat
- 2008-04-16 11:36:25 387,040 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-30 10:51:11 387,040 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-04-16 11:36:25 361,176 ----a-w C:\WINDOWS\system32\perfh00B.dat
+ 2008-05-30 10:51:11 361,176 ----a-w C:\WINDOWS\system32\perfh00B.dat
+ 2003-11-07 08:03:34 204,800 ----a-w C:\WINDOWS\system32\PixologyIRISS011.dll
+ 2006-08-14 03:31:06 32,768 ----a-r C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\Auxiliary.dll
+ 2005-07-22 16:59:04 2,319,568 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\d3dx9_27.dll
+ 2005-12-05 15:09:18 2,323,664 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\d3dx9_28.dll
+ 2007-11-13 06:34:40 262,144 ----a-r C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\HookMAp.dll
+ 2007-11-13 06:34:54 266,240 ----a-r C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\HookShield.dll
+ 2007-05-28 15:13:36 130,048 ----a-r C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\MadCHook.dll
+ 2006-10-14 06:07:32 1,777,664 ----a-r C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\msicpl.dll
+ 2003-02-21 12:42:22 348,160 ----a-r C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\msvcr71.dll
+ 2007-11-06 09:30:00 5,770,880 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nv4_disp.dll
+ 2007-11-06 09:30:00 7,429,088 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nv4_mini.sys
+ 2007-11-06 09:30:00 385,024 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvapi.dll
+ 2007-11-06 09:30:00 35,328 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvcod.dll
+ 2007-11-06 09:30:00 8,523,776 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvcpl.dll
+ 2007-11-06 09:30:00 6,541,312 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvdisps.dll
+ 2007-11-06 09:30:00 5,611,520 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvdispsr.dll
+ 2007-11-06 09:30:00 3,407,872 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvgames.dll
+ 2007-11-06 09:30:00 3,330,048 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvgamesr.dll
+ 2007-11-06 09:30:00 229,376 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvmccs.dll
+ 2007-11-06 09:30:00 188,416 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvmccss.dll
+ 2007-11-06 09:30:00 458,752 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvmccssr.dll
+ 2007-11-06 09:30:00 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvmctray.dll
+ 2007-11-06 09:30:00 1,212,416 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvmobls.dll
+ 2007-11-06 09:30:00 2,854,912 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvmoblsr.dll
+ 2007-11-06 09:30:00 286,720 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvnt4cpl.dll
+ 2007-11-06 09:30:00 6,901,760 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvoglnt.dll
+ 2007-11-06 09:30:00 155,716 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvsvc32.exe
+ 2007-11-06 09:30:00 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvwddi.dll
+ 2007-11-06 09:30:00 3,698,688 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvvitvs.dll
+ 2007-11-06 09:30:00 3,715,072 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvvitvsr.dll
+ 2007-11-06 09:30:00 2,486,272 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvwss.dll
+ 2007-11-06 09:30:00 2,519,040 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvwssr.dll
+ 2006-07-12 21:00:04 131,072 ----a-r C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\smdll.dll
+ 2006-12-15 02:58:28 208,896 ----a-r C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\sw20.exe
+ 2006-12-15 02:58:48 69,632 ----a-r C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\sw24.exe
+ 2007-10-30 08:37:15 208,896 ----a-r C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\WinSys2.exe
+ 2006-08-14 03:31:06 32,768 ----a-r C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\Auxiliary.dll
+ 2005-07-22 11:59:00 2,319,568 ----a-r C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\d3dx9_27.dll
+ 2005-12-05 10:09:18 2,323,664 ----a-r C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\d3dx9_28.dll
+ 2007-11-13 06:34:40 262,144 ----a-r C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\HookMAp.dll
+ 2007-11-13 06:34:54 266,240 ----a-r C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\HookShield.dll
+ 2007-05-28 15:13:36 130,048 ----a-r C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\MadCHook.dll
+ 2006-10-14 06:07:32 1,777,664 ----a-r C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\msicpl.dll
+ 2003-02-21 12:42:22 348,160 ----a-r C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\msvcr71.dll
+ 2007-11-06 09:30:00 5,770,880 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nv4_disp.dll
+ 2007-11-06 09:30:00 7,429,088 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nv4_mini.sys
+ 2007-11-06 09:30:00 385,024 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvapi.dll
+ 2007-11-06 09:30:00 35,328 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvcod.dll
+ 2007-11-06 09:30:00 8,523,776 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvcpl.dll
+ 2007-11-06 09:30:00 6,541,312 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvdisps.dll
+ 2007-11-06 09:30:00 5,611,520 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvdispsr.dll
+ 2007-11-06 09:30:00 3,407,872 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvgames.dll
+ 2007-11-06 09:30:00 3,330,048 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvgamesr.dll
+ 2007-11-06 09:30:00 229,376 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvmccs.dll
+ 2007-11-06 09:30:00 188,416 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvmccss.dll
+ 2007-11-06 09:30:00 458,752 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvmccssr.dll
+ 2007-11-06 09:30:00 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvmctray.dll
+ 2007-11-06 09:30:00 1,212,416 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvmobls.dll
+ 2007-11-06 09:30:00 2,854,912 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvmoblsr.dll
+ 2007-11-06 09:30:00 286,720 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvnt4cpl.dll
+ 2007-11-06 09:30:00 6,901,760 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvoglnt.dll
+ 2007-11-06 09:30:00 155,716 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvsvc32.exe
+ 2007-11-06 09:30:00 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvwddi.dll
+ 2007-11-06 09:30:00 3,698,688 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvvitvs.dll
+ 2007-11-06 09:30:00 3,715,072 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvvitvsr.dll
+ 2007-11-06 09:30:00 2,486,272 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvwss.dll
+ 2007-11-06 09:30:00 2,519,040 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvwssr.dll
+ 2006-07-12 21:00:04 131,072 ----a-r C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\smdll.dll
+ 2006-12-15 02:58:28 208,896 ----a-r C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\sw20.exe
+ 2006-12-15 02:58:48 69,632 ----a-r C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\sw24.exe
+ 2006-12-15 02:57:08 200,704 ----a-r C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\WinSys.exe
+ 2007-10-30 08:37:15 208,896 ----a-r C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\WinSys2.exe
+ 2008-05-05 18:19:01 940,228 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
- 2006-03-17 12:49:46 368,640 ----a-w C:\WINDOWS\system32\TwnLib4.dll
+ 2006-03-17 11:49:46 368,640 ----a-w C:\WINDOWS\system32\TwnLib4.dll
+ 2002-10-04 23:04:24 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll
+ 2002-10-04 23:04:25 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll
- 2007-05-31 16:29:42 18,280 ----a-w C:\WINDOWS\system32\x3daudio1_2.dll
+ 2007-10-22 00:37:16 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
+ 2007-10-22 00:39:54 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
- 2007-05-31 16:30:22 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll
+ 2007-06-20 17:46:04 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll
+ 2007-07-19 21:57:12 267,112 ----a-w C:\WINDOWS\system32\xactengine2_9.dll
- 2007-03-20 18:22:04 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
+ 2007-03-20 17:22:04 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
- 2007-09-20 06:55:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
+ 2008-02-28 14:38:48 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
- 2007-02-28 13:41:02 972,336 ----a-w C:\WINDOWS\UNNeroShowTime.exe
+ 2007-02-28 12:41:02 972,336 ----a-w C:\WINDOWS\UNNeroShowTime.exe
- 2007-03-21 18:02:12 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
+ 2007-03-21 17:02:12 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53EBD1DE-4ABC-483C-BEF0-47ABC034AE84}]
C:\WINDOWS\system32\geBQjged.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15:00 15360]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-11-17 12:42 53341]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [ ]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 19:51 486856]
"Steam"="c:\program files\steam\steam.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.exe" [2007-04-12 09:00 182272]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-04-28 18:36 219952]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51 57344]
"P17Helper"="P17.dll" [2005-05-03 14:38 64512 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Lachesis"="C:\Program Files\Razer\Lachesis\razerhid.exe" [2007-09-12 11:52 172032]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2007-05-28 12:19 183208]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-28 12:18 740208]
"Sonera"="C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" [2007-08-19 11:47 197880]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50 40960]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 12:30 8523776]
"nwiz"="nwiz.exe" [2007-11-06 12:30 1626112 C:\WINDOWS\system32\nwiz.exe]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2007-10-30 11:37 208896]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-06 12:30 81920]
"Windows UDP Control"="winudspm.exe" []
"Windows svchost"="service.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcBqoMD]
efcBqoMD.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Codemasters\\GRID Demo\\GRID.exe"=
"E:\\Codemasters\\GRID\\GRID.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13585:TCP"= 13585:TCP:BitComet 13585 TCP
"13585:UDP"= 13585:UDP:BitComet 13585 UDP
"13046:TCP"= 13046:TCP:BitComet 13046 TCP
"13046:UDP"= 13046:UDP:BitComet 13046 UDP
"16204:TCP"= 16204:TCP:BitComet 16204 TCP
"16204:UDP"= 16204:UDP:BitComet 16204 UDP
"16205:TCP"= 16205:TCP:BitComet 16205 TCP
"16205:UDP"= 16205:UDP:BitComet 16205 UDP

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-04-13 20:10]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2008-04-13 20:10]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-28 12:15]
R3 LachesisFltr;Lachesis Mouse Driver;C:\WINDOWS\system32\drivers\Lachesis.sys [2007-08-08 11:04]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-28 12:15]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-28 12:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d744e1c-07f3-11dd-b5d0-001478511194}]
\Shell\AutoRun\command - J:\WD_Windows_Tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c896831-21c0-11dd-b626-001478511194}]
\Shell\AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7568cf38-0853-11dd-b5d2-001478511194}]
\Shell\AutoRun\command - I:\autorun.exe

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-05-30 15:52:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 10:59:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-06-02 11:06:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-02 08:06:14

Pre-Run: 56,840,847,360 tavua vapaana
Post-Run: 57,012,961,280 tavua vapaana

608 --- E O F --- 2008-05-28 17:00:00

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:43, on 2.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {53EBD1DE-4ABC-483C-BEF0-47ABC034AE84} - C:\WINDOWS\system32\geBQjged.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S20A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O20 - Winlogon Notify: efcBqoMD - efcBqoMD.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 9516 bytes

Log in or Sign up

Mese virus. mukana HJT ja Combofix

Tumppi007 Member

Share This Page

Log in or Sign up

Mese virus. mukana HJT ja Combofix

Tumppi007 Member

Share This Page

Useful Searches