mesevirus, hjt-loki

Veljen koneeseen tuli perinteinen löysin kuvasi teksti plus linkki.

Tässä loki.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:46:09, on 29.5.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\P4P\P4P.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\mIRC\mirc.exe
C:\Windows\winudspm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 9993 bytes

 

Tein ohjeiden mukaan combofix scannauksen, tässä olis senkin loki

ComboFix 08-05-29.1 - Ville 2008-05-30 18:29:48.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.1373 [GMT 3:00]
Running from: C:\Users\Ville\Desktop\ComboFix.exe
Command switches used :: C:\Users\Ville\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\winudspm.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\p4p
C:\Program Files\p4p\Bookmark.ini
C:\Program Files\p4p\P4P.exe
C:\Program Files\p4p\RING.WAV
C:\setup.exe
C:\Windows\service.exe
C:\WINDOWS\winudspm.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-04-28 to 2008-05-30 )))))))))))))))))
.

2008-05-30 18:56 . 3,839 C:\Windows\System32\drivers\GETPADD.sys
2008-05-30 18:24 . 2008-05-30 18:27 <KANSIO> d-------- C:\327882R2FWJFW
2008-05-30 16:55 . 2008-05-30 18:05 86,498 --a------ C:\Windows\System32\setup.exe
2008-05-30 10:57 . 2008-05-30 18:05 60,132 --a------ C:\dci.exe
2008-05-29 23:45 . 2008-05-29 23:45 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-29 23:08 . 2008-05-29 23:08 86,340 --a------ C:\profile.com
2008-05-29 22:16 . 2008-05-29 22:56 60,132 --a------ C:\ddc.exe
2008-05-29 10:45 . 2008-03-08 05:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-29 10:45 . 2008-03-08 07:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-13 13:14 . 2008-05-13 13:14 <KANSIO> dr------- C:\Users\Ville\AppData\Roaming\Brother
2008-05-05 13:58 . 2008-05-05 13:58 262,144 --a------ C:\Windows\System32\wrap_oal.dll
2008-05-05 13:58 . 2008-05-05 13:58 86,016 --a------ C:\Windows\System32\OpenAL32.dll
2008-05-05 13:58 . 1999-11-02 10:01 6,173 --a------ C:\Windows\System32\drivers\Entech.vxd
2008-05-05 13:58 . 2004-06-22 15:44 5,632 --a------ C:\Windows\System32\drivers\Entech64.sys
2008-05-05 13:58 . 2001-11-19 19:05 3,972 --a------ C:\Windows\System32\drivers\PciBus.sys
2008-05-05 13:57 . 2008-05-05 13:57 <KANSIO> d-------- C:\Program Files\Futuremark
2008-04-21 19:11 . 2008-04-21 19:11 <KANSIO> d-------- C:\Users\Ville\AppData\Roaming\AdobeUM
2008-04-16 19:26 . 2008-04-16 19:26 419 --a------ C:\Windows\BRWMARK.INI
2008-04-16 19:26 . 2008-04-16 19:26 184 --a------ C:\Windows\System32\brsvc01a.bsi
2008-04-16 19:26 . 2008-04-16 19:26 30 --a------ C:\Windows\System32\brss01a.ini
2008-04-16 19:26 . 2008-04-16 19:26 27 --a------ C:\Windows\BRPP2KA.INI
2008-04-16 19:17 . 2008-04-16 19:17 50 --a------ C:\Windows\System32\bridf05a.dat
2008-04-16 19:15 . 2008-04-16 19:15 <KANSIO> d-------- C:\Program Files\Brother
2008-04-16 19:15 . 2006-12-15 13:47 53,760 --a------ C:\Windows\System32\brinsstr.dll
2008-04-16 19:13 . 2001-02-05 11:16 258,048 --a------ C:\Windows\System32\bsplmf01.dll
2008-04-16 19:13 . 2004-12-10 16:35 147,456 --------- C:\Windows\brunin03.dll
2008-04-16 19:13 . 2006-10-31 00:00 139,264 --a------ C:\Windows\System32\bsplmf01.exe
2008-04-16 19:13 . 2002-04-12 00:00 57,344 --a------ C:\Windows\System32\brsvc01a.exe
2008-04-16 19:13 . 2006-09-13 00:00 45,056 --a------ C:\Windows\System32\brss01a.exe
2008-04-16 19:13 . 2001-11-15 01:00 6,224 --------- C:\Windows\CVRPAGE.BMP
2008-04-16 19:12 . 2008-04-16 19:12 <KANSIO> d-------- C:\ProgramData\Brother
2008-04-16 19:11 . 2008-04-16 19:11 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-16 18:47 . 2008-04-16 18:47 <KANSIO> d-------- C:\PerfLogs
2008-04-16 17:21 . 2008-01-19 10:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-04-16 17:20 . 2008-01-19 09:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-04-16 17:19 . 2008-01-19 10:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-04-16 17:18 . 2008-01-19 10:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-04-16 17:18 . 2008-01-19 10:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-04-16 17:18 . 2008-01-19 10:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-04-16 17:18 . 2008-01-19 10:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-04-16 17:17 . 2008-01-19 10:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-04-16 17:17 . 2008-01-19 10:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-04-16 17:17 . 2008-01-19 10:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-04-16 17:17 . 2008-01-19 10:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-16 15:20 . 2008-04-16 15:20 268 --ah----- C:\sqmdata00.sqm
2008-04-16 15:20 . 2008-04-16 15:20 244 --ah----- C:\sqmnoopt00.sqm
2008-04-14 21:14 . 2008-04-19 22:14 <KANSIO> d-------- C:\Users\Ville\Puhelinluettelo
2008-04-14 21:14 . 2008-04-14 21:20 <KANSIO> d-------- C:\Users\Ville\Puheet
2008-04-14 21:13 . 2008-04-14 21:20 <KANSIO> dr------- C:\Users\Ville\Omat kuvatiedostot
2008-04-14 21:13 . 2008-04-14 21:13 <KANSIO> d-------- C:\Users\Ville\KUHA
2008-04-14 21:13 . 2008-04-16 19:09 <KANSIO> d-------- C:\Users\Ville\Koulujutut
2008-04-10 09:19 . 2008-02-29 10:11 988,216 --a------ C:\Windows\System32\winload.exe
2008-04-10 09:19 . 2008-02-29 10:11 927,288 --a------ C:\Windows\System32\winresume.exe
2008-04-10 09:19 . 2008-02-22 08:05 615,992 --a------ C:\Windows\System32\ci.dll
2008-04-10 09:19 . 2008-02-29 09:53 378,368 --a------ C:\Windows\System32\srcore.dll
2008-04-10 09:19 . 2008-02-29 07:12 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-04-10 09:19 . 2008-02-29 09:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-04-10 09:19 . 2008-02-29 09:53 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-10 09:19 . 2008-02-29 10:14 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-10 09:19 . 2008-02-29 07:12 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-04-10 09:19 . 2008-02-29 09:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-10 09:18 . 2008-02-29 07:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-04-10 09:18 . 2008-02-22 07:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-04-10 09:17 . 2008-02-22 05:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-10 09:17 . 2008-02-22 08:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-04-07 17:48 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-04-07 17:47 . 2008-04-07 17:47 <KANSIO> d-------- C:\Program Files\Microsoft Works
2008-04-07 17:45 . 2008-04-07 17:45 <KANSIO> d-------- C:\Program Files\Microsoft.NET
2008-04-07 17:43 . 2008-04-07 17:43 <KANSIO> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-07 17:41 . 2008-04-07 17:41 <KANSIO> dr-h----- C:\MSOCache
2008-04-07 17:39 . 2008-04-07 17:39 <KANSIO> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-07 17:34 . 2008-04-07 17:34 <KANSIO> d-------- C:\Users\Ville\AppData\Roaming\DAEMON Tools
2008-04-07 17:23 . 2008-04-07 17:34 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-04-06 23:15 . 2008-04-06 23:15 <KANSIO> d-------- C:\Program Files\Autodesk
2008-04-06 23:10 . 2008-04-11 10:25 <KANSIO> d-------- C:\Users\Ville\AppData\Roaming\Autodesk
2008-04-06 23:10 . 2008-04-11 10:25 <KANSIO> d-------- C:\ProgramData\Autodesk
2008-04-06 23:10 . 2008-04-06 23:17 <KANSIO> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-06 23:10 . 2008-04-06 23:46 <KANSIO> d-------- C:\Program Files\AutoCAD Civil 3D 2008
2008-04-06 23:10 . 2008-04-06 23:10 <KANSIO> d-------- C:\Civil 3D Projects
2008-04-06 23:10 . 2008-04-06 23:10 <KANSIO> d-------- C:\Civil 3D Project Templates
2008-04-05 21:57 . 2008-04-05 21:57 <KANSIO> d-------- C:\Users\Ville\AppData\Roaming\Macrovision
2008-04-05 14:25 . 2008-04-05 14:25 <KANSIO> d-------- C:\Windows\System32\Futuremark
2008-04-05 14:25 . 2008-04-05 14:25 <KANSIO> d-------- C:\Users\Ville\AppData\Roaming\InstallShield
2008-04-05 14:25 . 2008-04-05 14:25 <KANSIO> d-------- C:\Program Files\Common Files\Futuremark Shared
2008-04-05 14:25 . 2007-08-20 11:05 27,672 -ra------ C:\Windows\System32\drivers\Entech.sys
2008-04-05 14:14 . 2008-04-05 14:14 <KANSIO> d-------- C:\Windows\Sun
2008-04-05 14:11 . 2008-04-05 14:11 <KANSIO> d-------- C:\Program Files\Java
2008-04-05 13:38 . 2008-04-05 13:38 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-04-05 12:55 . 2008-04-05 12:55 <KANSIO> d-------- C:\ProgramData\Macrovision
2008-04-05 12:55 . 2008-04-05 12:55 <KANSIO> d-------- C:\Program Files\Vodafone
2008-04-05 12:55 . 2007-10-15 16:27 101,376 --a------ C:\Windows\System32\drivers\ewusbmdm.sys
2008-04-04 16:39 . 2008-04-04 16:39 <KANSIO> d-------- C:\Users\Ville\AppData\Roaming\ArcSoft
2008-04-04 16:39 . 2008-04-04 16:39 <KANSIO> d-------- C:\Program Files\Common Files\ArcSoft
2008-04-04 16:39 . 2008-04-04 16:39 <KANSIO> d-------- C:\Program Files\ArcSoft
2008-04-04 16:39 . 2005-04-27 16:36 245,408 --a------ C:\Windows\System32\unicows.dll
2008-04-04 16:39 . 1995-08-01 04:44 212,480 --a------ C:\Windows\PCDLIB32.DLL
2008-04-04 16:39 . 2006-11-10 15:05 18,688 --a------ C:\Windows\System32\drivers\afc.sys
2008-04-04 16:29 . 2008-04-04 16:34 34 --a------ C:\ProgDVB.ini
2008-04-04 16:22 . 2008-04-04 16:22 300,544 --a------ C:\Windows\System32\drivers\AF15BDA.sys
2008-04-04 16:22 . 2008-04-04 16:22 28,672 --a------ C:\Windows\System32\AF15BDAEX.dll
2008-04-04 16:22 . 2006-11-30 04:27 126 -ra------ C:\Windows\System32\AF15IRTBL.bin
2008-04-03 18:05 . 2008-05-05 14:10 27,839 --a------ C:\Users\Ville\AppData\Roaming\nvModes.dat
2008-04-02 23:10 . 2008-04-02 23:10 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-04-02 21:39 . 2008-04-02 21:39 <KANSIO> d-------- C:\Program Files\ffdshow
2008-04-02 21:39 . 2008-04-02 21:39 <KANSIO> d-------- C:\Program Files\AC3Filter
2008-04-02 21:39 . 2007-08-09 14:27 380,928 --a------ C:\Windows\System32\ac3filter.acm
2008-04-02 21:39 . 2007-04-24 16:30 60,273 --a------ C:\Windows\System32\pthreadGC2.dll
2008-04-02 21:39 . 2008-03-28 18:41 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-04-02 21:39 . 2007-07-10 17:10 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-04-02 21:32 . 2008-04-02 21:32 <KANSIO> d-------- C:\Program Files\Webteh
2008-04-02 21:22 . 2008-04-02 21:22 546 --a------ C:\Windows\System32\ABM51Sn.DAT
2008-04-02 21:00 . 2008-04-02 21:00 <KANSIO> dr------- C:\Users\Ville\Searches
2008-04-02 21:00 . 2008-04-01 22:29 <KANSIO> dr------- C:\Users\Ville\Contacts
2008-04-02 21:00 . 2008-04-02 21:00 <KANSIO> d-------- C:\Users\Ville\AppData\Roaming\Infineon
2008-04-02 21:00 . 2008-04-02 21:00 <KANSIO> d--hs---- C:\$RECYCLE.BIN
2008-04-02 20:56 . 2008-04-02 20:56 <KANSIO> d-------- C:\Program Files\Common Files\LightScribe
2008-04-02 20:55 . 2008-04-02 20:55 <KANSIO> d-------- C:\ProgramData\Ahead
2008-04-02 20:54 . 2008-04-02 20:54 <KANSIO> d-------- C:\ProgramData\Nero
2008-04-02 20:54 . 2008-04-02 20:54 <KANSIO> d-------- C:\Program Files\Nero
2008-04-02 20:54 . 2008-04-02 20:55 <KANSIO> d-------- C:\Program Files\Common Files\Ahead
2008-04-02 20:50 . 2008-04-02 20:50 <KANSIO> d-------- C:\Program Files\Fingerprint Sensor
2008-04-02 20:50 . 2008-04-02 20:50 <KANSIO> d-------- C:\Program Files\ASUS Security Center
2008-04-02 20:43 . 2008-04-02 21:00 <KANSIO> dr------- C:\Users\Ville\Videos
2008-04-02 20:43 . 2008-04-02 10:32 <KANSIO> dr------- C:\Users\Ville\Saved Games
2008-04-02 20:43 . 2008-03-17 14:02 <KANSIO> d-------- C:\Users\Ville\Roaming

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 15:56 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-05-14 07:31 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 07:31 --------- d-----w C:\Program Files\Windows Mail
2008-05-05 10:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-16 15:57 --------- d-----w C:\ProgramData\NVIDIA
2008-04-16 15:55 174 --sha-w C:\Program Files\desktop.ini
2008-04-16 15:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-16 15:48 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-16 15:48 --------- d-----w C:\Program Files\Windows Journal
2008-04-16 15:48 --------- d-----w C:\Program Files\Windows Defender
2008-04-16 15:48 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-16 15:48 --------- d-----w C:\Program Files\Windows Calendar
2008-04-16 15:34 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-16 15:34 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-07 14:46 --------- d-----w C:\Program Files\MSBuild
2008-04-05 09:55 --------- d-----w C:\Program Files\Vodafone
2008-04-02 18:41 --------- d-----w C:\ProgramData\Symantec
2008-04-02 18:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-02 18:05 --------- d-----w C:\ProgramData\ASUS
2008-03-17 11:23 33,136 ----a-w C:\Windows\ASScrPro.exe
2008-03-17 11:22 606,848 ----a-w C:\Windows\flashax.exe
2008-03-17 11:22 503,808 ----a-w C:\Windows\Asus_Camera_ScreenSaver.scr
2008-03-17 11:22 4,814,371 ----a-w C:\Windows\ASUS Camera ScreenSaver.exe
2008-03-17 11:22 37,232 ----a-w C:\Windows\ASScrProlog.exe
2008-03-17 11:22 274,800 ----a-w C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe
2008-03-17 11:22 12,288 ----a-w C:\Windows\impborl.dll
2008-03-17 10:47 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-03-17 10:47 315,392 ----a-w C:\Windows\HideWin.exe
2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-07 18:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2008-02-07 18:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2008-02-07 18:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2008-02-07 18:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
2008-02-07 18:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2008-02-07 18:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2008-02-07 18:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-03-16 14:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 14:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 14:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 09:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-07 18:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
.

------- Sigcheck -------

.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 10:33 1233920]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 12:49 451872]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 15:41 222128]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 12:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-27 08:10 4702208 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-08-03 08:22 1826816 C:\Windows\SkyTel.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 05:02 178712]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-24 20:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-03 00:24 857648]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 18:27 61440]
"PowerForPhone"="C:\Program Files\P4P\P4P.exe" [ ]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2008-03-17 14:22 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2008-03-17 14:23 33136]
"IFXSPMGT"="C:\Windows\system32\ifxspmgt.exe" [2007-02-26 06:29 677408]
"CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 00:11 17920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-05 13:17 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-05 13:17 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-05 13:17 81920]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-15 14:29 622592]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 14:51 65536]
"Windows UDP Control"="winudspm.exe" []
"Windows svchost"="service.exe" []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe [2008-04-04 16:39:04 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A1897FB4-960B-49CD-94E9-C677EF745013}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{068C361D-C7A9-421A-8E78-E1D85C0A4484}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{9725DA6C-85CB-4A23-B47E-6B151631CF40}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"{83C75A44-D315-4227-813A-351326B3DE88}"= UDP:C:\Program Files\ArcSoft\TotalMedia 3\TotalMedia.exe:ArcSoft TotalMedia 3
"{C2437C24-1C78-40FD-811A-EB7B7367FCEC}"= TCP:C:\Program Files\ArcSoft\TotalMedia 3\TotalMedia.exe:ArcSoft TotalMedia 3
"{87FD73F2-F23B-46A0-811A-A39692FF6FDF}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FAECBFCB-6665-4245-AF35-40E7B0A2C189}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E146C103-E543-404F-A43C-6AACAC0AA77E}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F6931F66-FDFE-45CF-8568-696EF29A84CB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F2E156E4-295D-42CA-BCC2-4949BE1E5D25}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F48BDB85-8414-42B3-964F-C2E223F2BA7B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys [2007-09-27 01:03]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 20:31]
R1 ItSDisk;ItSDisk;C:\Windows\system32\Drivers\ItSDisk.sys [2006-05-16 20:13]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\Windows\system32\drivers\psd.sys [2007-01-23 15:07]
R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2008-01-19 10:33]
R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2008-01-19 10:33]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 20:32]
R3 AF15BDA;AF9015 BDA Filter;C:\Windows\system32\DRIVERS\AF15BDA.sys [2008-04-04 16:22]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x86.sys [2007-10-31 14:55]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam;C:\Windows\system32\DRIVERS\etDevice.sys [2007-09-06 11:43]
R3 FiltUSBET;ET USB Device Lower Filter;C:\Windows\system32\DRIVERS\etFilter.sys [2007-10-15 10:39]
R3 ScanUSBET;ET USB Still Image Capture Device;C:\Windows\system32\DRIVERS\etScan.sys [2007-09-06 18:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
GPSvcGroup REG_MULTI_SZ GPSvc
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c096a4b-04b0-11dd-b6e5-000ea6f329ad}]
\shell\AutoRun\command - F:\SETUP.EXE
\shell\configure\command - F:\SETUP.EXE
\shell\install\command - F:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f62acb9c-02f5-11dd-8265-000ea6f329ad}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f62acbb4-02f5-11dd-8265-000ea6f329ad}]
\shell\AutoRun\command - F:\StartVMCLite.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 18:56:38
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\wlanext.exe
C:\Windows\System32\brss01a.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATK Hotkey\HControl.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
C:\Windows\System32\IFXTCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\IfxPsdSv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTNA.exe
.
**************************************************************************
.
Completion time: 2008-05-30 18:58:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-30 15:58:38

Pre-Run: 82,826,231,808 tavua vapaana
Post-Run: 82,771,468,288 tavua vapaana

341 --- E O F --- 2008-05-29 07:45:54