Messengervirus, hjt-logi

Moi!

Jos joku voisi katsoa nämä läpi niin olisin todella kiitollinen!

ComboFix:

ComboFix 08-06-04.3 - Juuso 2008-06-05 12:16:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1508 [GMT 3:00]
Running from: C:\Documents and Settings\Juuso\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Juuso\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\service.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-05 00:15 . 2008-06-05 00:15 290,110 --a------ C:\WINDOWS\ftp.exe
2008-06-04 22:59 . 2008-06-04 22:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-04 22:40 . 2008-06-01 19:13 <DIR> d-------- C:\SDFix
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ C:\Documents and Settings\Juuso\stp.exe
2008-06-04 14:50 . 2008-06-04 14:58 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-04 14:50 . 2008-06-04 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-03 22:58 . 2008-06-03 23:24 86,548 --a------ C:\Documents and Settings\Juuso\setupa.exe
2008-06-03 13:12 . 2008-06-04 12:58 3,419 --a------ C:\WINDOWS\is154890.exe
2008-06-03 13:08 . 2008-06-03 13:08 96,950 -r-hs---- C:\WINDOWS\mservice.exe
2008-06-03 01:46 . 2008-06-05 12:09 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 01:45 . 2008-06-03 01:45 <DIR> d-------- C:\Fraps
2008-06-03 01:39 . 2008-06-03 01:39 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-06-03 01:39 . 2008-06-03 01:39 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-06-03 01:00 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-06-03 00:55 . 2008-06-04 13:58 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\teamspeak2
2008-06-03 00:54 . 2008-06-03 00:54 <DIR> d-------- C:\Program Files\VentriloMIX
2008-06-02 23:06 . 2008-06-02 23:06 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\BSplayer Pro
2008-06-02 23:06 . 2008-06-02 23:09 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\BSplayer
2008-06-02 23:05 . 2008-06-02 23:05 <DIR> d-------- C:\Program Files\Webteh
2008-06-02 21:35 . 2008-06-04 16:03 3,424 --a------ C:\Documents and Settings\Juuso\setup.exe
2008-06-01 23:53 . 2008-06-01 23:53 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-01 23:53 . 2008-06-01 23:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-01 21:21 . 2008-06-02 14:44 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Ventrilo
2008-06-01 21:20 . 2008-06-01 21:20 <DIR> d-------- C:\Program Files\Ventrilo
2008-06-01 21:19 . 2008-06-03 01:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 11:00 . 2008-05-31 11:00 <DIR> d-------- C:\WINDOWS\Sun
2008-05-31 10:54 . 2008-05-31 10:54 <DIR> d-------- C:\Program Files\Sun
2008-05-31 10:53 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-31 10:52 . 2008-05-31 10:53 <DIR> d-------- C:\Program Files\Java
2008-05-31 10:50 . 2008-05-31 10:50 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-30 23:42 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-30 23:42 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-30 23:42 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-30 23:42 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-05-30 20:13 . 2008-05-30 20:13 <DIR> d-------- C:\Documents and Settings\Raija\Application Data\Comodo
2008-05-30 20:13 . 2008-05-30 20:13 <DIR> d-------- C:\Documents and Settings\Raija\Application Data\ATI
2008-05-30 20:13 . 2008-05-30 21:49 <DIR> d-------- C:\Documents and Settings\Raija
2008-05-29 17:47 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-05-29 17:27 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo\Application Data\Comodo
2008-05-29 17:27 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo\Application Data\ATI
2008-05-29 17:26 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo
2008-05-28 09:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-28 09:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-28 09:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-27 23:54 . 2008-06-02 23:01 <DIR> d-------- C:\Jotain ihmejuttuja
2008-05-27 23:04 . 2008-05-27 23:07 <DIR> d-------- C:\Program Files\Winamp
2008-05-27 23:04 . 2008-05-27 23:27 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Winamp
2008-05-27 19:33 . 2008-06-03 01:39 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-27 19:33 . 2008-05-27 19:37 <DIR> d-------- C:\Documents and Settings\Juuso\Contacts
2008-05-27 16:14 . 2008-05-27 16:14 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-27 15:29 . 2006-06-14 11:47 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2008-05-27 15:29 . 2006-06-14 12:00 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-05-27 15:29 . 2006-06-14 11:47 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-05-27 15:27 . 2006-05-05 12:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-05-27 15:04 . 2008-05-27 15:05 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-27 14:31 . 2008-05-27 14:31 <DIR> d-------- C:\Installerit
2008-05-27 14:30 . 2008-05-27 14:30 <DIR> d-------- C:\Program Files\uTorrent
2008-05-27 14:30 . 2008-06-03 18:03 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\uTorrent
2008-05-27 14:29 . 2008-06-03 15:16 <DIR> d-------- C:\Pelit
2008-05-27 14:28 . 2008-06-01 20:27 <DIR> d-------- C:\Musat
2008-05-27 14:28 . 2008-06-02 23:09 <DIR> d-------- C:\Leffat
2008-05-27 13:52 . 2008-05-27 13:52 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\ATI
2008-05-27 13:52 . 2008-05-27 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-05-27 13:46 . 2008-05-27 13:46 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-05-27 13:46 . 2008-05-27 13:46 <DIR> d-------- C:\Program Files\Realtek
2008-05-27 13:46 . 2006-03-14 06:23 82,048 -ra------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-05-27 13:45 . 2008-05-27 13:28 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 13:45 . 2008-05-27 13:45 <DIR> d-------- C:\Program Files\Analog Devices
2008-05-27 13:44 . 2008-06-05 12:10 <DIR> d-------- C:\Program Files\mIRC
2008-05-27 13:44 . 2008-05-27 13:27 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-27 13:44 . 2008-06-05 12:17 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\NoNameScript
2008-05-27 13:44 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-27 13:43 . 2008-05-27 13:43 15,891 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-05-27 13:43 . 2004-04-27 10:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-27 13:43 . 2004-08-13 05:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-05-27 13:40 . 2008-05-27 13:44 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\mIRC
2008-05-27 13:39 . 2008-06-03 13:59 <DIR> d-------- C:\Program Files\Windows Live
2008-05-27 13:39 . 2008-05-27 19:32 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-27 13:39 . 2008-05-27 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-27 13:35 . 2006-03-17 03:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-05-27 13:33 . 2008-06-05 12:13 <DIR> d-------- C:\Program Files\Steam
2008-05-27 13:31 . 2008-05-29 09:49 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-27 13:29 . 2008-05-27 13:29 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-27 13:28 . 2008-05-12 10:49 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-27 13:27 . 2008-05-27 13:28 <DIR> d-------- C:\Program Files\ATI Technologies
2008-05-27 13:27 . 2008-05-27 13:27 <DIR> d-------- C:\ATI
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Program Files\Opera
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Program Files\COMODO
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Program Files\AskSBar
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Comodo
2008-05-27 13:22 . 2008-05-27 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-27 13:22 . 2008-05-27 13:22 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-05-27 13:22 . 2008-05-27 13:22 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-27 13:22 . 2008-05-27 13:22 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-27 13:21 . 2008-05-27 13:21 <DIR> d-------- C:\Program Files\Alwil Software
2008-05-27 13:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 19:30 . 2008-05-12 19:30 3,007,488 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 19:30 . 2008-05-12 19:30 3,007,488 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 18:56 . 2008-05-12 18:56 397,312 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 18:54 . 2008-05-12 18:54 305,152 --a--c--- C:\WINDOWS\system32\dllcache\ati2dvag.dll
2008-05-12 18:54 . 2008-05-12 18:54 305,152 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 18:53 . 2008-05-12 18:53 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 18:45 . 2008-05-12 18:45 180,224 --a------ C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 18:45 . 2008-05-12 18:45 139,264 --a------ C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 18:45 . 2008-05-12 18:45 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 18:45 . 2008-05-12 18:45 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 18:44 . 2008-05-12 18:44 139,264 --a------ C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 18:43 . 2008-05-12 18:43 10,153,984 --a------ C:\WINDOWS\system32\atioglx2.dll
2008-05-12 18:43 . 2008-05-12 18:43 540,672 --a------ C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 18:41 . 2008-05-12 18:41 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 18:32 . 2008-05-12 18:32 3,203,168 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-05-12 18:32 . 2008-05-12 18:32 3,203,168 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-12 18:22 . 2008-05-12 18:22 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-05-12 18:22 . 2008-05-12 18:22 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2008-05-12 18:22 . 2008-05-12 18:22 1,999,616 --a--c--- C:\WINDOWS\system32\dllcache\ativvaxx.dll
2008-05-12 18:22 . 2008-05-12 18:22 1,999,616 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 18:22 . 2008-05-12 18:22 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-05-12 18:09 . 2008-05-12 18:09 47,104 --a------ C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 18:05 . 2008-05-12 18:05 327,680 --a------ C:\WINDOWS\system32\atikvmag.dll
2008-05-12 18:03 . 2008-05-12 18:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 18:03 . 2008-05-12 18:03 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
2008-05-12 18:02 . 2008-05-12 18:02 241,664 --a------ C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 18:02 . 2008-05-12 18:02 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 17:57 . 2008-05-12 17:57 548,864 --a--c--- C:\WINDOWS\system32\dllcache\ati2cqag.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 21:54 --------- d-----w C:\Program Files\VentriloMIX
2008-06-01 18:20 --------- d-----w C:\Program Files\Ventrilo
2008-05-27 20:06 --------- d-----w C:\Program Files\Windows Media Player
2008-05-27 13:01 --------- d-----w C:\Program Files\WinRAR
2008-05-26 20:27 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-26 20:26 --------- d--h--w C:\Program Files\WindowsUpdate
2008-05-26 20:23 --------- d-----w C:\Program Files\Windows NT
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-03-26 08:09 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 07:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-05-27 13:22 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-05-27 13:22 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-05-27 13:33 1271032]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 15:53 913064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 04:11 925696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"css"="C:\Program Files\Comodo\Css\cssurf.exe" [2008-05-22 22:57 188160]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-27 13:22 1575680]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Windows svchost"="service.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Comodo\Css\cssdll32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-27 13:22]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-27 13:22]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 12:17:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-05 12:18:27
ComboFix-quarantined-files.txt 2008-06-05 09:18:21

Pre-Run: 192,743,108,608 bytes free
Post-Run: 192,792,240,128 bytes free

212 --- E O F --- 2008-05-29 06:49:51


Ja HJT otettu combofixin, roskakorin tyhjennyksen ja bootin jälkeen:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:30, on 5.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Css\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [css] C:\Program Files\Comodo\Css\cssurf.exe /s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Comodo\Css\cssdll32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

--
End of file - 6152 bytes

 

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

 

Jep, tässähän se.


ComboFix 08-06-05.2 - Juuso 2008-06-05 20:21:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534 [GMT 3:00]
Running from: C:\Documents and Settings\Juuso\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Juuso\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-05 00:15 . 2008-06-05 00:15 290,110 --a------ C:\WINDOWS\ftp.exe
2008-06-04 22:59 . 2008-06-04 22:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-04 22:40 . 2008-06-01 19:13 <DIR> d-------- C:\SDFix
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ C:\Documents and Settings\Juuso\stp.exe
2008-06-04 14:50 . 2008-06-04 14:58 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-04 14:50 . 2008-06-04 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-03 22:58 . 2008-06-03 23:24 86,548 --a------ C:\Documents and Settings\Juuso\setupa.exe
2008-06-03 13:12 . 2008-06-04 12:58 3,419 --a------ C:\WINDOWS\is154890.exe
2008-06-03 13:08 . 2008-06-03 13:08 96,950 -r-hs---- C:\WINDOWS\mservice.exe
2008-06-03 01:46 . 2008-06-05 20:21 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 01:45 . 2008-06-03 01:45 <DIR> d-------- C:\Fraps
2008-06-03 01:39 . 2008-06-03 01:39 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-06-03 01:39 . 2008-06-03 01:39 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-06-03 01:00 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-06-03 00:55 . 2008-06-04 13:58 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\teamspeak2
2008-06-03 00:54 . 2008-06-03 00:54 <DIR> d-------- C:\Program Files\VentriloMIX
2008-06-02 23:06 . 2008-06-02 23:06 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\BSplayer Pro
2008-06-02 23:06 . 2008-06-02 23:09 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\BSplayer
2008-06-02 23:05 . 2008-06-02 23:05 <DIR> d-------- C:\Program Files\Webteh
2008-06-02 21:35 . 2008-06-04 16:03 3,424 --a------ C:\Documents and Settings\Juuso\setup.exe
2008-06-01 23:53 . 2008-06-01 23:53 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-01 23:53 . 2008-06-01 23:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-01 21:21 . 2008-06-02 14:44 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Ventrilo
2008-06-01 21:20 . 2008-06-01 21:20 <DIR> d-------- C:\Program Files\Ventrilo
2008-06-01 21:19 . 2008-06-03 01:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 11:00 . 2008-05-31 11:00 <DIR> d-------- C:\WINDOWS\Sun
2008-05-31 10:54 . 2008-05-31 10:54 <DIR> d-------- C:\Program Files\Sun
2008-05-31 10:53 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-31 10:52 . 2008-05-31 10:53 <DIR> d-------- C:\Program Files\Java
2008-05-31 10:50 . 2008-05-31 10:50 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-30 23:42 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-30 23:42 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-30 23:42 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-30 23:42 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-05-30 20:13 . 2008-05-30 20:13 <DIR> d-------- C:\Documents and Settings\Raija\Application Data\Comodo
2008-05-30 20:13 . 2008-05-30 20:13 <DIR> d-------- C:\Documents and Settings\Raija\Application Data\ATI
2008-05-30 20:13 . 2008-05-30 21:49 <DIR> d-------- C:\Documents and Settings\Raija
2008-05-29 17:47 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-05-29 17:27 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo\Application Data\Comodo
2008-05-29 17:27 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo\Application Data\ATI
2008-05-29 17:26 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo
2008-05-28 09:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-28 09:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-28 09:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-27 23:54 . 2008-06-02 23:01 <DIR> d-------- C:\Jotain ihmejuttuja
2008-05-27 23:04 . 2008-05-27 23:07 <DIR> d-------- C:\Program Files\Winamp
2008-05-27 23:04 . 2008-05-27 23:27 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Winamp
2008-05-27 19:33 . 2008-06-03 01:39 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-27 19:33 . 2008-05-27 19:37 <DIR> d-------- C:\Documents and Settings\Juuso\Contacts
2008-05-27 16:14 . 2008-05-27 16:14 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-27 15:29 . 2006-06-14 11:47 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2008-05-27 15:29 . 2006-06-14 12:00 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-05-27 15:29 . 2006-06-14 11:47 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-05-27 15:27 . 2006-05-05 12:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-05-27 15:04 . 2008-05-27 15:05 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-27 14:31 . 2008-05-27 14:31 <DIR> d-------- C:\Installerit
2008-05-27 14:30 . 2008-05-27 14:30 <DIR> d-------- C:\Program Files\uTorrent
2008-05-27 14:30 . 2008-06-03 18:03 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\uTorrent
2008-05-27 14:29 . 2008-06-03 15:16 <DIR> d-------- C:\Pelit
2008-05-27 14:28 . 2008-06-01 20:27 <DIR> d-------- C:\Musat
2008-05-27 14:28 . 2008-06-02 23:09 <DIR> d-------- C:\Leffat
2008-05-27 13:52 . 2008-05-27 13:52 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\ATI
2008-05-27 13:52 . 2008-05-27 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-05-27 13:46 . 2008-05-27 13:46 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-05-27 13:46 . 2008-05-27 13:46 <DIR> d-------- C:\Program Files\Realtek
2008-05-27 13:46 . 2006-03-14 06:23 82,048 -ra------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-05-27 13:45 . 2008-05-27 13:28 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 13:45 . 2008-05-27 13:45 <DIR> d-------- C:\Program Files\Analog Devices
2008-05-27 13:44 . 2008-06-05 19:55 <DIR> d-------- C:\Program Files\mIRC
2008-05-27 13:44 . 2008-05-27 13:27 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-27 13:44 . 2008-06-05 20:22 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\NoNameScript
2008-05-27 13:44 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-27 13:43 . 2008-05-27 13:43 15,891 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-05-27 13:43 . 2004-04-27 10:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-27 13:43 . 2004-08-13 05:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-05-27 13:40 . 2008-05-27 13:44 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\mIRC
2008-05-27 13:39 . 2008-06-03 13:59 <DIR> d-------- C:\Program Files\Windows Live
2008-05-27 13:39 . 2008-05-27 19:32 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-27 13:39 . 2008-05-27 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-27 13:35 . 2006-03-17 03:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-05-27 13:33 . 2008-06-05 19:52 <DIR> d-------- C:\Program Files\Steam
2008-05-27 13:31 . 2008-05-29 09:49 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-27 13:29 . 2008-05-27 13:29 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-27 13:28 . 2008-05-12 10:49 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-27 13:27 . 2008-05-27 13:28 <DIR> d-------- C:\Program Files\ATI Technologies
2008-05-27 13:27 . 2008-05-27 13:27 <DIR> d-------- C:\ATI
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Program Files\Opera
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Program Files\COMODO
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Program Files\AskSBar
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Comodo
2008-05-27 13:22 . 2008-05-27 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-27 13:22 . 2008-05-27 13:22 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-05-27 13:22 . 2008-05-27 13:22 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-27 13:22 . 2008-05-27 13:22 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-27 13:21 . 2008-05-27 13:21 <DIR> d-------- C:\Program Files\Alwil Software
2008-05-27 13:21 . 2003-03-18 23:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-27 13:21 . 2003-03-18 22:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-05-27 13:21 . 2003-02-21 06:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-05-27 13:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 19:30 . 2008-05-12 19:30 3,007,488 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 19:30 . 2008-05-12 19:30 3,007,488 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 18:56 . 2008-05-12 18:56 397,312 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 18:54 . 2008-05-12 18:54 305,152 --a--c--- C:\WINDOWS\system32\dllcache\ati2dvag.dll
2008-05-12 18:54 . 2008-05-12 18:54 305,152 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 18:53 . 2008-05-12 18:53 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 18:45 . 2008-05-12 18:45 180,224 --a------ C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 18:45 . 2008-05-12 18:45 139,264 --a------ C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 18:45 . 2008-05-12 18:45 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 18:45 . 2008-05-12 18:45 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 18:44 . 2008-05-12 18:44 139,264 --a------ C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 18:43 . 2008-05-12 18:43 10,153,984 --a------ C:\WINDOWS\system32\atioglx2.dll
2008-05-12 18:43 . 2008-05-12 18:43 540,672 --a------ C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 18:41 . 2008-05-12 18:41 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 18:32 . 2008-05-12 18:32 3,203,168 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-05-12 18:32 . 2008-05-12 18:32 3,203,168 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-12 18:22 . 2008-05-12 18:22 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-05-12 18:22 . 2008-05-12 18:22 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2008-05-12 18:22 . 2008-05-12 18:22 1,999,616 --a--c--- C:\WINDOWS\system32\dllcache\ativvaxx.dll
2008-05-12 18:22 . 2008-05-12 18:22 1,999,616 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 18:22 . 2008-05-12 18:22 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-05-12 18:09 . 2008-05-12 18:09 47,104 --a------ C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 18:05 . 2008-05-12 18:05 327,680 --a------ C:\WINDOWS\system32\atikvmag.dll
2008-05-12 18:03 . 2008-05-12 18:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 18:03 . 2008-05-12 18:03 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 21:54 --------- d-----w C:\Program Files\VentriloMIX
2008-06-01 18:20 --------- d-----w C:\Program Files\Ventrilo
2008-05-27 20:06 --------- d-----w C:\Program Files\Windows Media Player
2008-05-27 13:01 --------- d-----w C:\Program Files\WinRAR
2008-05-26 20:27 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-26 20:26 --------- d--h--w C:\Program Files\WindowsUpdate
2008-05-26 20:23 --------- d-----w C:\Program Files\Windows NT
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-03-26 08:09 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 07:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-05_12.18.13,87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 09:09:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 16:51:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 16:52:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_67c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-05-27 13:22 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-05-27 13:22 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-05-27 13:33 1271032]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 15:53 913064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 04:11 925696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"css"="C:\Program Files\Comodo\Css\cssurf.exe" [2008-05-22 22:57 188160]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-05 12:40 1655552]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Windows svchost"="service.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Comodo\Css\cssdll32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-27 13:22]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-27 13:22]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 20:22:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-06-05 20:23:12
ComboFix-quarantined-files.txt 2008-06-05 17:23:09
ComboFix2.txt 2008-06-05 09:18:27

Pre-Run: 192,769,220,608 bytes free
Post-Run: 192,763,252,736 bytes free

220 --- E O F --- 2008-05-29 06:49:51

 

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

=====

scannaa hjt:n loki uusi

 

Tässä ComboFix:

ComboFix 08-06-05.2 - Juuso 2008-06-05 20:43:40.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1478 [GMT 3:00]
Running from: C:\Documents and Settings\Juuso\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Juuso\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-05 00:15 . 2008-06-05 00:15 290,110 --a------ C:\WINDOWS\ftp.exe
2008-06-04 22:59 . 2008-06-04 22:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-04 22:40 . 2008-06-01 19:13 <DIR> d-------- C:\SDFix
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ C:\Documents and Settings\Juuso\stp.exe
2008-06-04 14:50 . 2008-06-04 14:58 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-04 14:50 . 2008-06-04 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-03 22:58 . 2008-06-03 23:24 86,548 --a------ C:\Documents and Settings\Juuso\setupa.exe
2008-06-03 13:12 . 2008-06-04 12:58 3,419 --a------ C:\WINDOWS\is154890.exe
2008-06-03 13:08 . 2008-06-03 13:08 96,950 -r-hs---- C:\WINDOWS\mservice.exe
2008-06-03 01:46 . 2008-06-05 20:21 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 01:45 . 2008-06-03 01:45 <DIR> d-------- C:\Fraps
2008-06-03 01:39 . 2008-06-03 01:39 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-06-03 01:39 . 2008-06-03 01:39 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-06-03 01:00 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-06-03 00:55 . 2008-06-04 13:58 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\teamspeak2
2008-06-03 00:54 . 2008-06-03 00:54 <DIR> d-------- C:\Program Files\VentriloMIX
2008-06-02 23:06 . 2008-06-02 23:06 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\BSplayer Pro
2008-06-02 23:06 . 2008-06-02 23:09 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\BSplayer
2008-06-02 23:05 . 2008-06-02 23:05 <DIR> d-------- C:\Program Files\Webteh
2008-06-02 21:35 . 2008-06-04 16:03 3,424 --a------ C:\Documents and Settings\Juuso\setup.exe
2008-06-01 23:53 . 2008-06-01 23:53 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-01 23:53 . 2008-06-01 23:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-01 21:21 . 2008-06-02 14:44 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Ventrilo
2008-06-01 21:20 . 2008-06-01 21:20 <DIR> d-------- C:\Program Files\Ventrilo
2008-06-01 21:19 . 2008-06-03 01:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 11:00 . 2008-05-31 11:00 <DIR> d-------- C:\WINDOWS\Sun
2008-05-31 10:54 . 2008-05-31 10:54 <DIR> d-------- C:\Program Files\Sun
2008-05-31 10:53 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-31 10:52 . 2008-05-31 10:53 <DIR> d-------- C:\Program Files\Java
2008-05-31 10:50 . 2008-05-31 10:50 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-30 23:42 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-30 23:42 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-30 23:42 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-30 23:42 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-05-30 20:13 . 2008-05-30 20:13 <DIR> d-------- C:\Documents and Settings\Raija\Application Data\Comodo
2008-05-30 20:13 . 2008-05-30 20:13 <DIR> d-------- C:\Documents and Settings\Raija\Application Data\ATI
2008-05-30 20:13 . 2008-05-30 21:49 <DIR> d-------- C:\Documents and Settings\Raija
2008-05-29 17:47 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-05-29 17:27 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo\Application Data\Comodo
2008-05-29 17:27 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo\Application Data\ATI
2008-05-29 17:26 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo
2008-05-28 09:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-28 09:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-28 09:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-27 23:54 . 2008-06-02 23:01 <DIR> d-------- C:\Jotain ihmejuttuja
2008-05-27 23:04 . 2008-05-27 23:07 <DIR> d-------- C:\Program Files\Winamp
2008-05-27 23:04 . 2008-05-27 23:27 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Winamp
2008-05-27 19:33 . 2008-06-03 01:39 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-27 19:33 . 2008-05-27 19:37 <DIR> d-------- C:\Documents and Settings\Juuso\Contacts
2008-05-27 16:14 . 2008-05-27 16:14 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-27 15:29 . 2006-06-14 11:47 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2008-05-27 15:29 . 2006-06-14 12:00 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-05-27 15:29 . 2006-06-14 11:47 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-05-27 15:27 . 2006-05-05 12:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-05-27 15:04 . 2008-05-27 15:05 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-27 14:31 . 2008-05-27 14:31 <DIR> d-------- C:\Installerit
2008-05-27 14:30 . 2008-05-27 14:30 <DIR> d-------- C:\Program Files\uTorrent
2008-05-27 14:30 . 2008-06-03 18:03 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\uTorrent
2008-05-27 14:29 . 2008-06-03 15:16 <DIR> d-------- C:\Pelit
2008-05-27 14:28 . 2008-06-01 20:27 <DIR> d-------- C:\Musat
2008-05-27 14:28 . 2008-06-02 23:09 <DIR> d-------- C:\Leffat
2008-05-27 13:52 . 2008-05-27 13:52 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\ATI
2008-05-27 13:52 . 2008-05-27 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-05-27 13:46 . 2008-05-27 13:46 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-05-27 13:46 . 2008-05-27 13:46 <DIR> d-------- C:\Program Files\Realtek
2008-05-27 13:46 . 2006-03-14 06:23 82,048 -ra------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-05-27 13:45 . 2008-05-27 13:28 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 13:45 . 2008-05-27 13:45 <DIR> d-------- C:\Program Files\Analog Devices
2008-05-27 13:44 . 2008-06-05 19:55 <DIR> d-------- C:\Program Files\mIRC
2008-05-27 13:44 . 2008-05-27 13:27 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-27 13:44 . 2008-06-05 20:44 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\NoNameScript
2008-05-27 13:44 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-27 13:43 . 2008-05-27 13:43 15,891 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-05-27 13:43 . 2004-04-27 10:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-27 13:43 . 2004-08-13 05:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-05-27 13:40 . 2008-05-27 13:44 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\mIRC
2008-05-27 13:39 . 2008-06-03 13:59 <DIR> d-------- C:\Program Files\Windows Live
2008-05-27 13:39 . 2008-05-27 19:32 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-27 13:39 . 2008-05-27 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-27 13:35 . 2006-03-17 03:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-05-27 13:33 . 2008-06-05 20:30 <DIR> d-------- C:\Program Files\Steam
2008-05-27 13:31 . 2008-05-29 09:49 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-27 13:29 . 2008-05-27 13:29 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-27 13:28 . 2008-05-12 10:49 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-27 13:27 . 2008-05-27 13:28 <DIR> d-------- C:\Program Files\ATI Technologies
2008-05-27 13:27 . 2008-05-27 13:27 <DIR> d-------- C:\ATI
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Program Files\Opera
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Program Files\COMODO
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Program Files\AskSBar
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Comodo
2008-05-27 13:22 . 2008-05-27 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-27 13:22 . 2008-05-27 13:22 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-05-27 13:22 . 2008-05-27 13:22 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-27 13:22 . 2008-05-27 13:22 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-27 13:21 . 2008-05-27 13:21 <DIR> d-------- C:\Program Files\Alwil Software
2008-05-27 13:21 . 2003-03-18 23:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-27 13:21 . 2003-03-18 22:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-05-27 13:21 . 2003-02-21 06:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-05-27 13:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 19:30 . 2008-05-12 19:30 3,007,488 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 19:30 . 2008-05-12 19:30 3,007,488 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 18:56 . 2008-05-12 18:56 397,312 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 18:54 . 2008-05-12 18:54 305,152 --a--c--- C:\WINDOWS\system32\dllcache\ati2dvag.dll
2008-05-12 18:54 . 2008-05-12 18:54 305,152 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 18:53 . 2008-05-12 18:53 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 18:45 . 2008-05-12 18:45 180,224 --a------ C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 18:45 . 2008-05-12 18:45 139,264 --a------ C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 18:45 . 2008-05-12 18:45 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 18:45 . 2008-05-12 18:45 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 18:44 . 2008-05-12 18:44 139,264 --a------ C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 18:43 . 2008-05-12 18:43 10,153,984 --a------ C:\WINDOWS\system32\atioglx2.dll
2008-05-12 18:43 . 2008-05-12 18:43 540,672 --a------ C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 18:41 . 2008-05-12 18:41 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 18:32 . 2008-05-12 18:32 3,203,168 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-05-12 18:32 . 2008-05-12 18:32 3,203,168 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-12 18:22 . 2008-05-12 18:22 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-05-12 18:22 . 2008-05-12 18:22 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2008-05-12 18:22 . 2008-05-12 18:22 1,999,616 --a--c--- C:\WINDOWS\system32\dllcache\ativvaxx.dll
2008-05-12 18:22 . 2008-05-12 18:22 1,999,616 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 18:22 . 2008-05-12 18:22 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-05-12 18:09 . 2008-05-12 18:09 47,104 --a------ C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 18:05 . 2008-05-12 18:05 327,680 --a------ C:\WINDOWS\system32\atikvmag.dll
2008-05-12 18:03 . 2008-05-12 18:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 18:03 . 2008-05-12 18:03 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 21:54 --------- d-----w C:\Program Files\VentriloMIX
2008-06-01 18:20 --------- d-----w C:\Program Files\Ventrilo
2008-05-27 20:06 --------- d-----w C:\Program Files\Windows Media Player
2008-05-27 13:01 --------- d-----w C:\Program Files\WinRAR
2008-05-26 20:27 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-26 20:26 --------- d--h--w C:\Program Files\WindowsUpdate
2008-05-26 20:23 --------- d-----w C:\Program Files\Windows NT
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-03-26 08:09 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 07:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-05_12.18.13,87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 09:09:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 16:51:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 16:52:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_67c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-05-27 13:22 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-05-27 13:22 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-05-27 13:33 1271032]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 15:53 913064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 04:11 925696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"css"="C:\Program Files\Comodo\Css\cssurf.exe" [2008-05-22 22:57 188160]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-05 12:40 1655552]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Windows svchost"="service.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Comodo\Css\cssdll32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-27 13:22]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-27 13:22]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 20:44:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-06-05 20:44:53
ComboFix-quarantined-files.txt 2008-06-05 17:44:47
ComboFix2.txt 2008-06-05 17:23:13
ComboFix3.txt 2008-06-05 09:18:27

Pre-Run: 192,720,101,376 bytes free
Post-Run: 192,714,444,800 bytes free

221 --- E O F --- 2008-05-29 06:49:51




Ja HJT:


ComboFix 08-06-05.2 - Juuso 2008-06-05 20:43:40.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1478 [GMT 3:00]
Running from: C:\Documents and Settings\Juuso\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Juuso\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-05 00:15 . 2008-06-05 00:15 290,110 --a------ C:\WINDOWS\ftp.exe
2008-06-04 22:59 . 2008-06-04 22:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-04 22:40 . 2008-06-01 19:13 <DIR> d-------- C:\SDFix
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ C:\Documents and Settings\Juuso\stp.exe
2008-06-04 14:50 . 2008-06-04 14:58 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-04 14:50 . 2008-06-04 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-03 22:58 . 2008-06-03 23:24 86,548 --a------ C:\Documents and Settings\Juuso\setupa.exe
2008-06-03 13:12 . 2008-06-04 12:58 3,419 --a------ C:\WINDOWS\is154890.exe
2008-06-03 13:08 . 2008-06-03 13:08 96,950 -r-hs---- C:\WINDOWS\mservice.exe
2008-06-03 01:46 . 2008-06-05 20:21 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 01:45 . 2008-06-03 01:45 <DIR> d-------- C:\Fraps
2008-06-03 01:39 . 2008-06-03 01:39 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-06-03 01:39 . 2008-06-03 01:39 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-06-03 01:00 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-06-03 00:55 . 2008-06-04 13:58 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\teamspeak2
2008-06-03 00:54 . 2008-06-03 00:54 <DIR> d-------- C:\Program Files\VentriloMIX
2008-06-02 23:06 . 2008-06-02 23:06 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\BSplayer Pro
2008-06-02 23:06 . 2008-06-02 23:09 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\BSplayer
2008-06-02 23:05 . 2008-06-02 23:05 <DIR> d-------- C:\Program Files\Webteh
2008-06-02 21:35 . 2008-06-04 16:03 3,424 --a------ C:\Documents and Settings\Juuso\setup.exe
2008-06-01 23:53 . 2008-06-01 23:53 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-01 23:53 . 2008-06-01 23:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-01 21:21 . 2008-06-02 14:44 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Ventrilo
2008-06-01 21:20 . 2008-06-01 21:20 <DIR> d-------- C:\Program Files\Ventrilo
2008-06-01 21:19 . 2008-06-03 01:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 11:00 . 2008-05-31 11:00 <DIR> d-------- C:\WINDOWS\Sun
2008-05-31 10:54 . 2008-05-31 10:54 <DIR> d-------- C:\Program Files\Sun
2008-05-31 10:53 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-31 10:52 . 2008-05-31 10:53 <DIR> d-------- C:\Program Files\Java
2008-05-31 10:50 . 2008-05-31 10:50 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-30 23:42 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-30 23:42 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-30 23:42 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-30 23:42 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-05-30 20:13 . 2008-05-30 20:13 <DIR> d-------- C:\Documents and Settings\Raija\Application Data\Comodo
2008-05-30 20:13 . 2008-05-30 20:13 <DIR> d-------- C:\Documents and Settings\Raija\Application Data\ATI
2008-05-30 20:13 . 2008-05-30 21:49 <DIR> d-------- C:\Documents and Settings\Raija
2008-05-29 17:47 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-05-29 17:27 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo\Application Data\Comodo
2008-05-29 17:27 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo\Application Data\ATI
2008-05-29 17:26 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo
2008-05-28 09:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-28 09:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-28 09:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-27 23:54 . 2008-06-02 23:01 <DIR> d-------- C:\Jotain ihmejuttuja
2008-05-27 23:04 . 2008-05-27 23:07 <DIR> d-------- C:\Program Files\Winamp
2008-05-27 23:04 . 2008-05-27 23:27 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Winamp
2008-05-27 19:33 . 2008-06-03 01:39 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-27 19:33 . 2008-05-27 19:37 <DIR> d-------- C:\Documents and Settings\Juuso\Contacts
2008-05-27 16:14 . 2008-05-27 16:14 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-27 15:29 . 2006-06-14 11:47 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2008-05-27 15:29 . 2006-06-14 12:00 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-05-27 15:29 . 2006-06-14 11:47 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-05-27 15:27 . 2006-05-05 12:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-05-27 15:04 . 2008-05-27 15:05 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-27 14:31 . 2008-05-27 14:31 <DIR> d-------- C:\Installerit
2008-05-27 14:30 . 2008-05-27 14:30 <DIR> d-------- C:\Program Files\uTorrent
2008-05-27 14:30 . 2008-06-03 18:03 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\uTorrent
2008-05-27 14:29 . 2008-06-03 15:16 <DIR> d-------- C:\Pelit
2008-05-27 14:28 . 2008-06-01 20:27 <DIR> d-------- C:\Musat
2008-05-27 14:28 . 2008-06-02 23:09 <DIR> d-------- C:\Leffat
2008-05-27 13:52 . 2008-05-27 13:52 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\ATI
2008-05-27 13:52 . 2008-05-27 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-05-27 13:46 . 2008-05-27 13:46 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-05-27 13:46 . 2008-05-27 13:46 <DIR> d-------- C:\Program Files\Realtek
2008-05-27 13:46 . 2006-03-14 06:23 82,048 -ra------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-05-27 13:45 . 2008-05-27 13:28 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 13:45 . 2008-05-27 13:45 <DIR> d-------- C:\Program Files\Analog Devices
2008-05-27 13:44 . 2008-06-05 19:55 <DIR> d-------- C:\Program Files\mIRC
2008-05-27 13:44 . 2008-05-27 13:27 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-27 13:44 . 2008-06-05 20:44 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\NoNameScript
2008-05-27 13:44 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-27 13:43 . 2008-05-27 13:43 15,891 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-05-27 13:43 . 2004-04-27 10:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-27 13:43 . 2004-08-13 05:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-05-27 13:40 . 2008-05-27 13:44 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\mIRC
2008-05-27 13:39 . 2008-06-03 13:59 <DIR> d-------- C:\Program Files\Windows Live
2008-05-27 13:39 . 2008-05-27 19:32 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-27 13:39 . 2008-05-27 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-27 13:35 . 2006-03-17 03:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-05-27 13:33 . 2008-06-05 20:30 <DIR> d-------- C:\Program Files\Steam
2008-05-27 13:31 . 2008-05-29 09:49 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-27 13:29 . 2008-05-27 13:29 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-27 13:28 . 2008-05-12 10:49 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-27 13:27 . 2008-05-27 13:28 <DIR> d-------- C:\Program Files\ATI Technologies
2008-05-27 13:27 . 2008-05-27 13:27 <DIR> d-------- C:\ATI
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Program Files\Opera
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Program Files\COMODO
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Program Files\AskSBar
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Comodo
2008-05-27 13:22 . 2008-05-27 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-27 13:22 . 2008-05-27 13:22 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-05-27 13:22 . 2008-05-27 13:22 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-27 13:22 . 2008-05-27 13:22 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-27 13:21 . 2008-05-27 13:21 <DIR> d-------- C:\Program Files\Alwil Software
2008-05-27 13:21 . 2003-03-18 23:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-27 13:21 . 2003-03-18 22:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-05-27 13:21 . 2003-02-21 06:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-05-27 13:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 19:30 . 2008-05-12 19:30 3,007,488 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 19:30 . 2008-05-12 19:30 3,007,488 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 18:56 . 2008-05-12 18:56 397,312 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 18:54 . 2008-05-12 18:54 305,152 --a--c--- C:\WINDOWS\system32\dllcache\ati2dvag.dll
2008-05-12 18:54 . 2008-05-12 18:54 305,152 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 18:53 . 2008-05-12 18:53 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 18:45 . 2008-05-12 18:45 180,224 --a------ C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 18:45 . 2008-05-12 18:45 139,264 --a------ C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 18:45 . 2008-05-12 18:45 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 18:45 . 2008-05-12 18:45 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 18:44 . 2008-05-12 18:44 139,264 --a------ C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 18:43 . 2008-05-12 18:43 10,153,984 --a------ C:\WINDOWS\system32\atioglx2.dll
2008-05-12 18:43 . 2008-05-12 18:43 540,672 --a------ C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 18:41 . 2008-05-12 18:41 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 18:32 . 2008-05-12 18:32 3,203,168 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-05-12 18:32 . 2008-05-12 18:32 3,203,168 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-12 18:22 . 2008-05-12 18:22 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-05-12 18:22 . 2008-05-12 18:22 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2008-05-12 18:22 . 2008-05-12 18:22 1,999,616 --a--c--- C:\WINDOWS\system32\dllcache\ativvaxx.dll
2008-05-12 18:22 . 2008-05-12 18:22 1,999,616 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 18:22 . 2008-05-12 18:22 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-05-12 18:09 . 2008-05-12 18:09 47,104 --a------ C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 18:05 . 2008-05-12 18:05 327,680 --a------ C:\WINDOWS\system32\atikvmag.dll
2008-05-12 18:03 . 2008-05-12 18:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 18:03 . 2008-05-12 18:03 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 21:54 --------- d-----w C:\Program Files\VentriloMIX
2008-06-01 18:20 --------- d-----w C:\Program Files\Ventrilo
2008-05-27 20:06 --------- d-----w C:\Program Files\Windows Media Player
2008-05-27 13:01 --------- d-----w C:\Program Files\WinRAR
2008-05-26 20:27 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-26 20:26 --------- d--h--w C:\Program Files\WindowsUpdate
2008-05-26 20:23 --------- d-----w C:\Program Files\Windows NT
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-03-26 08:09 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 07:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-05_12.18.13,87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 09:09:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 16:51:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 16:52:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_67c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-05-27 13:22 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-05-27 13:22 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-05-27 13:33 1271032]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 15:53 913064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 04:11 925696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"css"="C:\Program Files\Comodo\Css\cssurf.exe" [2008-05-22 22:57 188160]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-05 12:40 1655552]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Windows svchost"="service.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Comodo\Css\cssdll32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-27 13:22]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-27 13:22]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 20:44:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-06-05 20:44:53
ComboFix-quarantined-files.txt 2008-06-05 17:44:47
ComboFix2.txt 2008-06-05 17:23:13
ComboFix3.txt 2008-06-05 09:18:27

Pre-Run: 192,720,101,376 bytes free
Post-Run: 192,714,444,800 bytes free

221 --- E O F --- 2008-05-29 06:49:51

 

niin .... laita se hjt
olekos sammutanut ja käynnistänyt koneen
jos et niin tee se nyt ennen uuden hjt:n loki laittoa.

 

Oho, ei sitten kopioinutkaan sitä =)

No nyt bootin jälkeinen HJT:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31:15, on 5.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Css\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [css] C:\Program Files\Comodo\Css\cssurf.exe /s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Comodo\Css\cssdll32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

--
End of file - 6184 bytes

 

Poista ekaksi lisää poista sovelutuksesta

Spybot - Search & Destroy
Ask Toolbar

Poista kansiot vikasiedossa

C:\Program Files\Spybot - Search & Destroy
C:\Program Files\AskSBar

=======

scannaa hjt:llä merkkaa paina Fix checked

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

==================

samuta käynnistä

scannaa uusi combofix loki
viimisenä uusi hjt:n loki

 

Lisää tai poista sovelluksesta poistettu molemmat ohjelmat.

AskSBar kansiota ei löytynyt tuota.

HJT:llä fixasin vain tän: O4 - HKLM\..\Run: [Windows svchost] service.exe

Muita ei löytynyt ja tässä Uusin ComboFixin logi:


ComboFix 08-06-05.2 - Juuso 2008-06-05 22:32:24.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1581 [GMT 3:00]
Running from: C:\Documents and Settings\Juuso\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-05 22:16 . 2008-06-05 22:16 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-05 00:15 . 2008-06-05 00:15 290,110 --a------ C:\WINDOWS\ftp.exe
2008-06-04 22:59 . 2008-06-04 22:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-04 22:40 . 2008-06-01 19:13 <DIR> d-------- C:\SDFix
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ C:\Documents and Settings\Juuso\stp.exe
2008-06-04 14:50 . 2008-06-05 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-03 22:58 . 2008-06-03 23:24 86,548 --a------ C:\Documents and Settings\Juuso\setupa.exe
2008-06-03 13:12 . 2008-06-04 12:58 3,419 --a------ C:\WINDOWS\is154890.exe
2008-06-03 13:08 . 2008-06-03 13:08 96,950 -r-hs---- C:\WINDOWS\mservice.exe
2008-06-03 01:46 . 2008-06-05 22:32 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 01:45 . 2008-06-03 01:45 <DIR> d-------- C:\Fraps
2008-06-03 01:39 . 2008-06-03 01:39 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-06-03 01:39 . 2008-06-03 01:39 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-06-03 01:00 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-06-03 00:55 . 2008-06-04 13:58 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\teamspeak2
2008-06-03 00:54 . 2008-06-03 00:54 <DIR> d-------- C:\Program Files\VentriloMIX
2008-06-02 23:06 . 2008-06-02 23:06 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\BSplayer Pro
2008-06-02 23:06 . 2008-06-02 23:09 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\BSplayer
2008-06-02 23:05 . 2008-06-02 23:05 <DIR> d-------- C:\Program Files\Webteh
2008-06-02 21:35 . 2008-06-04 16:03 3,424 --a------ C:\Documents and Settings\Juuso\setup.exe
2008-06-01 23:53 . 2008-06-01 23:53 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-01 23:53 . 2008-06-01 23:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-01 21:21 . 2008-06-02 14:44 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Ventrilo
2008-06-01 21:20 . 2008-06-01 21:20 <DIR> d-------- C:\Program Files\Ventrilo
2008-06-01 21:19 . 2008-06-03 01:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 11:00 . 2008-05-31 11:00 <DIR> d-------- C:\WINDOWS\Sun
2008-05-31 10:54 . 2008-05-31 10:54 <DIR> d-------- C:\Program Files\Sun
2008-05-31 10:53 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-31 10:52 . 2008-05-31 10:53 <DIR> d-------- C:\Program Files\Java
2008-05-31 10:50 . 2008-05-31 10:50 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-30 23:42 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-30 23:42 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-30 23:42 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-30 23:42 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-05-30 20:13 . 2008-05-30 20:13 <DIR> d-------- C:\Documents and Settings\Raija\Application Data\Comodo
2008-05-30 20:13 . 2008-05-30 20:13 <DIR> d-------- C:\Documents and Settings\Raija\Application Data\ATI
2008-05-30 20:13 . 2008-05-30 21:49 <DIR> d-------- C:\Documents and Settings\Raija
2008-05-29 17:47 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-05-29 17:27 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo\Application Data\Comodo
2008-05-29 17:27 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo\Application Data\ATI
2008-05-29 17:26 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo
2008-05-28 09:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-28 09:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-28 09:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-27 23:54 . 2008-06-02 23:01 <DIR> d-------- C:\Jotain ihmejuttuja
2008-05-27 23:04 . 2008-05-27 23:07 <DIR> d-------- C:\Program Files\Winamp
2008-05-27 23:04 . 2008-05-27 23:27 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Winamp
2008-05-27 19:33 . 2008-06-03 01:39 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-27 19:33 . 2008-05-27 19:37 <DIR> d-------- C:\Documents and Settings\Juuso\Contacts
2008-05-27 16:14 . 2008-05-27 16:14 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-27 15:29 . 2006-06-14 11:47 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2008-05-27 15:29 . 2006-06-14 12:00 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-05-27 15:29 . 2006-06-14 11:47 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-05-27 15:27 . 2006-05-05 12:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-05-27 15:04 . 2008-05-27 15:05 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-27 14:31 . 2008-05-27 14:31 <DIR> d-------- C:\Installerit
2008-05-27 14:30 . 2008-05-27 14:30 <DIR> d-------- C:\Program Files\uTorrent
2008-05-27 14:30 . 2008-06-03 18:03 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\uTorrent
2008-05-27 14:29 . 2008-06-03 15:16 <DIR> d-------- C:\Pelit
2008-05-27 14:28 . 2008-06-01 20:27 <DIR> d-------- C:\Musat
2008-05-27 14:28 . 2008-06-02 23:09 <DIR> d-------- C:\Leffat
2008-05-27 13:52 . 2008-05-27 13:52 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\ATI
2008-05-27 13:52 . 2008-05-27 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-05-27 13:46 . 2008-05-27 13:46 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-05-27 13:46 . 2008-05-27 13:46 <DIR> d-------- C:\Program Files\Realtek
2008-05-27 13:46 . 2006-03-14 06:23 82,048 -ra------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-05-27 13:45 . 2008-05-27 13:28 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 13:45 . 2008-05-27 13:45 <DIR> d-------- C:\Program Files\Analog Devices
2008-05-27 13:44 . 2008-06-05 22:23 <DIR> d-------- C:\Program Files\mIRC
2008-05-27 13:44 . 2008-05-27 13:27 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-27 13:44 . 2008-06-05 22:27 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\NoNameScript
2008-05-27 13:44 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-27 13:43 . 2008-05-27 13:43 15,891 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-05-27 13:43 . 2004-04-27 10:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-27 13:43 . 2004-08-13 05:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-05-27 13:40 . 2008-05-27 13:44 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\mIRC
2008-05-27 13:39 . 2008-06-05 21:53 <DIR> d-------- C:\Program Files\Windows Live
2008-05-27 13:39 . 2008-05-27 19:32 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-27 13:39 . 2008-06-05 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-27 13:35 . 2006-03-17 03:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-05-27 13:33 . 2008-06-05 22:29 <DIR> d-------- C:\Program Files\Steam
2008-05-27 13:31 . 2008-05-29 09:49 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-27 13:29 . 2008-05-27 13:29 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-27 13:28 . 2008-05-12 10:49 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-27 13:27 . 2008-05-27 13:28 <DIR> d-------- C:\Program Files\ATI Technologies
2008-05-27 13:27 . 2008-05-27 13:27 <DIR> d-------- C:\ATI
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Program Files\Opera
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Program Files\COMODO
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Comodo
2008-05-27 13:22 . 2008-05-27 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-27 13:22 . 2008-05-27 13:22 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-05-27 13:22 . 2008-05-27 13:22 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-27 13:22 . 2008-05-27 13:22 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-27 13:21 . 2008-05-27 13:21 <DIR> d-------- C:\Program Files\Alwil Software
2008-05-27 13:21 . 2003-03-18 23:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-27 13:21 . 2003-03-18 22:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-05-27 13:21 . 2003-02-21 06:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-05-27 13:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 19:30 . 2008-05-12 19:30 3,007,488 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 19:30 . 2008-05-12 19:30 3,007,488 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 18:56 . 2008-05-12 18:56 397,312 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 18:54 . 2008-05-12 18:54 305,152 --a--c--- C:\WINDOWS\system32\dllcache\ati2dvag.dll
2008-05-12 18:54 . 2008-05-12 18:54 305,152 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 18:53 . 2008-05-12 18:53 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 18:45 . 2008-05-12 18:45 180,224 --a------ C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 18:45 . 2008-05-12 18:45 139,264 --a------ C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 18:45 . 2008-05-12 18:45 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 18:45 . 2008-05-12 18:45 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 18:44 . 2008-05-12 18:44 139,264 --a------ C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 18:43 . 2008-05-12 18:43 10,153,984 --a------ C:\WINDOWS\system32\atioglx2.dll
2008-05-12 18:43 . 2008-05-12 18:43 540,672 --a------ C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 18:41 . 2008-05-12 18:41 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 18:32 . 2008-05-12 18:32 3,203,168 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-05-12 18:32 . 2008-05-12 18:32 3,203,168 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-12 18:22 . 2008-05-12 18:22 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-05-12 18:22 . 2008-05-12 18:22 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2008-05-12 18:22 . 2008-05-12 18:22 1,999,616 --a--c--- C:\WINDOWS\system32\dllcache\ativvaxx.dll
2008-05-12 18:22 . 2008-05-12 18:22 1,999,616 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 18:22 . 2008-05-12 18:22 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-05-12 18:09 . 2008-05-12 18:09 47,104 --a------ C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 18:05 . 2008-05-12 18:05 327,680 --a------ C:\WINDOWS\system32\atikvmag.dll
2008-05-12 18:03 . 2008-05-12 18:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 18:03 . 2008-05-12 18:03 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
2008-05-12 18:02 . 2008-05-12 18:02 241,664 --a------ C:\WINDOWS\system32\atiok3x2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 21:54 --------- d-----w C:\Program Files\VentriloMIX
2008-06-01 18:20 --------- d-----w C:\Program Files\Ventrilo
2008-05-27 20:06 --------- d-----w C:\Program Files\Windows Media Player
2008-05-27 13:01 --------- d-----w C:\Program Files\WinRAR
2008-05-26 20:27 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-26 20:26 --------- d--h--w C:\Program Files\WindowsUpdate
2008-05-26 20:23 --------- d-----w C:\Program Files\Windows NT
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-03-26 08:09 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 07:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-05_12.18.13,87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 09:09:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 19:28:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-27 16:33:03 29,926 ----a-r C:\WINDOWS\Installer\{A9174A72-1B46-445B-B3CF-90ED2C63D83B}\MsblIco.Exe
+ 2008-06-05 18:53:23 29,926 ----a-r C:\WINDOWS\Installer\{A9174A72-1B46-445B-B3CF-90ED2C63D83B}\MsblIco.Exe
+ 2007-10-18 08:31:46 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2008-06-05 19:29:01 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_644.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-05-27 13:33 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 15:53 913064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 04:11 925696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"css"="C:\Program Files\Comodo\Css\cssurf.exe" [2008-05-22 22:57 188160]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-05 12:40 1655552]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Comodo\Css\cssdll32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-27 13:22]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-27 13:22]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 22:33:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-06-05 22:33:58
ComboFix-quarantined-files.txt 2008-06-05 19:33:54
ComboFix2.txt 2008-06-05 17:44:53
ComboFix3.txt 2008-06-05 17:23:13
ComboFix4.txt 2008-06-05 09:18:27

Pre-Run: 192,696,156,160 bytes free
Post-Run: 192,685,068,288 bytes free

220 --- E O F --- 2008-05-29 06:49:51





Ja bootin jälkeen HJT:




ComboFix 08-06-05.2 - Juuso 2008-06-05 22:32:24.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1581 [GMT 3:00]
Running from: C:\Documents and Settings\Juuso\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-05 22:16 . 2008-06-05 22:16 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-05 00:15 . 2008-06-05 00:15 290,110 --a------ C:\WINDOWS\ftp.exe
2008-06-04 22:59 . 2008-06-04 22:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-04 22:40 . 2008-06-01 19:13 <DIR> d-------- C:\SDFix
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ C:\Documents and Settings\Juuso\stp.exe
2008-06-04 14:50 . 2008-06-05 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-03 22:58 . 2008-06-03 23:24 86,548 --a------ C:\Documents and Settings\Juuso\setupa.exe
2008-06-03 13:12 . 2008-06-04 12:58 3,419 --a------ C:\WINDOWS\is154890.exe
2008-06-03 13:08 . 2008-06-03 13:08 96,950 -r-hs---- C:\WINDOWS\mservice.exe
2008-06-03 01:46 . 2008-06-05 22:32 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 01:45 . 2008-06-03 01:45 <DIR> d-------- C:\Fraps
2008-06-03 01:39 . 2008-06-03 01:39 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-06-03 01:39 . 2008-06-03 01:39 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-06-03 01:00 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-06-03 00:55 . 2008-06-04 13:58 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\teamspeak2
2008-06-03 00:54 . 2008-06-03 00:54 <DIR> d-------- C:\Program Files\VentriloMIX
2008-06-02 23:06 . 2008-06-02 23:06 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\BSplayer Pro
2008-06-02 23:06 . 2008-06-02 23:09 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\BSplayer
2008-06-02 23:05 . 2008-06-02 23:05 <DIR> d-------- C:\Program Files\Webteh
2008-06-02 21:35 . 2008-06-04 16:03 3,424 --a------ C:\Documents and Settings\Juuso\setup.exe
2008-06-01 23:53 . 2008-06-01 23:53 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-01 23:53 . 2008-06-01 23:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-01 21:21 . 2008-06-02 14:44 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Ventrilo
2008-06-01 21:20 . 2008-06-01 21:20 <DIR> d-------- C:\Program Files\Ventrilo
2008-06-01 21:19 . 2008-06-03 01:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 11:00 . 2008-05-31 11:00 <DIR> d-------- C:\WINDOWS\Sun
2008-05-31 10:54 . 2008-05-31 10:54 <DIR> d-------- C:\Program Files\Sun
2008-05-31 10:53 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-31 10:52 . 2008-05-31 10:53 <DIR> d-------- C:\Program Files\Java
2008-05-31 10:50 . 2008-05-31 10:50 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-30 23:42 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-30 23:42 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-30 23:42 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-30 23:42 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-05-30 20:13 . 2008-05-30 20:13 <DIR> d-------- C:\Documents and Settings\Raija\Application Data\Comodo
2008-05-30 20:13 . 2008-05-30 20:13 <DIR> d-------- C:\Documents and Settings\Raija\Application Data\ATI
2008-05-30 20:13 . 2008-05-30 21:49 <DIR> d-------- C:\Documents and Settings\Raija
2008-05-29 17:47 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-05-29 17:27 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo\Application Data\Comodo
2008-05-29 17:27 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo\Application Data\ATI
2008-05-29 17:26 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo
2008-05-28 09:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-28 09:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-28 09:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-27 23:54 . 2008-06-02 23:01 <DIR> d-------- C:\Jotain ihmejuttuja
2008-05-27 23:04 . 2008-05-27 23:07 <DIR> d-------- C:\Program Files\Winamp
2008-05-27 23:04 . 2008-05-27 23:27 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Winamp
2008-05-27 19:33 . 2008-06-03 01:39 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-27 19:33 . 2008-05-27 19:37 <DIR> d-------- C:\Documents and Settings\Juuso\Contacts
2008-05-27 16:14 . 2008-05-27 16:14 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-27 15:29 . 2006-06-14 11:47 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2008-05-27 15:29 . 2006-06-14 12:00 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-05-27 15:29 . 2006-06-14 11:47 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-05-27 15:27 . 2006-05-05 12:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-05-27 15:04 . 2008-05-27 15:05 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-27 14:31 . 2008-05-27 14:31 <DIR> d-------- C:\Installerit
2008-05-27 14:30 . 2008-05-27 14:30 <DIR> d-------- C:\Program Files\uTorrent
2008-05-27 14:30 . 2008-06-03 18:03 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\uTorrent
2008-05-27 14:29 . 2008-06-03 15:16 <DIR> d-------- C:\Pelit
2008-05-27 14:28 . 2008-06-01 20:27 <DIR> d-------- C:\Musat
2008-05-27 14:28 . 2008-06-02 23:09 <DIR> d-------- C:\Leffat
2008-05-27 13:52 . 2008-05-27 13:52 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\ATI
2008-05-27 13:52 . 2008-05-27 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-05-27 13:46 . 2008-05-27 13:46 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-05-27 13:46 . 2008-05-27 13:46 <DIR> d-------- C:\Program Files\Realtek
2008-05-27 13:46 . 2006-03-14 06:23 82,048 -ra------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-05-27 13:45 . 2008-05-27 13:28 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 13:45 . 2008-05-27 13:45 <DIR> d-------- C:\Program Files\Analog Devices
2008-05-27 13:44 . 2008-06-05 22:23 <DIR> d-------- C:\Program Files\mIRC
2008-05-27 13:44 . 2008-05-27 13:27 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-27 13:44 . 2008-06-05 22:27 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\NoNameScript
2008-05-27 13:44 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-27 13:43 . 2008-05-27 13:43 15,891 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-05-27 13:43 . 2004-04-27 10:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-27 13:43 . 2004-08-13 05:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-05-27 13:40 . 2008-05-27 13:44 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\mIRC
2008-05-27 13:39 . 2008-06-05 21:53 <DIR> d-------- C:\Program Files\Windows Live
2008-05-27 13:39 . 2008-05-27 19:32 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-27 13:39 . 2008-06-05 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-27 13:35 . 2006-03-17 03:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-05-27 13:33 . 2008-06-05 22:29 <DIR> d-------- C:\Program Files\Steam
2008-05-27 13:31 . 2008-05-29 09:49 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-27 13:29 . 2008-05-27 13:29 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-27 13:28 . 2008-05-12 10:49 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-27 13:27 . 2008-05-27 13:28 <DIR> d-------- C:\Program Files\ATI Technologies
2008-05-27 13:27 . 2008-05-27 13:27 <DIR> d-------- C:\ATI
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Program Files\Opera
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Program Files\COMODO
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Comodo
2008-05-27 13:22 . 2008-05-27 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-27 13:22 . 2008-05-27 13:22 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-05-27 13:22 . 2008-05-27 13:22 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-27 13:22 . 2008-05-27 13:22 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-27 13:21 . 2008-05-27 13:21 <DIR> d-------- C:\Program Files\Alwil Software
2008-05-27 13:21 . 2003-03-18 23:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-27 13:21 . 2003-03-18 22:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-05-27 13:21 . 2003-02-21 06:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-05-27 13:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 19:30 . 2008-05-12 19:30 3,007,488 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 19:30 . 2008-05-12 19:30 3,007,488 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 18:56 . 2008-05-12 18:56 397,312 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 18:54 . 2008-05-12 18:54 305,152 --a--c--- C:\WINDOWS\system32\dllcache\ati2dvag.dll
2008-05-12 18:54 . 2008-05-12 18:54 305,152 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 18:53 . 2008-05-12 18:53 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 18:45 . 2008-05-12 18:45 180,224 --a------ C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 18:45 . 2008-05-12 18:45 139,264 --a------ C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 18:45 . 2008-05-12 18:45 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 18:45 . 2008-05-12 18:45 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 18:44 . 2008-05-12 18:44 139,264 --a------ C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 18:43 . 2008-05-12 18:43 10,153,984 --a------ C:\WINDOWS\system32\atioglx2.dll
2008-05-12 18:43 . 2008-05-12 18:43 540,672 --a------ C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 18:41 . 2008-05-12 18:41 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 18:32 . 2008-05-12 18:32 3,203,168 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-05-12 18:32 . 2008-05-12 18:32 3,203,168 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-12 18:22 . 2008-05-12 18:22 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-05-12 18:22 . 2008-05-12 18:22 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2008-05-12 18:22 . 2008-05-12 18:22 1,999,616 --a--c--- C:\WINDOWS\system32\dllcache\ativvaxx.dll
2008-05-12 18:22 . 2008-05-12 18:22 1,999,616 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 18:22 . 2008-05-12 18:22 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-05-12 18:09 . 2008-05-12 18:09 47,104 --a------ C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 18:05 . 2008-05-12 18:05 327,680 --a------ C:\WINDOWS\system32\atikvmag.dll
2008-05-12 18:03 . 2008-05-12 18:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 18:03 . 2008-05-12 18:03 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
2008-05-12 18:02 . 2008-05-12 18:02 241,664 --a------ C:\WINDOWS\system32\atiok3x2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 21:54 --------- d-----w C:\Program Files\VentriloMIX
2008-06-01 18:20 --------- d-----w C:\Program Files\Ventrilo
2008-05-27 20:06 --------- d-----w C:\Program Files\Windows Media Player
2008-05-27 13:01 --------- d-----w C:\Program Files\WinRAR
2008-05-26 20:27 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-26 20:26 --------- d--h--w C:\Program Files\WindowsUpdate
2008-05-26 20:23 --------- d-----w C:\Program Files\Windows NT
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-03-26 08:09 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 07:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-05_12.18.13,87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 09:09:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 19:28:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-27 16:33:03 29,926 ----a-r C:\WINDOWS\Installer\{A9174A72-1B46-445B-B3CF-90ED2C63D83B}\MsblIco.Exe
+ 2008-06-05 18:53:23 29,926 ----a-r C:\WINDOWS\Installer\{A9174A72-1B46-445B-B3CF-90ED2C63D83B}\MsblIco.Exe
+ 2007-10-18 08:31:46 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2008-06-05 19:29:01 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_644.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-05-27 13:33 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 15:53 913064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 04:11 925696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"css"="C:\Program Files\Comodo\Css\cssurf.exe" [2008-05-22 22:57 188160]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-05 12:40 1655552]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Comodo\Css\cssdll32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-27 13:22]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-27 13:22]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 22:33:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-06-05 22:33:58
ComboFix-quarantined-files.txt 2008-06-05 19:33:54
ComboFix2.txt 2008-06-05 17:44:53
ComboFix3.txt 2008-06-05 17:23:13
ComboFix4.txt 2008-06-05 09:18:27

Pre-Run: 192,696,156,160 bytes free
Post-Run: 192,685,068,288 bytes free

220 --- E O F --- 2008-05-29 06:49:51

 

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

====

scannaa uusi hjt:n loki

 

ComboFiX:


ComboFix 08-06-05.2 - Juuso 2008-06-05 23:17:48.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1485 [GMT 3:00]
Running from: C:\Documents and Settings\Juuso\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Juuso\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-05 22:16 . 2008-06-05 22:16 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-05 00:15 . 2008-06-05 00:15 290,110 --a------ C:\WINDOWS\ftp.exe
2008-06-04 22:59 . 2008-06-04 22:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-04 22:40 . 2008-06-01 19:13 <DIR> d-------- C:\SDFix
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ C:\Documents and Settings\Juuso\stp.exe
2008-06-04 14:50 . 2008-06-05 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-03 22:58 . 2008-06-03 23:24 86,548 --a------ C:\Documents and Settings\Juuso\setupa.exe
2008-06-03 13:12 . 2008-06-04 12:58 3,419 --a------ C:\WINDOWS\is154890.exe
2008-06-03 13:08 . 2008-06-03 13:08 96,950 -r-hs---- C:\WINDOWS\mservice.exe
2008-06-03 01:46 . 2008-06-05 23:17 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 01:45 . 2008-06-03 01:45 <DIR> d-------- C:\Fraps
2008-06-03 01:39 . 2008-06-03 01:39 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-06-03 01:39 . 2008-06-03 01:39 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-06-03 01:00 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-06-03 00:55 . 2008-06-04 13:58 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\teamspeak2
2008-06-03 00:54 . 2008-06-03 00:54 <DIR> d-------- C:\Program Files\VentriloMIX
2008-06-02 23:06 . 2008-06-02 23:06 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\BSplayer Pro
2008-06-02 23:06 . 2008-06-02 23:09 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\BSplayer
2008-06-02 23:05 . 2008-06-02 23:05 <DIR> d-------- C:\Program Files\Webteh
2008-06-02 21:35 . 2008-06-04 16:03 3,424 --a------ C:\Documents and Settings\Juuso\setup.exe
2008-06-01 23:53 . 2008-06-01 23:53 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-01 23:53 . 2008-06-01 23:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-01 21:21 . 2008-06-02 14:44 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Ventrilo
2008-06-01 21:20 . 2008-06-01 21:20 <DIR> d-------- C:\Program Files\Ventrilo
2008-06-01 21:19 . 2008-06-03 01:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 11:00 . 2008-05-31 11:00 <DIR> d-------- C:\WINDOWS\Sun
2008-05-31 10:54 . 2008-05-31 10:54 <DIR> d-------- C:\Program Files\Sun
2008-05-31 10:53 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-31 10:52 . 2008-05-31 10:53 <DIR> d-------- C:\Program Files\Java
2008-05-31 10:50 . 2008-05-31 10:50 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-30 23:42 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-30 23:42 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-30 23:42 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-30 23:42 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-05-30 20:13 . 2008-05-30 20:13 <DIR> d-------- C:\Documents and Settings\Raija\Application Data\Comodo
2008-05-30 20:13 . 2008-05-30 20:13 <DIR> d-------- C:\Documents and Settings\Raija\Application Data\ATI
2008-05-30 20:13 . 2008-05-30 21:49 <DIR> d-------- C:\Documents and Settings\Raija
2008-05-29 17:47 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-05-29 17:27 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo\Application Data\Comodo
2008-05-29 17:27 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo\Application Data\ATI
2008-05-29 17:26 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo
2008-05-28 09:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-28 09:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-28 09:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-27 23:54 . 2008-06-02 23:01 <DIR> d-------- C:\Jotain ihmejuttuja
2008-05-27 23:04 . 2008-05-27 23:07 <DIR> d-------- C:\Program Files\Winamp
2008-05-27 23:04 . 2008-05-27 23:27 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Winamp
2008-05-27 19:33 . 2008-06-03 01:39 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-27 19:33 . 2008-05-27 19:37 <DIR> d-------- C:\Documents and Settings\Juuso\Contacts
2008-05-27 16:14 . 2008-05-27 16:14 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-27 15:29 . 2006-06-14 11:47 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2008-05-27 15:29 . 2006-06-14 12:00 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-05-27 15:29 . 2006-06-14 11:47 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-05-27 15:27 . 2006-05-05 12:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-05-27 15:04 . 2008-05-27 15:05 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-27 14:31 . 2008-05-27 14:31 <DIR> d-------- C:\Installerit
2008-05-27 14:30 . 2008-05-27 14:30 <DIR> d-------- C:\Program Files\uTorrent
2008-05-27 14:30 . 2008-06-03 18:03 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\uTorrent
2008-05-27 14:29 . 2008-06-03 15:16 <DIR> d-------- C:\Pelit
2008-05-27 14:28 . 2008-06-01 20:27 <DIR> d-------- C:\Musat
2008-05-27 14:28 . 2008-06-02 23:09 <DIR> d-------- C:\Leffat
2008-05-27 13:52 . 2008-05-27 13:52 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\ATI
2008-05-27 13:52 . 2008-05-27 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-05-27 13:46 . 2008-05-27 13:46 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-05-27 13:46 . 2008-05-27 13:46 <DIR> d-------- C:\Program Files\Realtek
2008-05-27 13:46 . 2006-03-14 06:23 82,048 -ra------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-05-27 13:45 . 2008-05-27 13:28 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 13:45 . 2008-05-27 13:45 <DIR> d-------- C:\Program Files\Analog Devices
2008-05-27 13:44 . 2008-06-05 22:36 <DIR> d-------- C:\Program Files\mIRC
2008-05-27 13:44 . 2008-05-27 13:27 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-27 13:44 . 2008-06-05 23:19 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\NoNameScript
2008-05-27 13:44 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-27 13:43 . 2008-05-27 13:43 15,891 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-05-27 13:43 . 2004-04-27 10:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-27 13:43 . 2004-08-13 05:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-05-27 13:40 . 2008-05-27 13:44 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\mIRC
2008-05-27 13:39 . 2008-06-05 21:53 <DIR> d-------- C:\Program Files\Windows Live
2008-05-27 13:39 . 2008-05-27 19:32 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-27 13:39 . 2008-06-05 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-27 13:35 . 2006-03-17 03:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-05-27 13:33 . 2008-06-05 22:35 <DIR> d-------- C:\Program Files\Steam
2008-05-27 13:31 . 2008-05-29 09:49 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-27 13:29 . 2008-05-27 13:29 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-27 13:28 . 2008-05-12 10:49 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-27 13:27 . 2008-05-27 13:28 <DIR> d-------- C:\Program Files\ATI Technologies
2008-05-27 13:27 . 2008-05-27 13:27 <DIR> d-------- C:\ATI
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Program Files\Opera
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Program Files\COMODO
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Comodo
2008-05-27 13:22 . 2008-05-27 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-27 13:22 . 2008-05-27 13:22 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-05-27 13:22 . 2008-05-27 13:22 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-27 13:22 . 2008-05-27 13:22 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-27 13:21 . 2008-05-27 13:21 <DIR> d-------- C:\Program Files\Alwil Software
2008-05-27 13:21 . 2003-03-18 23:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-27 13:21 . 2003-03-18 22:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-05-27 13:21 . 2003-02-21 06:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-05-27 13:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 19:30 . 2008-05-12 19:30 3,007,488 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 19:30 . 2008-05-12 19:30 3,007,488 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 18:56 . 2008-05-12 18:56 397,312 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 18:54 . 2008-05-12 18:54 305,152 --a--c--- C:\WINDOWS\system32\dllcache\ati2dvag.dll
2008-05-12 18:54 . 2008-05-12 18:54 305,152 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 18:53 . 2008-05-12 18:53 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 18:45 . 2008-05-12 18:45 180,224 --a------ C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 18:45 . 2008-05-12 18:45 139,264 --a------ C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 18:45 . 2008-05-12 18:45 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 18:45 . 2008-05-12 18:45 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 18:44 . 2008-05-12 18:44 139,264 --a------ C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 18:43 . 2008-05-12 18:43 10,153,984 --a------ C:\WINDOWS\system32\atioglx2.dll
2008-05-12 18:43 . 2008-05-12 18:43 540,672 --a------ C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 18:41 . 2008-05-12 18:41 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 18:32 . 2008-05-12 18:32 3,203,168 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-05-12 18:32 . 2008-05-12 18:32 3,203,168 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-12 18:22 . 2008-05-12 18:22 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-05-12 18:22 . 2008-05-12 18:22 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2008-05-12 18:22 . 2008-05-12 18:22 1,999,616 --a--c--- C:\WINDOWS\system32\dllcache\ativvaxx.dll
2008-05-12 18:22 . 2008-05-12 18:22 1,999,616 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 18:22 . 2008-05-12 18:22 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-05-12 18:09 . 2008-05-12 18:09 47,104 --a------ C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 18:05 . 2008-05-12 18:05 327,680 --a------ C:\WINDOWS\system32\atikvmag.dll
2008-05-12 18:03 . 2008-05-12 18:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 18:03 . 2008-05-12 18:03 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
2008-05-12 18:02 . 2008-05-12 18:02 241,664 --a------ C:\WINDOWS\system32\atiok3x2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 21:54 --------- d-----w C:\Program Files\VentriloMIX
2008-06-01 18:20 --------- d-----w C:\Program Files\Ventrilo
2008-05-27 20:06 --------- d-----w C:\Program Files\Windows Media Player
2008-05-27 13:01 --------- d-----w C:\Program Files\WinRAR
2008-05-26 20:27 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-26 20:26 --------- d--h--w C:\Program Files\WindowsUpdate
2008-05-26 20:23 --------- d-----w C:\Program Files\Windows NT
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-03-26 08:09 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 07:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-05_12.18.13,87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 09:09:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 19:35:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-27 16:33:03 29,926 ----a-r C:\WINDOWS\Installer\{A9174A72-1B46-445B-B3CF-90ED2C63D83B}\MsblIco.Exe
+ 2008-06-05 18:53:23 29,926 ----a-r C:\WINDOWS\Installer\{A9174A72-1B46-445B-B3CF-90ED2C63D83B}\MsblIco.Exe
+ 2007-10-18 08:31:46 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2008-06-05 19:35:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_644.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-05-27 13:33 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 15:53 913064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 04:11 925696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"css"="C:\Program Files\Comodo\Css\cssurf.exe" [2008-05-22 22:57 188160]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-05 12:40 1655552]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Comodo\Css\cssdll32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-27 13:22]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-27 13:22]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 23:18:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Documents and Settings\Juuso\Application Data\NoNameScript\logs\#afterdawn.com.log 115 bytes
C:\Documents and Settings\Juuso\Application Data\NoNameScript\logs\#muusikoiden.net.log 117 bytes
C:\Documents and Settings\Juuso\Application Data\NoNameScript\logs\status.log 1540 bytes

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-06-05 23:19:47
ComboFix-quarantined-files.txt 2008-06-05 20:19:34
ComboFix2.txt 2008-06-05 19:33:59
ComboFix3.txt 2008-06-05 17:44:53
ComboFix4.txt 2008-06-05 17:23:13
ComboFix5.txt 2008-06-05 09:18:27

Pre-Run: 192,629,891,072 bytes free
Post-Run: 192,625,565,696 bytes free

225 --- E O F --- 2008-05-29 06:49:51



HJT:



MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Css\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Opera\Opera.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [css] C:\Program Files\Comodo\Css\cssurf.exe /s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Comodo\Css\cssdll32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

--
End of file - 5167 bytes

 

mites se kone toimii?

 

No toimii hyvin, ei oo enää parin buutin jälkeen tullu taskbarin jäätymistä sun muuta.

ELi taitaa olla ihan puhas nyt?

 

C:\WINDOWS\mservice.exe
C:\WINDOWS\is154890.exe

mites oot tuon homman tehnyt sillä combofixsillä
kun ei katoo tuosta

File::
C:\WINDOWS\is154890.exe
C:\WINDOWS\mservice.exe

==============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

 

Tässä tämä


Malwarebytes' Anti-Malware 1.14
Database version: 829

0:34:24 6.6.2008
mbam-log-6-6-2008 (00-34-24).txt

Scan type: Full Scan (C:\|)
Objects scanned: 84095
Time elapsed: 15 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Jotain ihmejuttuja\setup.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14BA23D8-D7ED-43E0-B0AC-78142847B658}\RP33\A0008426.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14BA23D8-D7ED-43E0-B0AC-78142847B658}\RP33\A0008613.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14BA23D8-D7ED-43E0-B0AC-78142847B658}\RP33\A0008902.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14BA23D8-D7ED-43E0-B0AC-78142847B658}\RP33\A0008929.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14BA23D8-D7ED-43E0-B0AC-78142847B658}\RP33\A0008931.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\mservice.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Juuso\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.

 

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

 

Entäs sitten?

 

scannaa nyt uusi combofix loki

 

ComboFix 08-06-05.2 - Juuso 2008-06-06 1:31:28.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1496 [GMT 3:00]
Running from: C:\Documents and Settings\Juuso\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-06 00:34 . 2008-06-06 00:34 1,625 --a------ C:\Malwarebytes' Anti-Malware log
2008-06-06 00:16 . 2008-06-06 00:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 00:16 . 2008-06-06 00:16 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Malwarebytes
2008-06-06 00:16 . 2008-06-06 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 00:16 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 00:16 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-05 22:16 . 2008-06-05 22:16 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-05 00:15 . 2008-06-05 00:15 290,110 --a------ C:\WINDOWS\ftp.exe
2008-06-04 22:59 . 2008-06-04 22:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-04 22:40 . 2008-06-01 19:13 <DIR> d-------- C:\SDFix
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ C:\Documents and Settings\Juuso\stp.exe
2008-06-04 14:50 . 2008-06-05 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-03 22:58 . 2008-06-03 23:24 86,548 --a------ C:\Documents and Settings\Juuso\setupa.exe
2008-06-03 13:12 . 2008-06-04 12:58 3,419 --a------ C:\WINDOWS\is154890.exe
2008-06-03 01:46 . 2008-06-06 01:31 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 01:45 . 2008-06-03 01:45 <DIR> d-------- C:\Fraps
2008-06-03 01:39 . 2008-06-03 01:39 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-06-03 01:39 . 2008-06-03 01:39 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-06-03 01:00 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-06-03 00:55 . 2008-06-04 13:58 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\teamspeak2
2008-06-03 00:54 . 2008-06-03 00:54 <DIR> d-------- C:\Program Files\VentriloMIX
2008-06-02 23:06 . 2008-06-02 23:06 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\BSplayer Pro
2008-06-02 23:06 . 2008-06-02 23:09 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\BSplayer
2008-06-02 23:05 . 2008-06-02 23:05 <DIR> d-------- C:\Program Files\Webteh
2008-06-01 23:53 . 2008-06-01 23:53 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-01 23:53 . 2008-06-01 23:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-01 21:21 . 2008-06-02 14:44 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Ventrilo
2008-06-01 21:20 . 2008-06-01 21:20 <DIR> d-------- C:\Program Files\Ventrilo
2008-06-01 21:19 . 2008-06-03 01:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 11:00 . 2008-05-31 11:00 <DIR> d-------- C:\WINDOWS\Sun
2008-05-31 10:54 . 2008-05-31 10:54 <DIR> d-------- C:\Program Files\Sun
2008-05-31 10:53 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-31 10:52 . 2008-05-31 10:53 <DIR> d-------- C:\Program Files\Java
2008-05-31 10:50 . 2008-05-31 10:50 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-30 23:42 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-30 23:42 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-30 23:42 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-30 23:42 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-05-30 20:13 . 2008-05-30 20:13 <DIR> d-------- C:\Documents and Settings\Raija\Application Data\Comodo
2008-05-30 20:13 . 2008-05-30 20:13 <DIR> d-------- C:\Documents and Settings\Raija\Application Data\ATI
2008-05-30 20:13 . 2008-05-30 21:49 <DIR> d-------- C:\Documents and Settings\Raija
2008-05-29 17:47 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-05-29 17:27 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo\Application Data\Comodo
2008-05-29 17:27 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo\Application Data\ATI
2008-05-29 17:26 . 2008-05-29 17:27 <DIR> d-------- C:\Documents and Settings\Ismo
2008-05-28 09:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-28 09:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-28 09:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-27 23:54 . 2008-06-02 23:01 <DIR> d-------- C:\Jotain ihmejuttuja
2008-05-27 23:04 . 2008-05-27 23:07 <DIR> d-------- C:\Program Files\Winamp
2008-05-27 23:04 . 2008-05-27 23:27 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Winamp
2008-05-27 19:33 . 2008-06-03 01:39 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-27 19:33 . 2008-05-27 19:37 <DIR> d-------- C:\Documents and Settings\Juuso\Contacts
2008-05-27 16:14 . 2008-05-27 16:14 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-27 15:29 . 2006-06-14 11:47 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2008-05-27 15:29 . 2006-06-14 12:00 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-05-27 15:29 . 2006-06-14 11:47 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-05-27 15:27 . 2006-05-05 12:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-05-27 15:04 . 2008-05-27 15:05 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-27 14:31 . 2008-05-27 14:31 <DIR> d-------- C:\Installerit
2008-05-27 14:30 . 2008-05-27 14:30 <DIR> d-------- C:\Program Files\uTorrent
2008-05-27 14:30 . 2008-06-03 18:03 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\uTorrent
2008-05-27 14:29 . 2008-06-03 15:16 <DIR> d-------- C:\Pelit
2008-05-27 14:28 . 2008-06-01 20:27 <DIR> d-------- C:\Musat
2008-05-27 14:28 . 2008-06-02 23:09 <DIR> d-------- C:\Leffat
2008-05-27 13:52 . 2008-05-27 13:52 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\ATI
2008-05-27 13:52 . 2008-05-27 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-05-27 13:46 . 2008-05-27 13:46 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-05-27 13:46 . 2008-05-27 13:46 <DIR> d-------- C:\Program Files\Realtek
2008-05-27 13:46 . 2006-03-14 06:23 82,048 -ra------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-05-27 13:45 . 2008-05-27 13:28 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 13:45 . 2008-05-27 13:45 <DIR> d-------- C:\Program Files\Analog Devices
2008-05-27 13:44 . 2008-06-06 01:32 <DIR> d-------- C:\Program Files\mIRC
2008-05-27 13:44 . 2008-05-27 13:27 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-27 13:44 . 2008-06-06 01:32 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\NoNameScript
2008-05-27 13:44 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-27 13:43 . 2008-05-27 13:43 15,891 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-05-27 13:43 . 2004-04-27 10:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-27 13:43 . 2004-08-13 05:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-05-27 13:40 . 2008-05-27 13:44 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\mIRC
2008-05-27 13:39 . 2008-06-05 21:53 <DIR> d-------- C:\Program Files\Windows Live
2008-05-27 13:39 . 2008-05-27 19:32 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-27 13:39 . 2008-06-05 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-27 13:35 . 2006-03-17 03:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-05-27 13:33 . 2008-06-06 01:30 <DIR> d-------- C:\Program Files\Steam
2008-05-27 13:31 . 2008-05-29 09:49 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-27 13:29 . 2008-05-27 13:29 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-27 13:28 . 2008-05-12 10:49 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-27 13:27 . 2008-05-27 13:28 <DIR> d-------- C:\Program Files\ATI Technologies
2008-05-27 13:27 . 2008-05-27 13:27 <DIR> d-------- C:\ATI
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Program Files\Opera
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Program Files\COMODO
2008-05-27 13:22 . 2008-05-27 13:22 <DIR> d-------- C:\Documents and Settings\Juuso\Application Data\Comodo
2008-05-27 13:22 . 2008-05-27 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-27 13:22 . 2008-05-27 13:22 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-05-27 13:22 . 2008-05-27 13:22 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-27 13:22 . 2008-05-27 13:22 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-27 13:21 . 2008-05-27 13:21 <DIR> d-------- C:\Program Files\Alwil Software
2008-05-27 13:21 . 2003-03-18 23:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-27 13:21 . 2003-03-18 22:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-05-27 13:21 . 2003-02-21 06:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-05-27 13:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 19:30 . 2008-05-12 19:30 3,007,488 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 19:30 . 2008-05-12 19:30 3,007,488 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 18:56 . 2008-05-12 18:56 397,312 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 18:54 . 2008-05-12 18:54 305,152 --a--c--- C:\WINDOWS\system32\dllcache\ati2dvag.dll
2008-05-12 18:54 . 2008-05-12 18:54 305,152 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 18:53 . 2008-05-12 18:53 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 18:45 . 2008-05-12 18:45 180,224 --a------ C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 18:45 . 2008-05-12 18:45 139,264 --a------ C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 18:45 . 2008-05-12 18:45 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 18:45 . 2008-05-12 18:45 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 18:44 . 2008-05-12 18:44 139,264 --a------ C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 18:43 . 2008-05-12 18:43 10,153,984 --a------ C:\WINDOWS\system32\atioglx2.dll
2008-05-12 18:43 . 2008-05-12 18:43 540,672 --a------ C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 18:41 . 2008-05-12 18:41 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 18:32 . 2008-05-12 18:32 3,203,168 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-05-12 18:32 . 2008-05-12 18:32 3,203,168 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-12 18:22 . 2008-05-12 18:22 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-05-12 18:22 . 2008-05-12 18:22 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2008-05-12 18:22 . 2008-05-12 18:22 1,999,616 --a--c--- C:\WINDOWS\system32\dllcache\ativvaxx.dll
2008-05-12 18:22 . 2008-05-12 18:22 1,999,616 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 18:22 . 2008-05-12 18:22 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-05-12 18:09 . 2008-05-12 18:09 47,104 --a------ C:\WINDOWS\system32\amdpcom32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 21:54 --------- d-----w C:\Program Files\VentriloMIX
2008-06-01 18:20 --------- d-----w C:\Program Files\Ventrilo
2008-05-27 20:06 --------- d-----w C:\Program Files\Windows Media Player
2008-05-27 13:01 --------- d-----w C:\Program Files\WinRAR
2008-05-26 20:27 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-26 20:26 --------- d--h--w C:\Program Files\WindowsUpdate
2008-05-26 20:23 --------- d-----w C:\Program Files\Windows NT
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-03-26 08:09 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 07:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-05_12.18.13,87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 09:09:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 22:30:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-27 16:33:03 29,926 ----a-r C:\WINDOWS\Installer\{A9174A72-1B46-445B-B3CF-90ED2C63D83B}\MsblIco.Exe
+ 2008-06-05 18:53:23 29,926 ----a-r C:\WINDOWS\Installer\{A9174A72-1B46-445B-B3CF-90ED2C63D83B}\MsblIco.Exe
+ 2007-10-18 08:31:46 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2008-06-05 22:30:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_634.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-05-27 13:33 1271032]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 15:53 913064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 04:11 925696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"css"="C:\Program Files\Comodo\Css\cssurf.exe" [2008-05-22 22:57 188160]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-05 12:40 1655552]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Comodo\Css\cssdll32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-27 13:22]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-27 13:22]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 01:32:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-06-06 1:33:26
ComboFix-quarantined-files.txt 2008-06-05 22:33:21
ComboFix2.txt 2008-06-05 21:11:55
ComboFix3.txt 2008-06-05 20:19:48
ComboFix4.txt 2008-06-05 19:33:59
ComboFix5.txt 2008-06-05 17:44:53

Pre-Run: 194,219,556,864 bytes free
Post-Run: 194,209,730,560 bytes free

219 --- E O F --- 2008-05-29 06:49:51

 

No nyt ok....