Sitkeä virus ja htj ei lataannu... :(

Heip, olen tämän kanssa taistellut, enkä ole saanut apua.

Tässä mbam-logi, jos siitä jotain apua... Epätoivo iskee, enkä uskalla kohta enää käyttää konetta lainkaan.

Malwarebytes' Anti-Malware 1.31
Tietokantaversio: 1456
Windows 5.1.2600 Service Pack 2

19.2.2009 20:02:24
mbam-log-2009-02-19 (20-02-24).txt

Tarkistustyyppi: Pikatarkistus
Tarkistetut kohteet: 59926
Kulunut aika: 16 minute(s), 22 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 1
Saastuneita tiedostoja: 3

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Delete on reboot.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
C:\Documents and Settings\HP.WUOWR5MOX8JF4RU\Application Data\m (Trojan.Agent) -> Delete on reboot.

Saastuneita tiedostoja:
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\Documents and Settings\HP.WUOWR5MOX8JF4RU\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\hldrrr.exe (Rootkit.Agent) -> Delete on reboot.

Nämä ovat sellaisia, jotka eivät lähde vaikka kuinka konetta buuttailisin. HJÄLP!

 

Päivitä
Malwarebytes' Anti-Malware
scannaa täysi ajo

==============

Lataa TÄSTÄ HJTInstall.exe

* Tallenna HJTInstall.exe työpöydällesi.
* Tuplaklikkaa HJTInstall.exe-kuvaketta työpöydälläsi.
* Oletuksena se asentaa itsensä hakemistoon C:\Program Files\Trend Micro\HijackThis.
* Klikkaa Install.
* Asennusohjelma luo HijackThis-kuvakkeen työpöydälle.
* Kun asennus on valmis, se käynnistää HijackThisin.
* Klikkaa Do a system scan and save a logfile-painiketta. Ohjelma aloittaa skannauksen ja lokin pitäisi avautua Muistioon.
* Klikkaa ensin "Muokkaa > Valitse kaikki" sitten "Muokkaa > Kopioi" kopioidaksesi koko lokin sisällön.
* Liitä lokin sisältö seuraavaan vastaukseesi.
* ÄLÄ käytä Analyse This-nappulaa, sen löydöt ovat vaarallisia väärinymmärrettyinä.
* ÄLÄ fixaa HijackThis-ohjelmalla vielä mitään. Suurin osa sen löydöistä ovat joko harmittomia tai jopa tarpeellisia.

 

Tässä uusi mbam-loki kahden rullauskerran jälkeen:

Malwarebytes' Anti-Malware 1.34
Tietokantaversio: 1778
Windows 5.1.2600 Service Pack 2

20.2.2009 6:51:43
mbam-log-2009-02-20 (06-51-43).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 149954
Kulunut aika: 43 minute(s), 19 second(s)

Saastuneita muistiprosesseja: 2
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 1
Saastuneita tiedostoja: 3

Saastuneita muistiprosesseja:
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Unloaded process successfully.
C:\Documents and Settings\HP.WUOWR5MOX8JF4RU\Application Data\m\flec006.exe (Trojan.Agent) -> Unloaded process successfully.

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
C:\Documents and Settings\HP.WUOWR5MOX8JF4RU\Application Data\m (Trojan.Agent) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
C:\Documents and Settings\HP.WUOWR5MOX8JF4RU\Application Data\m\flec006.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\hldrrr.exe (Rootkit.Agent) -> Delete on reboot.


Oli kerennyt ekaan skannaukseen jo keräämään 150 troijalaista...

Hjt ei edelleenkään lähde toimimaan, vaan tulee herja:

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe ei ole kelvollinen Win32-sovellus.

 

SUPERAntiSpyware
asennus ohje

 

Tätä ohjelmaa kone pyörittää n. 10min, Tarkastelee siis tiedostoja. Sitten lävähtää sininen varoitusruutu ja kone käynnistää itsensä uudelleen... Ja sanoo palautuneensa vakavasta virhetilasta.

Kolmesti jo sama juttu.

 

Mikäs käyttöjärjestelmä on koneessa

 

Windows XP

 

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

 

Kone ei käynnisty vikasietotilassa, vaan herjaa:

Havaittiin ongelma ja windows sammutettiin tietokoneelle aiheutuvien vahinkojen välttämiseksi.

Ja sitten vielä paljon tekstiä lisää, jota en ehtinyt edes lukemaan...

 

no no eipä meinaa ruveta aukeen.

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

älä asenna palautus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

live linuxilla tiedostot talteen ja format c
imo

 

Juu, sitkeä kaveri tuntuu olevan... ComboFixinkin takia tarvitsi paristi sammutella yms. että sai rullamaan. Tässä ComboFix-loki:

ComboFix 09-02-19.01 - HP 2009-02-21 16:22:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.478.212 [GMT 2:00]
Running from: c:\documents and settings\HP.WUOWR5MOX8JF4RU\Ty”p”yt„\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\AC_BootstrapIPs.dat
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\AC_SearchStrings.dat
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\AC_ServerMetURLs.dat
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\cancelled.met
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\clients.met
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\clients.met.bak
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\cryptkey.dat
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\emfriends.met
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\key_index.dat
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\known.met
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\known2_64.met
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\load_index.dat
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\nodes.dat
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\preferences.dat
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\preferences.ini
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\preferencesKad.dat
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\server.met
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\server_met.old
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\shareddir.dat
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\src_index.dat
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\statistics.ini
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\config\StoredSearches.met
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\downloads.bak
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\downloads.txt
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\file.exe
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\flec003.exe
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\names.txt
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\server.txt
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\12Ghosts ProfileCopy 9.50.132.5502.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\68HC11PE 1.1.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\al.+.Keyfile_DnGnMsTr.updated-fixed.Release.12-2006.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\AMT Trains 1.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\ANI MOON1 Icons 1.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\antivirus_kaspersky_llaves.de.licencia.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\AnyiMax DVD to iPhone Converter 1.60 Build 816.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\ASIS-The Auto Service Information System 2.1p.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Atific Video Collection 2.0.1.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\AutoDWG Attribute Extractor 2.7.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\AVG Free AntiVirus Definitions 2006-05-18 crack.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\avg.exe.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Batch Fax to Pdf 2.50.81028.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Beatbox MIDI Drum Sequencer 2.8a.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Beauty with fashion jewelry screensaver 2007.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Bid-n-Invoice Lawn Care 2.2.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Biella Webcam 1.0.0.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Bitdefender.Antivirus.Plus.v10.0.b108.Keygen.Only.French-Bs.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Blaze Media Pro 8.02.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Break Even Analysis 1.01.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\BVRP Mobile Phone Suite 1.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\CCmp3 1.05.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\CDIX Indexer 02.000 Build 140706JHS.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Clock Tray Skins Lite 2.2.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\CoolCube TV 1.5.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Corvette Anniversary Screensaver.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\crack.AVG.Antivirus.profesional.v70280a377.avg-fosi.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\CyraKnow Pro Series
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Database Comparer ActiveX 2.2.29.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Digimarc ImageBridge Reader 1.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\DiskCat 2006 3.0.1 build 874.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\doop 1.3.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\DRoster 3.4.1.5.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\e-Sword 8.0.5.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Earth DVD To MP3 Converter 1.10.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Epcot Screensaver 1.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\EXIFDate 0.1.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Fast Query Builder for Delphi 7 1.03.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Fast Statistics 2.0.3.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\FeedFusion RSS Reader 0.92.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\FolderMatch 3.5.3.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\foo input reverse 0.1.3.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\FP.HUE 1.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\FrameInfo 1.13.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Free Option Calculator 1.42.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\geepeeyes Beta 2.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Google Calendar Notifier 2.5.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Google Search 2.1.1.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\GridSQL 1.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Hamann Ferrari F430 Screensaver 2.00.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Hardware Organizer Deluxe 3.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Horoscopes 2008 5.5.0.2.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Hot File 1.1.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\HTML To PHP Converter 4.3.0.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Hue and cry 1.30.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\IP Camera Bandwidth & Disk Space Calculator 5.1 Build 202.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\iSuite 1.4.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\JCALG1 5.32.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Joost 1.1.8 Beta.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Kaspersky Anti-Hacker 1.8.180.key.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\KVIrc 3.4.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Lamborghini Diablo Screensaver 2.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\LapBack 2.0.7.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\LingvoSoft Dictionary 2008 English - Bulgarian 4.1.29.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\LingvoSoft Talking Dictionary 2008 English - Indonesian 4.1.29.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\LingvoSoft Talking Picture Dictionary 2008 German - Latvian 1.2.26.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Linkman 7.6.0.18.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Live Defender 2.1.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Logon Loader 3.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Magic Calendar Maker 3.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Mail Access Monitor for MDaemon 3.8.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Marx E-Book Browser 1.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\MB Free Zodiac Signs Software 1.90.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\MCS CPU Benchmark 2008 6.30.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Message Splitter 2.0a10.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Microsoft Junk Email Filter for Outlook 2007 November 2008.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Multiple RSS Feed Reader 2.8.1.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\MultiplexCalc 5.4.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\My Templates 1.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\My Video Converter 1.2.37.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\NetStatMon 1.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\NetWhistler 1.01.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Nifty Photo Publisher 2.5.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Norton.Internet.Security.+.Ghost.2004.(Symantec).-.nocd.-.keygen.-.crack.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\NWS Phoenix Radar Monitor 1.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Online Privacy Pro 6.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\PBPaste 2.4.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Pennock's Photo Renamer 1.0.1.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Perspectives 2.1.1.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Phbrowser 2006 1.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Puppy Toes Pedigree Generator .NET 1.0.0707.2006.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Q Length Converter 1.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Radio Espacio Widget 1.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Random Text Viewer Widget 2.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Rapid CSS Editor 2008 9.3.0.101.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\RFC Assistant 1.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Rudolph Clock Demo Screensaver 1.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Salad Screensaver 1.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\SBNews 10.4.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Search and Replace 98 3.1.2.82.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\SendMSG 1.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Simple Timer 1.0.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\SmartSVN 4.0.9.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\SoftStep 3.2.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Source Code Browser 2.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Symantec Norton Internet Security 2005 - Keygen Only!.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Symantec.SystemWorks.2005.Final.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\SyncAudio 1.1.15.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Synnote 1.0.1.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\TVGuideTimeShift 1.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Ultralingua Spanish-English Dictionary 5.03.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\User Tracker 2.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Vacation Screensaver.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Web3D 1.0.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\WebLink SEO 2.7.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Webpage Capture 2.1.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Video Poker Vista Gadget.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\WinImp 1.21.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\WinOrganizer 4.0 Build 1049.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Virtual Audio Cable 4.09.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\VQF plugin for Winamp v1.0 beta 15.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\Vulgar Display.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\XAce Plus 2.01.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\XSound DSP Plugin for Winamp 2-3-5 7.3.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\YACGEN Beta 1.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\WDIR\ZylTimer 1.17.zip
c:\documents and settings\HP.WUOWR5MOX8JF4RU\K„ynnist„-valikko\Cheap Pharmacy Online.url
c:\documents and settings\HP.WUOWR5MOX8JF4RU\K„ynnist„-valikko\Search Online.url
c:\documents and settings\HP.WUOWR5MOX8JF4RU\K„ynnist„-valikko\VIP Casino.url
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Suosikit\Cheap Pharmacy Online.url
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Suosikit\Search Online.url
c:\documents and settings\HP.WUOWR5MOX8JF4RU\Suosikit\VIP Casino.url
c:\program files\HP\Digital Imaging\bin\backupnotify.exe
c:\windows\system32\ban_list.txt
c:\windows\system32\drivers\downld
c:\windows\system32\drivers\hldrrr.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_tdssserv


((((((((((((((((((((((((( Files Created from 2009-01-21 to 2009-02-21 )))))))))))))))))))))))))))))))
.

2009-02-21 13:46 . 2009-02-21 13:46 <KANSIO> d-------- c:\program files\Alwil Software
2009-02-21 05:06 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-21 04:59 . 2009-02-21 04:59 <KANSIO> d-------- c:\program files\Microsoft Sync Framework
2009-02-21 04:51 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2009-02-21 04:47 . 2009-02-21 04:47 <KANSIO> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-20 07:40 . 2009-02-20 07:40 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-20 07:39 . 2009-02-20 07:39 <KANSIO> d-------- c:\program files\SUPERAntiSpyware
2009-02-20 07:39 . 2009-02-20 07:39 <KANSIO> d-------- c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\SUPERAntiSpyware.com
2009-02-20 07:36 . 2009-02-20 07:36 <KANSIO> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-06 19:32 . 2009-02-06 19:32 308,104 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 03:06 --------- d-----w c:\program files\Microsoft
2009-02-21 03:05 --------- d-----w c:\program files\Windows Live
2009-02-21 03:01 --------- d-----w c:\program files\Windows Live Toolbar
2009-02-19 18:40 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-11 08:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 08:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-08 14:28 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-23 15:52 --------- d-----w c:\program files\DC++
2009-01-13 16:23 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-13 16:06 --------- d-----w c:\program files\Common Files\Windows Live
2008-08-25 18:48 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008082520080826\index.dat
2008-08-26 10:48 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008082620080827\index.dat
2008-08-20 08:00 44,794,656 --sha-w c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-03-20 1267040]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-09-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-10-30 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-10-30 118784]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-04-30 208958]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-04-30 274432]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-24 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-21 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\documents and settings\Default User\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
AutoTBar.exe [2003-09-30 57344]

c:\documents and settings\Default User\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
AutoTBar.exe [2003-09-30 57344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Program Files\\WebEye\\WebEye.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"49920:TCP"= 49920:TCP:*isabled:emule
"49930:UDP"= 49930:UDP:*isabled:emule
"42198:TCP"= 42198:TCP:*isabled:aze
"42198:UDP"= 42198:UDP:*isabled:aze

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-21 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-21 20560]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2009-02-21 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart\RegistrySmart.exe []

2009-02-21 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BackupNotify - c:\program files\HP\Digital Imaging\bin\backupnotify.exe
HKCU-Run-flec003.exe - c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\hidires\flec003.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


.
------- Supplementary Scan -------
.
uStart Page =
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\Mozilla\Firefox\Profiles\f9u5tv77.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 16:28:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?0?6?2??`???? ???B???????????????B? ??????

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ÿcÓw*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(484)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\HPQ\shared\hpqwmi.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-02-21 16:42:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-21 14:41:07
ComboFix2.txt 2008-08-26 12:27:19

Pre-Run: 33ÿ285ÿ394ÿ432 tavua vapaana
Post-Run: 36,747,231,232 tavua vapaana

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
335 --- E O F --- 2008-09-11 00:06:56

 

sammuta ja käynnistä ajas vielä toinen kieros Combofixsillä

 

Tässäpä tämä:

ComboFix 09-02-19.01 - HP 2009-02-21 17:10:15.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.478.169 [GMT 2:00]
Sijainti: c:\documents and settings\HP.WUOWR5MOX8JF4RU\Ty”p”yt„\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*

VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-21 to 2009-02-21 )))))))))))))))))
.

2009-02-21 17:09 . 2009-02-21 17:09 <KANSIO> d-------- c:\windows\system32\CatRoot_bak
2009-02-21 13:46 . 2009-02-21 13:46 <KANSIO> d-------- c:\program files\Alwil Software
2009-02-21 05:06 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-21 04:59 . 2009-02-21 04:59 <KANSIO> d-------- c:\program files\Microsoft Sync Framework
2009-02-21 04:51 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2009-02-21 04:47 . 2009-02-21 04:47 <KANSIO> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-20 07:40 . 2009-02-20 07:40 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-20 07:39 . 2009-02-20 07:39 <KANSIO> d-------- c:\program files\SUPERAntiSpyware
2009-02-20 07:39 . 2009-02-20 07:39 <KANSIO> d-------- c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\SUPERAntiSpyware.com
2009-02-20 07:36 . 2009-02-20 07:36 <KANSIO> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-06 19:32 . 2009-02-06 19:32 308,104 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 03:06 --------- d-----w c:\program files\Microsoft
2009-02-21 03:05 --------- d-----w c:\program files\Windows Live
2009-02-21 03:01 --------- d-----w c:\program files\Windows Live Toolbar
2009-02-19 18:40 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-11 08:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 08:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-08 14:28 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-23 15:52 --------- d-----w c:\program files\DC++
2009-01-13 16:23 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-13 16:06 --------- d-----w c:\program files\Common Files\Windows Live
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-11-24 18:51 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-08-25 18:48 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008082520080826\index.dat
2008-08-26 10:48 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008082620080827\index.dat
2008-08-20 08:00 44,794,656 --sha-w c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-21_16.32.44.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-05 09:41:45 453,120 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2007-02-28 16:02:38 2,138,624 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:46:12 2,138,624 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 16:02:46 2,059,904 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:46:15 2,060,032 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 16:02:38 2,018,304 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:46:10 2,018,304 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 16:02:46 2,182,656 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 13:46:14 2,182,656 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-06-23 16:29:13 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-06-23 16:29:13 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-06-23 16:29:13 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-06-23 16:29:13 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-06-23 16:29:13 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-06-23 09:21:15 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-06-23 16:29:13 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-06-23 16:29:13 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2008-06-23 16:29:13 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-06-23 16:29:13 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-06-23 16:29:14 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-06-23 16:29:14 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-06-23 16:29:14 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-06-23 09:21:31 625,664 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-06-23 16:29:15 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-06-23 16:29:15 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-06-23 16:29:15 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-06-24 07:29:16 3,592,192 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-06-23 16:29:15 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-06-23 16:29:15 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-06-23 16:29:15 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-06-23 16:29:15 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-06-23 16:29:15 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:31:14 214,752 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:32:23 380,640 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:29:16 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-06-23 16:29:16 1,159,680 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-06-23 16:29:16 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-06-23 16:29:16 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
+ 2009-02-21 15:02:22 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-09-11 00:02:21 2,560 ----a-r c:\windows\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-02-21 15:05:03 2,560 ----a-r c:\windows\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-09-11 00:02:21 34,304 ----a-r c:\windows\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-02-21 15:05:03 34,304 ----a-r c:\windows\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-09-11 00:02:21 8,192 ----a-r c:\windows\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-02-21 15:05:03 8,192 ----a-r c:\windows\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-09-11 00:02:21 3,584 ----a-r c:\windows\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-02-21 15:05:03 3,584 ----a-r c:\windows\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-09-11 00:02:21 16,384 ----a-r c:\windows\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-02-21 15:05:03 16,384 ----a-r c:\windows\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-09-11 00:02:21 22,528 ----a-r c:\windows\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2009-02-21 15:05:03 22,528 ----a-r c:\windows\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-09-11 00:02:21 45,056 ----a-r c:\windows\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-02-21 15:05:03 45,056 ----a-r c:\windows\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-06-23 16:29:13 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-12-20 22:46:48 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-06-23 16:29:13 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 22:46:48 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2008-06-20 10:44:38 138,368 -c----w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 -c----w c:\windows\system32\dllcache\afd.sys
- 2008-06-23 16:29:13 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 22:46:48 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:29:13 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 22:46:49 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-06-23 16:29:13 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 22:46:49 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-02-20 06:51:32 282,624 -c----w c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-23 13:00:00 283,648 -c----w c:\windows\system32\dllcache\gdi32.dll
- 2008-06-23 16:29:13 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-12-20 22:46:49 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-06-23 09:21:15 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-19 09:11:12 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-06-23 16:29:13 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 22:46:49 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
- 2008-06-23 16:29:13 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 22:46:50 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2008-06-21 05:23:54 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-06-23 16:29:13 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-12-20 22:46:50 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-06-23 16:29:13 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 22:46:51 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-06-23 16:29:14 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-12-20 22:46:55 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-06-23 16:29:14 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 22:46:55 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
- 2008-06-23 16:29:14 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-12-20 22:46:55 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-06-23 09:20:26 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-06-23 09:21:31 625,664 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2008-06-23 16:29:15 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 22:46:56 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-06-17 23:09:22 100,864 -c----w c:\windows\system32\dllcache\logagent.exe
- 2006-05-05 09:41:45 453,120 -c----w c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
- 2008-06-23 16:29:15 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-20 22:46:57 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-06-23 16:29:15 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-12-20 22:46:57 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-06-24 07:29:16 3,592,192 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-16 19:16:14 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-06-23 16:29:15 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 22:47:02 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-06-23 16:29:15 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 22:47:02 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-06-23 16:29:15 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 22:47:03 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2007-06-26 06:09:33 1,104,896 -c----w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:45:24 1,106,944 -c----w c:\windows\system32\dllcache\msxml3.dll
- 2006-08-17 12:28:30 332,288 -c----w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 17:00:03 332,800 -c----w c:\windows\system32\dllcache\netapi32.dll
- 2007-02-28 16:02:38 2,138,624 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 13:46:12 2,138,624 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 16:02:46 2,059,904 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 13:46:15 2,060,032 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 16:02:38 2,018,304 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 13:46:10 2,018,304 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 16:02:46 2,182,656 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 13:46:14 2,182,656 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-06-23 16:29:15 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 22:47:03 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-06-23 16:29:15 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 22:47:03 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2006-08-14 10:34:41 332,928 -c----w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 11:57:21 333,184 -c----w c:\windows\system32\dllcache\srv.sys
- 2006-08-24 11:19:40 246,814 -c----w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:17:02 247,326 -c----w c:\windows\system32\dllcache\strmdll.dll
- 2008-06-23 16:29:16 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 22:47:03 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-06-23 16:29:16 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 22:47:04 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-06-23 16:29:16 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 22:47:05 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-03-20 08:09:41 1,845,504 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2008-09-15 15:40:30 1,846,272 -c----w c:\windows\system32\dllcache\win32k.sys
- 2008-06-23 16:29:16 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 22:47:05 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-06-18 03:03:08 938,496 -c----w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-18 19:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 03:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-06-20 10:44:38 138,368 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
- 2006-05-05 09:41:45 453,120 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
- 2006-08-14 10:34:41 332,928 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-12-11 11:57:21 333,184 ----a-w c:\windows\system32\drivers\srv.sys
- 2008-06-23 16:29:13 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 22:46:48 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-06-23 16:29:13 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-12-20 22:46:49 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-06-23 16:29:13 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-12-20 22:46:49 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2009-01-13 18:09:34 169,896 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-21 15:06:23 169,896 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-02-20 06:51:32 282,624 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 13:00:00 283,648 ----a-w c:\windows\system32\gdi32.dll
- 2008-06-23 16:29:13 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-12-20 22:46:49 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-06-23 09:21:15 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:11:12 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-06-23 16:29:13 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-12-20 22:46:49 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-06-23 16:29:13 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-12-20 22:46:50 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-06-23 16:29:13 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-12-20 22:46:50 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-06-23 16:29:13 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 22:46:51 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-06-23 16:29:14 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-12-20 22:46:55 6,066,688 ----a-w c:\windows\system32\ieframe.dll
- 2008-06-23 16:29:14 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-12-20 22:46:55 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-06-23 16:29:14 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-12-20 22:46:55 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-06-23 09:20:26 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-06-23 16:29:15 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-12-20 22:46:56 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-18 18:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-17 23:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2008-06-23 16:29:15 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-12-20 22:46:57 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-06-23 16:29:15 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-12-20 22:46:57 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-06-24 07:29:16 3,592,192 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-16 19:16:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll
- 2008-06-23 16:29:15 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-12-20 22:47:02 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-06-23 16:29:15 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-12-20 22:47:02 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-06-23 16:29:15 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-12-20 22:47:03 671,232 ----a-w c:\windows\system32\mstime.dll
- 2007-06-26 06:09:33 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 16:45:24 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-05-08 12:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 14:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2006-08-17 12:28:30 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 17:00:03 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2007-02-28 16:02:46 2,059,904 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 13:46:15 2,060,032 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2007-02-28 16:02:46 2,182,656 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 13:46:14 2,182,656 ----a-w c:\windows\system32\ntoskrnl.exe
- 2008-06-23 16:29:15 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-12-20 22:47:03 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-06-23 16:29:15 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-12-20 22:47:03 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2007-11-30 12:39:27 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:19:02 17,272 ------w c:\windows\system32\spmsg.dll
- 2006-08-24 11:19:40 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:17:02 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-07-14 11:09:18 62,976 ------w c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47:07 62,976 ------w c:\windows\system32\tzchange.exe
- 2008-06-23 16:29:16 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-12-20 22:47:03 105,984 ----a-w c:\windows\system32\url.dll
- 2008-06-23 16:29:16 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-12-20 22:47:04 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-06-23 16:29:16 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-12-20 22:47:05 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-03-20 08:09:41 1,845,504 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 15:40:30 1,846,272 ----a-w c:\windows\system32\win32k.sys
- 2006-10-18 19:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 03:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-18 19:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 03:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2009-02-21 15:06:45 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5c4.dat
+ 2008-09-30 14:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 14:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
-- Snapshot nollattu tähän hetkeen --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-03-20 1267040]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-09-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-10-30 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-10-30 118784]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-04-30 208958]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-04-30 274432]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-24 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-21 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\documents and settings\Default User\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
AutoTBar.exe [2003-09-30 57344]

c:\documents and settings\Default User\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
AutoTBar.exe [2003-09-30 57344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Program Files\\WebEye\\WebEye.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"49920:TCP"= 49920:TCP:*isabled:emule
"49930:UDP"= 49930:UDP:*isabled:emule
"42198:TCP"= 42198:TCP:*isabled:aze
"42198:UDP"= 42198:UDP:*isabled:aze

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-21 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-21 20560]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
.
'Ajoitetut tehtävät'-kansion sisältö

2009-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2009-02-21 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart\RegistrySmart.exe []

2009-02-21 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart []
.
.
------- Täydentävä tarkistus -------
.
uStart Page =
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\HP.WUOWR5MOX8JF4RU\Application Data\Mozilla\Firefox\Profiles\f9u5tv77.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 17:12:51
Windows 5.1.2600 Service Pack 2 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?0?6?2??????? ???B???????????????B? ??????

tarkistaa piilotettuja tiedostoja ...


**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ÿcÓw*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(484)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Valmistumisajankohta: 2009-02-21 17:16:22
ComboFix-quarantined-files.txt 2009-02-21 15:15:02
ComboFix2.txt 2009-02-21 14:42:32
ComboFix3.txt 2008-08-26 12:27:19

Ennen ajoa: 36ÿ413ÿ452ÿ288 tavua vapaana
Ajon jõlkeen: 36,398,239,744 tavua vapaana

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
389 --- E O F --- 2009-02-21 15:05:17

 

sdfixsillä nyt

scannaa sitten se hjt:n loki.

 

Noniin, tässä hjt:n löydökset!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:36:19, on 21.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\0045d90d3c637c74f834c75fe192b558\update\update.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 8914 bytes

 

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

=================

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.