Onko kone kunnossa virusten jälkeen? HJT-logi

ChMursu · Jun 12, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:55:30, on 13.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\DOCUME~1\HP_OMI~1\LOCALS~1\Temp\Blizzard Installer Bootstrap - 004c3c5b\Installer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Windows Control Center] winudpmr.exe
O4 - HKLM\..\Run: [Windows Controls Center] winudmr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10210 bytes

Hujo · Jun 12, 2008

virushan se koneella on vieläkin

==============

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

ChMursu · Jun 12, 2008

ComboFix 08-06-10.5 - HP_Omistaja 2008-06-13 1:19:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.343 [GMT 3:00]
Running from: C:\Documents and Settings\HP_Omistaja\Työpöytä\ComboFix.exe
* Resident AV is active

.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-12 to 2008-06-12 )))))))))))))))))
.

2008-06-13 00:30 . 2008-06-13 00:30 <KANSIO> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-13 00:24 . 2008-06-13 01:16 <KANSIO> d-------- C:\Program Files\World of Warcraft
2008-06-12 23:17 . 2004-09-15 06:00 1,689,088 ---h---t- C:\WINDOWS\system32\a0ad626.dll
2008-06-12 23:17 . 2004-09-15 06:00 1,689,088 ---h---t- C:\WINDOWS\system32\567efa0.dll
2008-06-12 23:17 . 2004-09-15 06:00 1,689,088 ---h---t- C:\WINDOWS\system32\1e6a16e.dll
2008-06-12 23:17 . 2004-09-15 06:00 1,689,088 ---h---t- C:\WINDOWS\system32\10293a30.dll
2008-06-12 23:17 . 2004-09-15 06:00 82,944 ---h---t- C:\WINDOWS\system32\b74c3e4.dll
2008-06-12 23:17 . 2004-09-15 06:00 82,944 ---h---t- C:\WINDOWS\system32\40e935d.dll
2008-06-12 23:17 . 2004-09-15 06:00 82,944 ---h---t- C:\WINDOWS\system32\25c2ebfe.dll
2008-06-12 23:17 . 2004-09-15 06:00 82,944 ---h---t- C:\WINDOWS\system32\1c1b46f9.dll
2008-06-12 23:16 . 2008-06-13 00:11 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-12 22:54 . 2008-06-12 23:17 <KANSIO> d-------- C:\Program Files\KalOnlineEng
2008-06-12 20:44 . 2008-06-12 20:44 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-12 20:34 . 2008-06-12 20:48 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2008-06-12 14:29 . 2008-06-12 14:29 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Malwarebytes
2008-06-12 14:29 . 2008-06-12 14:29 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-12 14:28 . 2008-06-12 14:29 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-12 14:28 . 2008-06-11 15:00 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-12 14:28 . 2008-06-11 15:00 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-12 14:25 . 2008-06-12 22:59 959 --a------ C:\rollback.ini
2008-06-11 01:22 . 2008-04-14 18:52 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 01:22 . 2008-04-14 18:52 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 23:09 . 2008-06-10 23:11 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-06-10 23:09 . 2008-06-10 23:13 63,704 --a------ C:\WINDOWS\War3Unin.dat
2008-06-10 23:09 . 2008-06-10 23:11 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-06-10 23:07 . 2008-06-11 18:37 <KANSIO> d-------- C:\Program Files\Warcraft III
2008-06-05 00:49 . 2008-06-05 01:03 <KANSIO> d-------- C:\Program Files\ArtMoney
2008-05-31 01:04 . 2008-05-31 01:04 <KANSIO> d-------- C:\Program Files\Electronic Arts
2008-05-30 11:38 . 2008-05-30 11:38 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Sonic
2008-05-30 11:38 . 2008-05-30 11:38 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Leadertech
2008-05-29 19:51 . 2008-05-29 19:51 <KANSIO> d-------- C:\WINDOWS\Sun
2008-05-28 21:09 . 2008-05-28 21:09 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-28 15:16 . 2008-05-28 15:16 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Nokia Multimedia Player
2008-05-28 15:13 . 2008-05-30 14:26 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Nokia
2008-05-28 15:10 . 2008-05-28 15:10 <KANSIO> d-------- C:\Program Files\DIFX
2008-05-28 15:09 . 2008-05-28 15:09 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-05-28 15:09 . 2008-05-28 15:12 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\PC Suite
2008-05-28 15:09 . 2008-05-28 15:12 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-28 15:09 . 2006-05-29 08:26 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-05-28 15:09 . 2006-05-29 08:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-05-28 15:09 . 2006-05-29 08:26 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-05-28 15:09 . 2006-05-29 08:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-05-28 15:09 . 2006-05-29 08:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-05-28 15:09 . 2006-05-29 08:26 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-05-28 15:09 . 2006-05-29 08:26 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2008-05-28 15:08 . 2008-05-28 15:11 <KANSIO> d-------- C:\Program Files\Nokia
2008-05-28 15:08 . 2008-05-28 15:09 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2008-05-28 15:08 . 2008-05-28 15:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-05-27 12:58 . 2008-06-07 17:54 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Screenshot Sender
2008-05-27 12:00 . 2008-05-27 12:00 <KANSIO> d-------- C:\Program Files\Messenger Plus! Live
2008-05-25 20:51 . 2008-05-25 20:51 <KANSIO> d-------- C:\Program Files\Winamp Toolbar
2008-05-25 20:51 . 2008-05-25 20:51 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-05-25 20:50 . 2008-05-25 20:50 <KANSIO> d-------- C:\Program Files\Winamp Remote
2008-05-25 20:50 . 2008-05-25 20:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-05-25 20:47 . 2008-05-25 20:52 <KANSIO> d-------- C:\Program Files\Winamp
2008-05-25 20:47 . 2008-05-26 00:20 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Winamp
2008-05-25 20:47 . 2007-03-08 02:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-05-25 20:47 . 2007-03-08 02:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-25 20:47 . 2007-03-08 02:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-25 19:10 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-25 19:10 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-25 19:10 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-25 18:40 . 2008-05-25 18:40 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-25 18:37 . 2008-05-25 18:37 <KANSIO> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-25 18:33 . 2008-05-25 18:33 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\DAEMON Tools
2008-05-25 18:33 . 2008-05-25 18:33 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-25 18:11 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-05-25 18:10 . 2008-05-25 18:10 <KANSIO> d-------- C:\Program Files\MSBuild
2008-05-25 18:10 . 2008-05-25 18:10 <KANSIO> d-------- C:\Program Files\Microsoft Works
2008-05-25 18:08 . 2008-05-25 18:08 <KANSIO> d-------- C:\Program Files\Microsoft.NET
2008-05-25 18:05 . 2008-05-25 18:09 <KANSIO> d-------- C:\WINDOWS\SHELLNEW
2008-05-25 18:04 . 2008-05-25 18:04 <KANSIO> dr-h----- C:\MSOCache
2008-05-25 18:04 . 2008-06-10 21:03 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-25 17:43 . 2008-05-25 17:43 <KANSIO> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-25 17:43 . 2008-05-25 17:43 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-05-25 17:42 . 2008-05-25 17:45 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-05-25 15:30 . 2008-06-01 13:42 <KANSIO> d-------- C:\Program Files\PowerISO
2008-05-25 15:18 . 2008-05-25 15:18 <KANSIO> d-------- C:\Program Files\Common Files\LogiShared
2008-05-25 15:18 . 2008-05-25 15:18 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Logitech
2008-05-25 15:18 . 2008-05-25 15:18 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-05-25 15:17 . 2008-05-25 15:17 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-25 15:16 . 2007-04-11 15:33 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
2008-05-25 15:16 . 2007-04-11 15:32 56,080 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-05-25 15:16 . 2007-04-11 15:32 36,112 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2008-05-25 15:16 . 2007-04-11 15:32 34,832 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2008-05-25 15:16 . 2007-04-11 15:33 28,688 --a------ C:\WINDOWS\system32\drivers\LUsbFilt.sys
2008-05-25 15:16 . 2007-04-11 15:32 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-05-25 15:16 . 2008-05-25 15:16 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-25 15:16 . 2008-05-25 15:16 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-05-25 15:15 . 2008-05-25 15:18 <KANSIO> d-------- C:\Program Files\Logitech
2008-05-25 15:15 . 2008-05-25 15:15 <KANSIO> d-------- C:\Program Files\Common Files\Logitech
2008-05-25 15:15 . 2008-05-25 15:15 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\InstallShield
2008-05-25 15:15 . 2008-05-25 15:15 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-25 15:15 . 2007-04-23 04:00 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2008-05-25 15:15 . 2007-04-23 04:00 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-05-25 15:15 . 2007-04-23 04:00 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-05-25 15:15 . 2007-04-23 04:00 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2008-05-25 15:14 . 2008-05-25 15:14 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-05-25 14:51 . 2008-05-25 14:51 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-05-25 14:51 . 2008-05-25 14:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-25 14:50 . 2008-05-25 14:50 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-25 14:25 . 2008-06-13 01:23 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Azureus
2008-05-25 14:25 . 2008-05-25 14:25 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-25 14:23 . 2008-05-25 14:56 <KANSIO> d-------- C:\Program Files\Azureus
2008-05-25 13:49 . 2008-06-07 17:53 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Contacts
2008-05-25 13:45 . 2008-05-28 15:10 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-25 13:40 . 2008-06-12 20:39 <KANSIO> d-------- C:\Program Files\Windows Live
2008-05-25 13:40 . 2008-05-25 13:45 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-25 13:40 . 2008-05-25 13:40 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-25 13:31 . 2008-04-23 07:16 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-25 13:31 . 2007-04-17 12:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-25 13:31 . 2007-03-08 08:10 1,011,712 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-25 13:31 . 2008-04-23 07:16 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-25 13:31 . 2008-04-23 07:16 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-25 13:31 . 2008-04-23 07:16 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-25 13:31 . 2008-04-23 07:16 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-25 13:31 . 2008-04-23 07:16 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-25 13:31 . 2008-04-22 10:39 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-25 04:02 . 2008-05-24 19:30 <KANSIO> d-------- C:\WINDOWS\I386
2008-05-25 03:58 . 2008-06-13 00:24 <KANSIO> dr------- C:\Program Files
2008-05-25 03:58 . 2008-05-25 04:01 <KANSIO> dr------- C:\Documents and Settings\Default User\Käynnistä-valikko
2008-05-25 03:58 . 2008-06-12 22:32 <KANSIO> dr------- C:\Documents and Settings\All Users\Tiedostot
2008-05-25 03:58 . 2008-05-25 18:22 <KANSIO> dr------- C:\Documents and Settings\All Users\Käynnistä-valikko
2008-05-25 03:57 . 2008-06-11 21:05 <KANSIO> dr-hs---- C:\WINDOWS\system32\dllcache
2008-05-25 03:57 . 2008-05-25 04:01 <KANSIO> dr------- C:\WINDOWS\system32\config\systemprofile\Käynnistä-valikko

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 19:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-12 11:41 1,968,640 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-06-09 08:54 3,065,344 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-05-24 17:45 1,409,024 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-05-24 17:45 1,409,024 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-05-24 16:29 --------- d-----w C:\Program Files\Symantec
2008-05-24 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-23 19:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-14 16:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 16:12 6,144 ----a-w C:\WINDOWS\system32\csrss(2)(2).exe
2008-04-14 16:12 515,072 ----a-w C:\WINDOWS\system32\logonui(2)(2).exe
2008-04-14 16:12 508,416 ----a-w C:\WINDOWS\system32\winlogon(2)(2).exe
2008-04-14 16:12 50,688 ----a-w C:\WINDOWS\system32\smss(2)(2).exe
2008-04-14 16:12 146,944 ----a-w C:\WINDOWS\system32\winspool(2)(2).drv
2008-04-14 16:12 14,336 ----a-w C:\WINDOWS\system32\svchost(2)(2).exe
2008-04-14 16:12 13,312 ----a-w C:\WINDOWS\system32\lsass(2)(2).exe
2008-04-14 16:12 109,056 ----a-w C:\WINDOWS\system32\services(2)(2).exe
2008-04-14 16:10 9,344 ----a-w C:\WINDOWS\system32\framebuf(2)(2).dll
2008-04-14 15:41 1,845,888 ----a-w C:\WINDOWS\system32\win32k(2)(2).sys
2008-04-14 06:11 992,256 ----a-w C:\WINDOWS\system32\setupapi(2)(2).dll
2008-04-13 18:38 71,168 ----a-w C:\WINDOWS\system32\drivers\dxg(2)(2).sys
2008-04-13 18:36 2,921,984 ----a-w C:\WINDOWS\system32\xpsp2res(2)(2).dll
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40(2)(2).dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh(2)(2).dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs(2)(2).dll
2008-03-25 07:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-25 07:20 219,936 ----a-w C:\WINDOWS\system32\dllcache\msltus40.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-13 20:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-13 20:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-12_22.50.55.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 19:47:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-12 20:01:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-02-03 05:43:16 2,332,368 ----a-w C:\WINDOWS\system32\d3dx9_29.dll
- 2004-09-15 18:00:00 640,000 ----a-w C:\WINDOWS\system32\dbghelp.dll
+ 2003-07-11 09:14:28 813,568 ----a-w C:\WINDOWS\system32\dbghelp.dll
- 2008-06-12 19:46:43 6,819,872 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
+ 2008-06-12 20:00:21 6,819,872 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
- 2003-03-19 02:20:00 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
+ 2003-03-19 04:20:00 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.dll
- 2003-03-19 01:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
+ 2003-03-19 03:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
- 2003-02-21 09:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
+ 2003-02-21 11:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
- 2008-06-12 19:47:53 875,964 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2008-06-12 20:01:31 876,188 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
- 2008-06-12 19:43:31 5,093,376 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat
+ 2008-06-12 22:19:34 5,094,912 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat
+ 2008-06-12 20:01:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7b8.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 01:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 01:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 01:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 06:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 12:39 486856]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2005-01-01 23:44 36972]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 20:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 22:34 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 22:29 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 01:44 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 233472]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 23:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-26 00:17 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 23:54 253952]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [ ]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 01:12 2658304]
"Windows Control Center"="winudpmr.exe" []
"Windows Controls Center"="winudmr.exe" []

C:\WINDOWS\system32\config\systemprofile\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
AutoTBar.exe [2003-09-30 23:30:04 57344]

C:\WINDOWS\system32\config\systemprofile\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
AutoTBar.exe [2003-09-30 23:30:04 57344]

C:\Documents and Settings\HP_Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 03:28:24 258048]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-25 15:18:33 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-25 15:15:44 692224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;C:\WINDOWS\system32\DRIVERS\wn5401.sys [2005-01-07 03:08]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 01:22:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-13 1:24:16
ComboFix-quarantined-files.txt 2008-06-12 22:24:10
ComboFix2.txt 2008-06-12 19:51:25

Pre-Run: 142,309,527,552 tavua vapaana
Post-Run: 142,300,323,840 tavua vapaana

294 --- E O F --- 2008-06-11 18:06:04

Hujo · Jun 12, 2008

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

File::
C:\WINDOWS\winudpmr.exe
C:\WINDOWS\winudmr.exe

Click to expand...

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

==========

scannaa hjt:llä merkkaa paina Fix checked

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Windows Control Center] winudpmr.exe
O4 - HKLM\..\Run: [Windows Controls Center] winudmr.exe

============

Päivitä Malwarebytes ja aja

ChMursu · Jun 12, 2008

Tässä tämä viimeisin nyt.

==============================================

ComboFix 08-06-10.5 - HP_Omistaja 2008-06-13 1:50:50.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.377 [GMT 3:00]
Running from: C:\Documents and Settings\HP_Omistaja\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Omistaja\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active

FILE ::
C:\WINDOWS\winudmr.exe
C:\WINDOWS\winudpmr.exe
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-12 to 2008-06-12 )))))))))))))))))
.

2008-06-13 00:30 . 2008-06-13 00:30 <KANSIO> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-13 00:24 . 2008-06-13 01:16 <KANSIO> d-------- C:\Program Files\World of Warcraft
2008-06-12 23:17 . 2004-09-15 06:00 1,689,088 ---h---t- C:\WINDOWS\system32\a0ad626.dll
2008-06-12 23:17 . 2004-09-15 06:00 1,689,088 ---h---t- C:\WINDOWS\system32\567efa0.dll
2008-06-12 23:17 . 2004-09-15 06:00 1,689,088 ---h---t- C:\WINDOWS\system32\1e6a16e.dll
2008-06-12 23:17 . 2004-09-15 06:00 1,689,088 ---h---t- C:\WINDOWS\system32\10293a30.dll
2008-06-12 23:17 . 2004-09-15 06:00 82,944 ---h---t- C:\WINDOWS\system32\b74c3e4.dll
2008-06-12 23:17 . 2004-09-15 06:00 82,944 ---h---t- C:\WINDOWS\system32\40e935d.dll
2008-06-12 23:17 . 2004-09-15 06:00 82,944 ---h---t- C:\WINDOWS\system32\25c2ebfe.dll
2008-06-12 23:17 . 2004-09-15 06:00 82,944 ---h---t- C:\WINDOWS\system32\1c1b46f9.dll
2008-06-12 23:16 . 2008-06-13 00:11 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-12 22:54 . 2008-06-12 23:17 <KANSIO> d-------- C:\Program Files\KalOnlineEng
2008-06-12 20:44 . 2008-06-12 20:44 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-12 20:34 . 2008-06-12 20:48 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2008-06-12 14:29 . 2008-06-12 14:29 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Malwarebytes
2008-06-12 14:29 . 2008-06-12 14:29 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-12 14:28 . 2008-06-12 14:29 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-12 14:28 . 2008-06-11 15:00 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-12 14:28 . 2008-06-11 15:00 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-12 14:25 . 2008-06-13 01:50 2,378 --a------ C:\rollback.ini
2008-06-11 01:22 . 2008-04-14 18:52 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 01:22 . 2008-04-14 18:52 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 23:09 . 2008-06-10 23:11 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-06-10 23:09 . 2008-06-10 23:13 63,704 --a------ C:\WINDOWS\War3Unin.dat
2008-06-10 23:09 . 2008-06-10 23:11 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-06-10 23:07 . 2008-06-11 18:37 <KANSIO> d-------- C:\Program Files\Warcraft III
2008-06-05 00:49 . 2008-06-05 01:03 <KANSIO> d-------- C:\Program Files\ArtMoney
2008-05-31 01:04 . 2008-05-31 01:04 <KANSIO> d-------- C:\Program Files\Electronic Arts
2008-05-30 11:38 . 2008-05-30 11:38 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Sonic
2008-05-30 11:38 . 2008-05-30 11:38 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Leadertech
2008-05-29 19:51 . 2008-05-29 19:51 <KANSIO> d-------- C:\WINDOWS\Sun
2008-05-28 21:09 . 2008-05-28 21:09 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-28 15:16 . 2008-05-28 15:16 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Nokia Multimedia Player
2008-05-28 15:13 . 2008-05-30 14:26 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Nokia
2008-05-28 15:10 . 2008-05-28 15:10 <KANSIO> d-------- C:\Program Files\DIFX
2008-05-28 15:09 . 2008-05-28 15:09 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-05-28 15:09 . 2008-05-28 15:12 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\PC Suite
2008-05-28 15:09 . 2008-05-28 15:12 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-28 15:09 . 2006-05-29 08:26 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-05-28 15:09 . 2006-05-29 08:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-05-28 15:09 . 2006-05-29 08:26 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-05-28 15:09 . 2006-05-29 08:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-05-28 15:09 . 2006-05-29 08:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-05-28 15:09 . 2006-05-29 08:26 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-05-28 15:09 . 2006-05-29 08:26 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2008-05-28 15:08 . 2008-05-28 15:11 <KANSIO> d-------- C:\Program Files\Nokia
2008-05-28 15:08 . 2008-05-28 15:09 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2008-05-28 15:08 . 2008-05-28 15:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-05-27 12:58 . 2008-06-07 17:54 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Screenshot Sender
2008-05-27 12:00 . 2008-05-27 12:00 <KANSIO> d-------- C:\Program Files\Messenger Plus! Live
2008-05-25 20:51 . 2008-05-25 20:51 <KANSIO> d-------- C:\Program Files\Winamp Toolbar
2008-05-25 20:51 . 2008-05-25 20:51 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-05-25 20:50 . 2008-05-25 20:50 <KANSIO> d-------- C:\Program Files\Winamp Remote
2008-05-25 20:50 . 2008-05-25 20:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-05-25 20:47 . 2008-05-25 20:52 <KANSIO> d-------- C:\Program Files\Winamp
2008-05-25 20:47 . 2008-05-26 00:20 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Winamp
2008-05-25 20:47 . 2007-03-08 02:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-05-25 20:47 . 2007-03-08 02:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-25 20:47 . 2007-03-08 02:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-25 19:10 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-25 19:10 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-25 19:10 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-25 18:40 . 2008-05-25 18:40 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-25 18:37 . 2008-05-25 18:37 <KANSIO> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-25 18:33 . 2008-05-25 18:33 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\DAEMON Tools
2008-05-25 18:33 . 2008-05-25 18:33 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-25 18:11 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-05-25 18:10 . 2008-05-25 18:10 <KANSIO> d-------- C:\Program Files\MSBuild
2008-05-25 18:10 . 2008-05-25 18:10 <KANSIO> d-------- C:\Program Files\Microsoft Works
2008-05-25 18:08 . 2008-05-25 18:08 <KANSIO> d-------- C:\Program Files\Microsoft.NET
2008-05-25 18:05 . 2008-05-25 18:09 <KANSIO> d-------- C:\WINDOWS\SHELLNEW
2008-05-25 18:04 . 2008-05-25 18:04 <KANSIO> dr-h----- C:\MSOCache
2008-05-25 18:04 . 2008-06-10 21:03 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-25 17:43 . 2008-05-25 17:43 <KANSIO> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-25 17:43 . 2008-05-25 17:43 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-05-25 17:42 . 2008-05-25 17:45 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-05-25 15:30 . 2008-06-01 13:42 <KANSIO> d-------- C:\Program Files\PowerISO
2008-05-25 15:18 . 2008-05-25 15:18 <KANSIO> d-------- C:\Program Files\Common Files\LogiShared
2008-05-25 15:18 . 2008-05-25 15:18 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Logitech
2008-05-25 15:18 . 2008-05-25 15:18 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-05-25 15:17 . 2008-05-25 15:17 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-25 15:16 . 2007-04-11 15:33 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
2008-05-25 15:16 . 2007-04-11 15:32 56,080 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-05-25 15:16 . 2007-04-11 15:32 36,112 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2008-05-25 15:16 . 2007-04-11 15:32 34,832 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2008-05-25 15:16 . 2007-04-11 15:33 28,688 --a------ C:\WINDOWS\system32\drivers\LUsbFilt.sys
2008-05-25 15:16 . 2007-04-11 15:32 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-05-25 15:16 . 2008-05-25 15:16 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-25 15:16 . 2008-05-25 15:16 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-05-25 15:15 . 2008-05-25 15:18 <KANSIO> d-------- C:\Program Files\Logitech
2008-05-25 15:15 . 2008-05-25 15:15 <KANSIO> d-------- C:\Program Files\Common Files\Logitech
2008-05-25 15:15 . 2008-05-25 15:15 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\InstallShield
2008-05-25 15:15 . 2008-05-25 15:15 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-25 15:15 . 2007-04-23 04:00 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2008-05-25 15:15 . 2007-04-23 04:00 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-05-25 15:15 . 2007-04-23 04:00 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-05-25 15:15 . 2007-04-23 04:00 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2008-05-25 15:14 . 2008-05-25 15:14 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-05-25 14:51 . 2008-05-25 14:51 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-05-25 14:51 . 2008-05-25 14:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-25 14:50 . 2008-05-25 14:50 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-25 14:25 . 2008-06-13 01:53 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Azureus
2008-05-25 14:25 . 2008-05-25 14:25 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-25 14:23 . 2008-05-25 14:56 <KANSIO> d-------- C:\Program Files\Azureus
2008-05-25 13:49 . 2008-06-07 17:53 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Contacts
2008-05-25 13:45 . 2008-05-28 15:10 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-25 13:40 . 2008-06-12 20:39 <KANSIO> d-------- C:\Program Files\Windows Live
2008-05-25 13:40 . 2008-05-25 13:45 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-25 13:40 . 2008-05-25 13:40 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-25 13:31 . 2008-04-23 07:16 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-25 13:31 . 2007-04-17 12:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-25 13:31 . 2007-03-08 08:10 1,011,712 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-25 13:31 . 2008-04-23 07:16 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-25 13:31 . 2008-04-23 07:16 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-25 13:31 . 2008-04-23 07:16 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-25 13:31 . 2008-04-23 07:16 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-25 13:31 . 2008-04-23 07:16 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-25 13:31 . 2008-04-22 10:39 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-25 04:02 . 2008-05-24 19:30 <KANSIO> d-------- C:\WINDOWS\I386
2008-05-25 03:58 . 2008-06-13 00:24 <KANSIO> dr------- C:\Program Files
2008-05-25 03:58 . 2008-05-25 04:01 <KANSIO> dr------- C:\Documents and Settings\Default User\Käynnistä-valikko
2008-05-25 03:58 . 2008-06-12 22:32 <KANSIO> dr------- C:\Documents and Settings\All Users\Tiedostot
2008-05-25 03:58 . 2008-05-25 18:22 <KANSIO> dr------- C:\Documents and Settings\All Users\Käynnistä-valikko
2008-05-25 03:57 . 2008-06-11 21:05 <KANSIO> dr-hs---- C:\WINDOWS\system32\dllcache
2008-05-25 03:57 . 2008-05-25 04:01 <KANSIO> dr------- C:\WINDOWS\system32\config\systemprofile\Käynnistä-valikko

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 19:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-12 11:41 1,968,640 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-06-09 08:54 3,065,344 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-05-24 17:45 1,409,024 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-05-24 17:45 1,409,024 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-05-24 16:29 --------- d-----w C:\Program Files\Symantec
2008-05-24 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-23 19:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-14 16:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 16:12 6,144 ----a-w C:\WINDOWS\system32\csrss(2)(2).exe
2008-04-14 16:12 515,072 ----a-w C:\WINDOWS\system32\logonui(2)(2).exe
2008-04-14 16:12 508,416 ----a-w C:\WINDOWS\system32\winlogon(2)(2).exe
2008-04-14 16:12 50,688 ----a-w C:\WINDOWS\system32\smss(2)(2).exe
2008-04-14 16:12 146,944 ----a-w C:\WINDOWS\system32\winspool(2)(2).drv
2008-04-14 16:12 14,336 ----a-w C:\WINDOWS\system32\svchost(2)(2).exe
2008-04-14 16:12 13,312 ----a-w C:\WINDOWS\system32\lsass(2)(2).exe
2008-04-14 16:12 109,056 ----a-w C:\WINDOWS\system32\services(2)(2).exe
2008-04-14 16:10 9,344 ----a-w C:\WINDOWS\system32\framebuf(2)(2).dll
2008-04-14 15:41 1,845,888 ----a-w C:\WINDOWS\system32\win32k(2)(2).sys
2008-04-14 06:11 992,256 ----a-w C:\WINDOWS\system32\setupapi(2)(2).dll
2008-04-13 18:38 71,168 ----a-w C:\WINDOWS\system32\drivers\dxg(2)(2).sys
2008-04-13 18:36 2,921,984 ----a-w C:\WINDOWS\system32\xpsp2res(2)(2).dll
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40(2)(2).dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh(2)(2).dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs(2)(2).dll
2008-03-25 07:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-25 07:20 219,936 ----a-w C:\WINDOWS\system32\dllcache\msltus40.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-13 20:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-13 20:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-12_22.50.55.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 19:47:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-12 20:01:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-02-03 05:43:16 2,332,368 ----a-w C:\WINDOWS\system32\d3dx9_29.dll
- 2004-09-15 18:00:00 640,000 ----a-w C:\WINDOWS\system32\dbghelp.dll
+ 2003-07-11 09:14:28 813,568 ----a-w C:\WINDOWS\system32\dbghelp.dll
- 2008-06-12 19:46:43 6,819,872 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
+ 2008-06-12 20:00:21 6,819,872 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
- 2003-03-19 02:20:00 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
+ 2003-03-19 04:20:00 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.dll
- 2003-03-19 01:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
+ 2003-03-19 03:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
- 2003-02-21 09:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
+ 2003-02-21 11:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
- 2008-06-12 19:47:53 875,964 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2008-06-12 22:50:16 876,636 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
- 2008-06-12 19:43:31 5,093,376 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat
+ 2008-06-12 22:50:56 5,096,448 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat
+ 2008-06-12 20:01:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7b8.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 01:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 01:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 01:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 06:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 12:39 486856]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2005-01-01 23:44 36972]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 20:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 22:34 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 22:29 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 01:44 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 233472]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 23:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-26 00:17 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 23:54 253952]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [ ]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 01:12 2658304]
"Windows Control Center"="winudpmr.exe" []
"Windows Controls Center"="winudmr.exe" []

C:\WINDOWS\system32\config\systemprofile\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
AutoTBar.exe [2003-09-30 23:30:04 57344]

C:\WINDOWS\system32\config\systemprofile\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
AutoTBar.exe [2003-09-30 23:30:04 57344]

C:\Documents and Settings\HP_Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 03:28:24 258048]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-25 15:18:33 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-25 15:15:44 692224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;C:\WINDOWS\system32\DRIVERS\wn5401.sys [2005-01-07 03:08]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 01:53:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-13 1:54:52
ComboFix-quarantined-files.txt 2008-06-12 22:54:46
ComboFix2.txt 2008-06-12 22:24:17
ComboFix3.txt 2008-06-12 19:51:25

Pre-Run: 142,309,896,192 tavua vapaana
Post-Run: 142,299,148,288 tavua vapaana

300 --- E O F --- 2008-06-11 18:06:04

Hujo · Jun 12, 2008

scannaa hjt:n loki

ChMursu · Jun 12, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:04:34, on 13.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9787 bytes

Hujo · Jun 12, 2008

sitten tuo
Päivitä Malwarebytes ja aja se

ChMursu · Jun 12, 2008

Eli päivitin malwaren ja skannasin.

===================================
Malwarebytes' Anti-Malware 1.17
Tietokantaversio: 851

2:41:09 13.6.2008
mbam-log-6-13-2008 (02-41-09).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 117862
Kulunut aika: 41 minute(s), 29 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

==================================
Eli koneeni on nyt luultavasti puhdas?

Hujo · Jun 12, 2008

katotaas vielä tällä vanhalla kunnon ohjelmalla..

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

ChMursu · Jun 13, 2008

eScanillakaan ei siis löytynyt mitään kiitos paljon

Log in or Sign up

Onko kone kunnossa virusten jälkeen? HJT-logi

ChMursu Member

Hujo Guest

ChMursu Member

Hujo Guest

ChMursu Member

Hujo Guest

ChMursu Member

Hujo Guest

ChMursu Member

Hujo Guest

ChMursu Member

Share This Page

Log in or Sign up

Onko kone kunnossa virusten jälkeen? HJT-logi

ChMursu Member

Hujo Guest

ChMursu Member

Hujo Guest

ChMursu Member

Hujo Guest

ChMursu Member

Hujo Guest

ChMursu Member

Hujo Guest

ChMursu Member

Share This Page

Useful Searches