mesevirus + hjt-loki

joku5 · Jun 10, 2008

mul on mesevirus ja täs ois mun hjt- loki voisko joku kattoo tätä?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:34:45, on 10.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\IoCtlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\BUFFALO\SLW\ENCRDLG.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\WINDOWS\system32\Isass.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Windows\mservice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.moottoripyora.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;localhos;;<local>;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32\nsl1C.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechSetup] D:\Setup\Setup.exe /restart /l:enu
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] serviceaaa.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\Isass.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe
O4 - HKLM\..\Run: [Microsoft] wplayer.exe
O4 - HKLM\..\Run: [BIND SUPPORT SEEK FIRST] C:\Documents and Settings\All Users\Application Data\dumb pure bind support\meal ford.exe
O4 - HKLM\..\Run: [Windows Control Center] winudpmr.exe
O4 - HKLM\..\Run: [Windows Controls Center] winudmr.exe
O4 - HKLM\..\Run: [System Service Manager Device] svho.exe
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\RunServices: [Microsoft] wplayer.exe
O4 - HKLM\..\RunServices: [System Service Manager Device] svho.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [surf flaw] C:\DOCUME~1\JERE\APPLIC~1\VGAPOL~1\load the.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Documents and Settings\JERE\Omat tiedostot\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registrationa1\RegistrationReminder.exe
O4 - Startup: Registration Heroes of Might & Magic 5 - Tribes of the East.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1854004.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.152.196.254/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTSvcCDA.EXE (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoCtlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SecureLockWare ??????? (SecureLockWare_InputPassword) - BUFFALO INC. - C:\Program Files\BUFFALO\SLW\ENCRDLG.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 15800 bytes

Hujo · Jun 10, 2008

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

joku5 · Jun 11, 2008

ComboFix 08-06-10.5 - JERE 2008-06-11 21:13:03.4 - NTFSx86
Running from: C:\Documents and Settings\JERE\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\bot.exe
C:\setup.exe
C:\WINDOWS\service.exe
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\DcadsSocial-uninstall.exe
C:\WINDOWS\system32\isass.exe
C:\WINDOWS\system32\mssrv32.exe
C:\WINDOWS\ups.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE

((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-11 to 2008-06-11 )))))))))))))))))
.

2008-06-11 21:42 . 45,056 C:\is155932.exe
2008-06-11 21:42 . 2008-06-11 21:44 33,280 --a------ C:\WINDOWS\system32\geBrsQkK.dll
2008-06-11 16:29 . 2008-06-11 16:29 <KANSIO> d-------- C:\Program Files\uTorrent
2008-06-11 16:29 . 2008-06-11 21:01 <KANSIO> d-------- C:\Documents and Settings\JERE\Application Data\uTorrent
2008-06-11 03:25 . 2008-04-14 18:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 03:10 . 2008-05-08 17:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 03:04 . 2008-06-11 03:04 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-10 23:33 . 2008-06-10 23:33 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-10 22:09 . 2008-06-10 22:24 115,215 --a------ C:\sexy.exe
2008-06-10 20:17 . 2008-06-10 20:28 29,835 --a------ C:\nicks.exe
2008-06-10 00:24 . 2008-06-10 20:27 29,342 --a------ C:\lp.exe
2008-06-09 00:20 . 2008-06-09 00:20 29,342 --a------ C:\pvs.exe
2008-06-08 23:10 . 2008-06-09 00:20 29,342 --a------ C:\Documents and Settings\JERE\ps.exe
2008-06-08 23:07 . 2008-06-10 20:16 29,342 -r-hs---- C:\WINDOWS\winudmr.exe
2008-06-08 23:07 . 2008-06-09 00:20 29,342 --a------ C:\ps.exe
2008-06-08 23:04 . 2008-06-08 23:03 29,339 -r-hs---- C:\WINDOWS\winudpmr.exe
2008-06-08 22:21 . 2008-06-08 22:21 18,587 --a------ C:\Documents and Settings\JERE\packed.exe
2008-06-08 22:17 . 2008-06-08 22:19 18,587 --a------ C:\packed.exe
2008-06-08 20:25 . 2008-06-08 20:25 <KANSIO> d-------- C:\WINDOWS\system32\Adobe
2008-06-08 07:48 . 2008-06-08 07:48 49,156 --a------ C:\hszs.exe
2008-06-06 20:42 . 2008-06-06 20:42 49,156 --a------ C:\sjgz.exe
2008-06-06 17:34 . 2008-06-06 17:34 49,156 --a------ C:\sjz.exe
2008-06-06 17:21 . 2008-06-08 07:48 49,156 --a------ C:\shz.exe
2008-06-06 15:03 . 2008-06-06 20:39 49,156 --a------ C:\Documents and Settings\JERE\sz.exe
2008-06-06 14:58 . 2008-06-06 20:47 49,156 --a------ C:\sz.exe
2008-06-06 14:06 . 2008-06-06 14:06 49,156 --a------ C:\sexx22.exe
2008-06-06 14:06 . 2008-06-06 14:06 49,156 --a------ C:\sexx2.exe
2008-06-06 13:46 . 2008-06-06 14:48 49,156 --a------ C:\Documents and Settings\JERE\sex2.exe
2008-06-06 13:30 . 2008-06-06 13:30 49,156 --a------ C:\sex22.exe
2008-06-06 13:23 . 2008-06-06 17:21 49,156 --a------ C:\sex2.exe
2008-06-06 13:21 . 2008-06-06 13:21 49,156 --a------ C:\sex.exe
2008-06-06 02:31 . 2008-06-06 02:31 <KANSIO> d-------- C:\Program Files\Vga Poll View
2008-06-06 00:42 . 2008-06-06 00:42 49,156 --a------ C:\sf.exe
2008-06-06 00:38 . 2008-06-06 08:25 49,156 --a------ C:\Documents and Settings\JERE\fs.exe
2008-06-06 00:23 . 2008-06-06 01:01 49,156 --a------ C:\fs.exe
2008-06-06 00:15 . 2008-06-06 00:16 49,156 --a------ C:\Documents and Settings\JERE\f.exe
2008-06-05 00:15 . 2008-06-05 00:15 290,110 --a------ C:\WINDOWS\ftp.exe
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ C:\Documents and Settings\JERE\stp.exe
2008-06-04 21:59 . 2008-06-04 22:06 86,528 --a------ C:\stp.exe
2008-06-04 21:47 . 2008-06-04 21:47 60,128 --a------ C:\setupb.exe
2008-06-04 03:47 . 2008-06-04 03:47 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 03:47 . 2008-06-04 03:49 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 02:38 . 2008-06-04 02:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-04 02:37 . 2008-06-11 21:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-03 20:17 . 2008-06-03 22:58 52,331 --a------ C:\f.bat
2008-06-03 19:35 . 2008-06-03 19:48 49,156 --a------ C:\roffl.exe
2008-06-03 19:33 . 2008-06-03 19:33 49,156 --a------ C:\rofl.exe
2008-06-03 18:36 . 2008-06-03 22:58 96,950 --a------ C:\Documents and Settings\JANI\setupa.exe
2008-06-03 18:32 . 2008-06-04 02:38 96,950 --a------ C:\setz.exe
2008-06-03 18:09 . 2008-06-03 23:05 96,950 --a------ C:\ssetup.exe
2008-06-03 17:50 . 2008-06-03 18:18 96,950 --a------ C:\Documents and Settings\JANI\setup.exe
2008-06-03 01:01 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-06-02 22:29 . 2008-06-03 00:24 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-06-02 21:37 . 2008-06-03 22:10 96,950 -r-hs---- C:\WINDOWS\mservice.exe
2008-06-02 19:22 . 2008-06-02 19:22 49,152 --a------ C:\abhwevhi.exe
2008-06-02 19:22 . 2008-06-02 19:22 2 --a------ C:\1558099180
2008-06-02 18:58 . 2008-06-02 18:59 2,048 --a------ C:\hldtlwe.exe
2008-06-02 17:35 . 2008-06-03 18:18 60,114 --a------ C:\bot1.exe
2008-05-31 14:08 . 2008-05-31 15:14 86,512 --a------ C:\setup1.exe
2008-05-30 21:17 . 2008-05-30 21:17 83,400 -r-hs---- C:\WINDOWS\winudpmgr.exe
2008-05-30 21:17 . 2008-05-30 23:18 83,400 --a------ C:\img.exe
2008-05-30 19:24 . 2008-05-30 22:12 60,132 --a------ C:\dcsi.exe
2008-05-30 16:55 . 2008-06-03 00:39 96,950 --a------ C:\Documents and Settings\JERE\setup.exe
2008-05-30 16:27 . 2008-05-30 22:48 60,132 --a------ C:\dci.exe
2008-05-27 22:18 . 2008-05-27 22:19 <KANSIO> d-------- C:\Program Files\Windows Live Toolbar
2008-05-27 22:18 . 2008-05-27 22:18 <KANSIO> d-------- C:\Program Files\Windows Live Favorites
2008-05-25 03:40 . 2008-05-25 03:40 <KANSIO> d-------- C:\Program Files\SCi
2008-05-24 20:35 . 2008-05-24 20:35 <KANSIO> d-------- C:\Program Files\Wanadoo Edition
2008-05-19 18:08 . 2008-05-19 18:08 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-18 15:57 . 2008-05-18 15:57 <KANSIO> d-------- C:\Program Files\Mario Kart Widget
2008-05-18 15:57 . 2008-05-18 15:57 <KANSIO> d-------- C:\Documents and Settings\JERE\Application Data\com.mariokart.MarioKartWidget.2D2C34B6007093AC4AD53AA62F0C6C15D6F8E999.1
2008-05-18 15:55 . 2008-05-18 15:55 <KANSIO> d-------- C:\Program Files\Common Files\Adobe AIR
2008-05-17 13:54 . 2008-05-21 16:36 <KANSIO> d-------- C:\Documents and Settings\JERE\Application Data\Azureus
2008-05-17 13:54 . 2008-05-17 13:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-17 13:09 . 2008-05-17 13:09 <KANSIO> d-------- C:\Downloads
2008-05-17 02:15 . 2008-06-01 19:42 <KANSIO> d-------- C:\Program Files\EA Games
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-14 19:56 . 2008-05-14 19:56 <KANSIO> d-------- C:\Documents and Settings\JERE\Application Data\Datalayer
2008-05-14 19:55 . 2008-05-14 19:56 <KANSIO> d-------- C:\Documents and Settings\JERE\Phone Browser

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 18:43 --------- d-----w C:\Program Files\Steam
2008-06-10 08:29 --------- d-----w C:\Program Files\Electronic Arts
2008-06-07 13:00 --------- d-----w C:\Program Files\Windows Live
2008-06-07 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-05 23:32 --------- d-----w C:\Documents and Settings\JERE\Application Data\Vga Poll View
2008-06-05 23:31 --------- d-----w C:\Program Files\Vga Poll View
2008-06-05 23:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\dumb pure bind support
2008-06-04 00:47 --------- d-----w C:\Program Files\Lavasoft
2008-06-01 16:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-28 18:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-27 19:17 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-26 13:43 --------- d-----w C:\Documents and Settings\Hellu\Application Data\Vga Poll View
2008-05-16 19:29 --------- d-----w C:\Documents and Settings\JERE\Application Data\LimeWire
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,704 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-03 20:31 --------- d-----w C:\Documents and Settings\JERE\Application Data\Apple Computer
2008-05-03 20:30 --------- d-----w C:\Program Files\iTunes
2008-05-03 20:29 --------- d-----w C:\Program Files\iPod
2008-05-03 20:04 --------- d-----w C:\Program Files\Apple Software Update
2008-04-30 15:45 --------- d-----w C:\Program Files\World of Warcraft
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-28 18:58 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-04-26 20:49 --------- d-----w C:\Documents and Settings\JERE\Application Data\My Battle for Middle-earth(tm) II Files
2008-04-25 22:18 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-25 22:18 286,720 ------w C:\WINDOWS\Setup1.exe
2008-04-25 17:16 --------- d-----w C:\Program Files\Ubisoft
2008-04-25 13:23 --------- d-----w C:\Program Files\Logitech
2008-04-25 13:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-17 20:55 520,192 ----a-w C:\WINDOWS\system32\AssassinsCreed 1.scr
2008-04-14 16:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 16:15 331,264 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 16:11 997,888 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 16:10 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 16:09 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 16:09 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 15:59 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 15:51 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 15:51 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 15:51 68,096 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 15:51 46,720 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 15:51 120,064 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 15:49 2,191,360 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 15:49 2,068,224 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 15:48 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 15:47 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 15:47 154,112 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 15:46 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 15:46 37,120 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 15:46 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 15:46 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 15:45 80,384 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 15:45 40,704 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 15:45 40,320 ------w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 15:44 48,640 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 15:43 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 15:43 52,096 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 15:42 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 15:42 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 15:41 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 15:41 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 15:40 65,536 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 15:40 57,472 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 15:39 51,840 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 15:39 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 15:38 39,808 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 15:38 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 15:37 41,728 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 15:37 41,344 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 15:36 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 15:36 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 15:36 187,904 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-14 06:12 11,264 ------w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 06:11 992,256 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 06:11 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2006-10-04 04:51 10,197 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{733716E1-76D2-4003-AC39-845281C0EF85}]
2008-02-08 20:53 233472 --a------ C:\WINDOWS\system32\nsl1C.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 17:24 68856]
"surf flaw"="C:\DOCUME~1\JERE\APPLIC~1\VGAPOL~1\load the.exe" [2008-06-06 02:31 438784]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MessengerPlus3"="C:\Documents and Settings\JERE\Omat tiedostot\MsgPlus.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:40 204288]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-06-10 20:52 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38 892928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 13:50 155648]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 11:33 243248]
"LogitechSetup"="D:\Setup\Setup.exe" [ ]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 11:34 614960]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 10:46 497200]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-05-24 09:50 28672]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2003-06-26 03:02 184320]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-04-28 21:00 323584]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 02:06 487424]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"Launch LgDevAgt"="C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-07-18 03:13 99600]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-18 02:30 1687824]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 03:08 2094352]
"Echovoice Gamer Statistics"="C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Windows UDP Control"="winudspm.exe" []
"psyspy-2.1.4 Client Server"="C:\WINDOWS\system32\telecms.exe" [ ]
"Windows svchost"="serviceaaa.exe" []
"Local Security Authority Service"="C:\WINDOWS\system32\Isass.exe" [ ]
"BIND SUPPORT SEEK FIRST"="C:\Documents and Settings\All Users\Application Data\dumb pure bind support\meal ford.exe" [2008-06-11 21:42 501760]
"Windows Control Center"="winudpmr.exe" [2008-06-08 23:03 29339 C:\WINDOWS\winudpmr.exe]
"Windows Controls Center"="winudmr.exe" [2008-06-10 20:16 29342 C:\WINDOWS\winudmr.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"psyspy-2.1.4 Client Server"="C:\WINDOWS\system32\telecms.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 19:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\req]
C:\WINDOWS\system32\req.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Steam\\SteamApps\\_wolf_93\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\_wolf_93\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\_wolf_93\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S2 PPSCAN;PPSCAN;C:\WINDOWS\system32\drivers\PPSCAN.sys [2002-03-29 13:58]
S2 qandr;qandr;C:\WINDOWS\system32\drivers\qandr.sys []
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 15:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 15:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 15:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 15:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 15:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 15:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 15:58]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 17:49]
S3 XDva039;XDva039;C:\WINDOWS\system32\XDva039.sys []
S3 XDva076;XDva076;C:\WINDOWS\system32\XDva076.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b6c17b8-9ea1-11dc-941a-0007e9427550}]
\Shell\AutoRun\command - F:\AUTORUN.EXE

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-06-11 19:00:00 C:\WINDOWS\Tasks\ABE60D1C9185837C.job"
- c:\docume~1\jani\applic~1\vgapol~1\Play about live.exe
"2008-06-11 04:50:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-11 19:00:04 C:\WINDOWS\Tasks\B2B439F99073ADED.job"
- c:\docume~1\jere\applic~1\vgapol~1\Play about live.exe
"2008-06-11 19:00:02 C:\WINDOWS\Tasks\B6BC1EB2918B870A.job"
- c:\docume~1\hellu\applic~1\vgapol~1\Play about live.exe
"2008-06-11 18:37:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-10 22:39:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-06-06 12:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 21:40:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\geBrsQkK.dll 33280 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\BUFFALO\SLW\ENCRDLG.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\EZ-DUB\EZ-DUB.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
.
**************************************************************************
.
Completion time: 2008-06-11 22:02:11 - machine was rebooted [JERE]
ComboFix-quarantined-files.txt 2008-06-11 19:01:57

Pre-Run: 31,835,258,880 tavua vapaana
Post-Run: 31,737,032,704 tavua vapaana

376 --- E O F --- 2008-06-11 10:59:57

Hujo · Jun 11, 2008

Luo poistolista:
• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta postiisi

joku5 · Jun 11, 2008

Ad-Aware
Ad-aware 6 Personal
Adobe AIR
Adobe AIR
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Image Viewer Plugin 4.0
Adobe Photoshop Album
Adobe Reader 8.1.2 - Suomi
Adobe Shockwave Player 11
Apple Mobile Device Support -tuki
Apple Software Update
AssassinsCreed 1 Screen Saver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
avast! Antivirus
Browser Optimizer Dcads
Browser Optimizer Superiorads
BUFFALO Disk Backup Utility
BUFFALO Secure Lock Ware
Buggy v0.1 Setup
Canon Camera Window for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
CDDRV_Installer
Counter-Strike: Source
Creative MediaSource
Creative PC-CAM Center Lite
Creative WebCam Monitor
Creative WebCam NX Driver (1.02.01.0827)
Creative WebCam NX User's Guide (English)
Dcads Advanced Toolbar
Disc2Phone
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Elasto Mania
EZ-DUB
EZ-DUB Finder
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Hamachi 1.0.2.5
Happyland Adventures - Xmas Edition
Heroes of Might & Magic V: Hammers of Fate
Heroes of Might and Magic V
Heroes of Might and Magic V - Tribes of the East
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix-korjauspäivitys Windows Media Player 11:lle (KB939683)
Hotfix-päivitys Windows Internet Explorer 7:lle (KB947864)
HP PrecisionScan LT Software
HydraVision
IFI OnlineFoto
Intel(R) PRO Network Adapters and Drivers
InterActual Player
InterVideo WinDVD 8
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
KhalInstallWrapper
Logitech Audio Echo Cancellation Component
Logitech Desktop Messenger
Logitech GamePanel Software 2.00
Logitech iTouch Software
Logitech MouseWare 9.61
Logitech QuickCam
Logitech Registration
Logitech SetPoint
Logitech Video Enumerator
Logitech® Camera -ohjain
Map Button (Windows Live Toolbar)
Mario Forever v 2.16 !
Mario Kart Widget
Mario Kart Widget
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Finnish Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Microsoft Windows XP -käyttöjärjestelmän ohjatun CD-levylle tallentamisen HighMAT-laajennus
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero - Burning Rom
Nokia Connectivity Cable Driver
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Nokia N73 highlights
Nokia Nseries Skin for Microsoft Windows Media Player
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia themes for your device
Norton Security Scan
PCFriendly
PowerDVD
PunkBuster Services
QuickTime
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Shockwave
Smart Menus (Windows Live Toolbar)
Sony Ericsson PC Suite
SoundMAX
Steam
Suojauspäivitys ohjelmistolle Windows XP (KB941569)
Suojauspäivitys Windows Internet Explorer 7:lle (KB928090)
Suojauspäivitys Windows Internet Explorer 7:lle (KB929969)
Suojauspäivitys Windows Internet Explorer 7:lle (KB931768)
Suojauspäivitys Windows Internet Explorer 7:lle (KB933566)
Suojauspäivitys Windows Internet Explorer 7:lle (KB937143)
Suojauspäivitys Windows Internet Explorer 7:lle (KB938127)
Suojauspäivitys Windows Internet Explorer 7:lle (KB939653)
Suojauspäivitys Windows Internet Explorer 7:lle (KB942615)
Suojauspäivitys Windows Internet Explorer 7:lle (KB944533)
Suojauspäivitys Windows Internet Explorer 7:lle (KB950759)
Suojauspäivitys Windows Media Player 10:lle (KB911565)
Suojauspäivitys Windows Media Player 10:lle (KB917734)
Suojauspäivitys Windows Media Player 10:lle (KB936782)
Suojauspäivitys Windows Media Player 11:lle (KB936782)
Suojauspäivitys Windows XP:lle (KB950760)
Suojauspäivitys Windows XP:lle (KB950762)
Suojauspäivitys Windows XP:lle (KB951376)
Suojauspäivitys Windows XP:lle (KB951698)
TeamSpeak 2 RC2
The Battle for Middle-earth (tm) II
UMVPLStandalone
Windows Defender
Windows Defender Signatures
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Genuine Advantage v1.3.0254.0
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Liven kirjautumisavustaja
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft

Hujo · Jun 11, 2008

Niin onkos sulla jotain ongelmaa tän koneen kanssa

===================================================

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

File::
C:\WINDOWS\system32\req.dll
C:\Windows\mservice.exe
C:\WINDOWS\winudspm.exe
C:\WINDOWS\system32\telecms.exe
C:\WINDOWS\serviceaaa.exe
C:\WINDOWS\winudpmgr.exe
C:\Windows\mservice.exe
C:\WINDOWS\wplayer.exe
C:\sexy.exe
C:\nicks.exe
C:\lp.exe
C:\pvs.exe
C:\Documents and Settings\JERE\ps.exe
C:\WINDOWS\winudmr.exe
C:\ps.exe
C:\WINDOWS\winudpmr.exe
C:\hszs.exe
C:\sjgz.exe
C:\sjz.exe
C:\shz.exe
C:\Documents and Settings\JERE\sz.exe
C:\sz.exe
C:\sexx22.exe
C:\sexx2.exe
C:\Documents and Settings\JERE\sex2.exe
C:\sex22.exe
C:\sex2.exe
C:\sex.exe
C:\sf.exe
C:\Documents and Settings\JERE\fs.exe
C:\fs.exe
C:\Documents and Settings\JERE\f.exe
C:\Documents and Settings\JERE\stp.exe
C:\stp.exe
C:\setupb.exe
C:\f.bat
C:\roffl.exe
C:\rofl.exe
C:\Documents and Settings\JANI\setupa.exe
C:\setz.exe
C:\ssetup.exe
C:\Documents and Settings\JANI\setup.exe
C:\WINDOWS\sb.exe
C:\WINDOWS\DC5177176.zip
C:\WINDOWS\mservice.exe
C:\abhwevhi.exe
C:\1558099180
C:\hldtlwe.exe
C:\bot1.exe
C:\setup1.exe
C:\WINDOWS\winudpmgr.exe
C:\img.exe
C:\dcsi.exe
C:\Documents and Settings\JERE\setup.exe
C:\dci.exe

Click to expand...

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

Log in or Sign up

mesevirus + hjt-loki

joku5 Guest

Hujo Guest

joku5 Guest

Hujo Guest

joku5 Guest

Hujo Guest

Share This Page

Log in or Sign up

mesevirus + hjt-loki

joku5 Guest

Hujo Guest

joku5 Guest

Hujo Guest

joku5 Guest

Hujo Guest

Share This Page

Useful Searches