Tietoturva po up

Ikkunaa pomppii ja onko muutakin örkkiä?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:16, on 30.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\adovghev.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26FB7691-9B5B-533D-F606-064811F54B9C} - C:\WINDOWS\system32\apiweb.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {6D7CAC2B-0BCD-E8FF-9EA1-05D234039B46} - C:\WINDOWS\system32\SmartSetUi.dll
O2 - BHO: (no name) - {731BD303-BAAF-7928-D0CD-03A5A9D86C00} - C:\WINDOWS\system32\smarten.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [xcissdbc] C:\WINDOWS\system32\adovghev.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7637 bytes

 

En tunnistanut palomuuria koneeltasi.
Asennukset on syytä tehdä Järjestelmänvalvojan tunnuksilla
Asenna koneellesi YKSI palomuuriohjelma NYT:

1) ZoneAlarm
2) Agnitum
3) Sunbelt/Kerio
4) Comodo

Jos käytät sisäänrakennettua Windowsin palomuuria, se ei ole suositeltua sillä se ei estä koneelta ulosmeneviä yhteyksiä.
Muista käyttää vain yhtä palomuuria kerrallaan.

-----------------------------------------------------------------------------


Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

------------------------------------------------------------------

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe


Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)



Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.





Folder::
-----------------------------------------------------------------

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O2 - BHO: (no name) - {26FB7691-9B5B-533D-F606-064811F54B9C} - C:\WINDOWS\system32\apiweb.dll
O2 - BHO: (no name) - {6D7CAC2B-0BCD-E8FF-9EA1-05D234039B46} - C:\WINDOWS\system32\SmartSetUi.dll
O2 - BHO: (no name) - {731BD303-BAAF-7928-D0CD-03A5A9D86C00} - C:\WINDOWS\system32\smarten.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [xcissdbc] C:\WINDOWS\system32\adovghev.exe

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
* Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
*

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:56, on 30.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7813 bytes



Malwarebytes' Anti-Malware 1.19
Tietokantaversio: 907
Windows 5.1.2600 Service Pack 3

13:27:00 30.6.2008
mbam-log-6-30-2008 (13-27-00).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 71749
Kulunut aika: 13 minute(s), 19 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)




ComboFix 08-06-20.4 - KARI 2008-06-30 13:07:04.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.670 [GMT 3:00]
Running from: C:\Documents and Settings\KARI\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\KARI\Työpöytä\cfscript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-28 to 2008-06-30 )))))))))))))))))
.

2008-06-30 09:03 . 2008-06-30 09:03 <KANSIO> d-------- C:\Documents and Settings\KARI\Application Data\Grisoft
2008-06-30 09:03 . 2008-06-30 09:03 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-30 09:03 . 2007-05-30 15:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-06-30 08:50 . 2008-06-30 08:50 <KANSIO> d-------- C:\Program Files\AskSBar
2008-06-30 08:50 . 2008-06-30 08:50 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-06-30 08:49 . 2008-06-30 08:50 <KANSIO> d-------- C:\Program Files\COMODO
2008-06-30 08:49 . 2008-06-30 08:49 <KANSIO> d-------- C:\Documents and Settings\KARI\Application Data\Comodo
2008-06-30 08:49 . 2008-06-30 08:58 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-06-30 08:49 . 2008-06-30 08:49 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-06-30 08:49 . 2008-06-30 08:49 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-06-30 08:49 . 2008-06-30 08:49 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-06-30 07:28 . 2008-06-30 07:28 114,688 --a------ C:\WINDOWS\system32\apiweb.dll
2008-06-30 07:28 . 2008-06-30 07:28 114,688 --a------ C:\Documents and Settings\All Users\Application Data\czspofql.dll
2008-06-30 07:28 . 2008-06-30 07:28 86,016 --a------ C:\WINDOWS\system32\adovghev.exe
2008-06-30 07:24 . 2008-06-30 07:24 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-30 01:32 . 2008-06-30 01:32 122,880 --a------ C:\WINDOWS\system32\smarten.dll
2008-06-30 01:32 . 2008-06-30 01:32 122,880 --a------ C:\Documents and Settings\All Users\Application Data\cxmhefef.dll
2008-06-30 01:32 . 2008-06-30 01:32 90,112 --a------ C:\WINDOWS\system32\cfmpszyj.exe
2008-06-30 01:02 . 2008-06-30 01:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ilujstcp
2008-06-30 01:02 . 2008-06-30 01:02 118,784 --a------ C:\WINDOWS\system32\SmartSetUi.dll
2008-06-30 01:02 . 2008-06-30 01:02 118,784 --a------ C:\Documents and Settings\All Users\Application Data\ojepexwh.dll
2008-06-30 01:02 . 2008-06-30 01:02 86,016 --a------ C:\WINDOWS\system32\efcjmpyr.exe
2008-06-30 00:14 . 2008-06-30 00:14 <KANSIO> d-------- C:\Program Files\EA GAMES
2008-06-28 11:19 . 2008-06-30 07:20 2,620 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-27 07:30 . 2008-06-27 07:30 <KANSIO> d-------- C:\Documents and Settings\KARI\Application Data\CyberLink
2008-06-27 07:00 . 2008-06-27 07:00 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-06-26 00:19 . 2008-06-26 00:19 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-06-22 11:10 . 2008-06-22 11:10 <KANSIO> d-------- C:\Program Files\WinAVI Video Converter
2008-06-22 07:42 . 2008-06-22 07:43 <KANSIO> d-------- C:\Program Files\Windows Live Toolbar
2008-06-22 01:51 . 2008-06-22 01:51 <KANSIO> d-------- C:\Program Files\Microsoft Silverlight
2008-06-22 01:51 . 2008-04-14 19:11 21,504 --a------ C:\WINDOWS\system32\drivers\hidserv.dll
2008-06-22 01:51 . 2008-06-22 01:51 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-22 01:51 . 2008-06-22 01:51 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-06-22 01:49 . 2008-06-22 01:49 <KANSIO> d-------- C:\WINDOWS\system32\URTTEMP
2008-06-21 14:53 . 2008-06-21 14:53 <KANSIO> d-------- C:\Documents and Settings\KARI\Application Data\TVU Networks
2008-06-21 13:58 . 2008-06-21 13:58 <KANSIO> d-------- C:\Documents and Settings\KARI\dwhelper
2008-06-21 13:06 . 2008-06-23 23:54 <KANSIO> d-------- C:\Documents and Settings\KARI\LocalLow
2008-06-21 13:06 . 2008-06-21 13:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-06-21 13:05 . 2008-06-21 14:55 <KANSIO> d-------- C:\Program Files\SopCast
2008-06-20 11:59 . 2008-06-20 11:59 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-06-20 06:52 . 2008-06-20 06:52 <KANSIO> d-------- C:\Program Files\URUSoft
2008-06-19 22:57 . 2008-06-19 22:57 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2008-06-19 22:55 . 2008-06-19 22:55 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-19 22:51 . 2008-06-19 22:51 <KANSIO> d-------- C:\Program Files\Raxco
2008-06-19 22:51 . 2008-06-19 22:51 <KANSIO> d-------- C:\Program Files\Common Files\Raxco
2008-06-19 22:51 . 2008-06-19 22:51 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-06-19 18:23 . 2008-06-19 18:23 <KANSIO> d-------- C:\WINDOWS\system32\AGEIA
2008-06-19 18:23 . 2008-06-19 18:23 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-19 18:23 . 2008-06-19 18:23 <KANSIO> d-------- C:\Program Files\AGEIA Technologies
2008-06-19 18:01 . 2008-06-19 18:01 <KANSIO> d-------- C:\Program Files\THQ
2008-06-19 17:39 . 2008-06-19 17:39 <KANSIO> d-------- C:\Documents and Settings\KARI\Application Data\vlc
2008-06-19 17:38 . 2008-06-19 17:38 <KANSIO> d-------- C:\Program Files\VideoLAN
2008-06-19 17:38 . 2008-06-19 17:38 <KANSIO> d-------- C:\Documents and Settings\KARI\Application Data\dvdcss
2008-06-19 17:34 . 2008-06-22 18:09 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-19 17:33 . 2008-06-19 17:33 <KANSIO> d-------- C:\Documents and Settings\KARI\Application Data\GRETECH
2008-06-19 17:33 . 2008-06-19 17:33 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-06-18 15:41 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-18 15:41 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-18 15:41 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-18 14:38 . 2008-06-18 14:38 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Games
2008-06-18 14:37 . 2008-06-18 14:37 <KANSIO> d-------- C:\Documents and Settings\KARI\Application Data\Microsoft Game Studios
2008-06-18 14:35 . 2008-06-18 14:35 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-18 09:44 . 2008-06-19 23:35 <KANSIO> d-------- C:\Documents and Settings\KARI\My Games
2008-06-18 09:44 . 2008-06-18 09:44 <KANSIO> d-------- C:\Documents and Settings\All Users\Microsoft
2008-06-18 09:43 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-06-18 09:43 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-06-18 08:28 . 2008-06-18 08:30 <KANSIO> d-------- C:\Program Files\Windows Live Safety Center
2008-06-18 08:25 . 2008-06-24 19:29 <KANSIO> d-------- C:\Documents and Settings\KARI\Contacts
2008-06-18 08:15 . 2008-06-19 18:23 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-18 08:10 . 2008-06-18 08:15 <KANSIO> d-------- C:\Program Files\Windows Live
2008-06-18 08:10 . 2008-06-18 08:15 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-18 08:10 . 2008-06-24 19:29 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-18 00:31 . 2008-06-18 00:31 <KANSIO> d-------- C:\Program Files\VSO
2008-06-18 00:31 . 2008-06-20 12:14 <KANSIO> d-------- C:\Documents and Settings\KARI\Application Data\Vso
2008-06-18 00:31 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-06-18 00:31 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-06-18 00:31 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-06-18 00:31 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-06-18 00:31 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-06-18 00:31 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-06-18 00:31 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-06-18 00:31 . 2008-06-18 00:31 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-18 00:31 . 2008-06-18 00:31 47,360 --a------ C:\Documents and Settings\KARI\Application Data\pcouffin.sys
2008-06-18 00:25 . 2008-06-18 00:25 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-06-18 00:22 . 2008-06-18 00:22 1,160 --a------ C:\WINDOWS\mozver.dat
2008-06-18 00:19 . 2008-06-18 14:14 <KANSIO> d-------- C:\Program Files\MagicISO
2008-06-18 00:18 . 2008-06-18 00:18 <KANSIO> d-------- C:\Documents and Settings\KARI\Application Data\Malwarebytes
2008-06-18 00:18 . 2008-06-18 00:18 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-18 00:18 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-18 00:18 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-18 00:17 . 2008-06-30 01:26 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-18 00:07 . 2008-06-18 14:14 <KANSIO> d-------- C:\Documents and Settings\KARI\Application Data\Ahead
2008-06-18 00:03 . 2008-06-18 00:03 <KANSIO> d-------- C:\Program Files\Nero
2008-06-18 00:03 . 2008-06-18 00:07 <KANSIO> d-------- C:\Program Files\Common Files\Ahead
2008-06-17 22:50 . 2008-06-17 22:50 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2008-06-17 22:49 . 2008-06-17 22:49 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-06-17 22:49 . 2008-06-17 22:50 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-17 22:41 . 2008-06-17 22:41 <KANSIO> d-------- C:\WINDOWS\system32\fi
2008-06-17 22:41 . 2008-06-17 22:41 <KANSIO> d-------- C:\WINDOWS\system32\bits
2008-06-17 22:41 . 2008-06-17 22:41 <KANSIO> d-------- C:\WINDOWS\l2schemas
2008-06-17 22:40 . 2008-06-17 22:42 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
2008-06-17 22:35 . 2008-06-17 22:35 <KANSIO> d-------- C:\WINDOWS\EHome
2008-06-17 22:28 . 2004-09-14 16:06 326,912 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-06-17 22:27 . 2008-06-17 22:27 <KANSIO> d-------- C:\Documents and Settings\KARI\Application Data\ATI
2008-06-17 22:27 . 2008-06-17 22:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-06-17 21:52 . 2008-06-17 21:52 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-06-17 21:50 . 2008-05-12 10:49 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-06-17 21:49 . 2008-06-17 21:50 <KANSIO> d-------- C:\Program Files\ATI Technologies
2008-06-17 21:49 . 2008-06-17 21:49 <KANSIO> d-------- C:\ATI
2008-06-17 21:30 . 2008-06-17 21:30 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-12 19:30 . 2008-05-12 19:30 3,007,488 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 19:30 . 2008-05-12 19:30 3,007,488 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 18:56 . 2008-05-12 18:56 397,312 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 18:54 . 2008-05-12 18:54 305,152 --a--c--- C:\WINDOWS\system32\dllcache\ati2dvag.dll
2008-05-12 18:54 . 2008-05-12 18:54 305,152 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 18:53 . 2008-05-12 18:53 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 18:45 . 2008-05-12 18:45 180,224 --a------ C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 18:45 . 2008-05-12 18:45 139,264 --a------ C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 18:45 . 2008-05-12 18:45 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 18:45 . 2008-05-12 18:45 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 18:44 . 2008-05-12 18:44 139,264 --a------ C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 18:43 . 2008-05-12 18:43 10,153,984 --a------ C:\WINDOWS\system32\atioglx2.dll
2008-05-12 18:43 . 2008-05-12 18:43 540,672 --a------ C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 18:41 . 2008-05-12 18:41 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 18:32 . 2008-05-12 18:32 3,203,168 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 09:57 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-29 21:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-29 19:49 --------- d-----w C:\Documents and Settings\KARI\Application Data\uTorrent
2008-06-27 04:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-22 21:48 --------- d-----w C:\Program Files\PeerGuardian2
2008-06-20 09:14 --------- d-----w C:\Documents and Settings\KARI\Application Data\Vso
2008-06-20 08:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2008-06-19 14:39 --------- d-----w C:\Documents and Settings\KARI\Application Data\vlc
2008-06-17 21:46 --------- d-----w C:\Program Files\uTorrent
2008-06-17 21:12 --------- d-----w C:\Documents and Settings\KARI\Application Data\U3
2008-06-17 20:57 43,602 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe
2008-06-17 20:57 --------- d-----w C:\Program Files\AutoGK
2008-06-17 20:56 --------- d-----w C:\Program Files\Gabest
2008-06-17 20:56 --------- d-----w C:\Program Files\AviSynth 2.5
2008-06-17 20:54 --------- d-----w C:\Program Files\DVD Shrink
2008-06-17 20:34 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-06-17 20:32 --------- d-----w C:\Program Files\CyberLink
2008-06-17 20:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-17 20:29 --------- d-----w C:\Program Files\Canon
2008-06-17 20:29 --------- d-----w C:\Documents and Settings\KARI\Application Data\Canon
2008-06-17 20:28 --------- d-----w C:\Documents and Settings\KARI\Application Data\ScanSoft
2008-06-17 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-06-17 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-17 20:27 --------- d-----w C:\Program Files\ScanSoft
2008-06-17 20:27 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-06-17 20:27 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-17 20:26 --------- d-----w C:\Program Files\ArcSoft
2008-06-17 20:24 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-06-17 20:23 --------- d--h--w C:\Program Files\CanonBJ
2008-06-17 20:21 --------- d-----w C:\Program Files\CCleaner
2008-06-17 20:19 --------- d-----w C:\Program Files\ffdshow
2008-06-17 20:18 --------- d-----w C:\Program Files\AC3Filter
2008-06-17 20:17 --------- d-----w C:\Program Files\Real Alternative
2008-06-17 20:17 --------- d-----w C:\Program Files\Haali
2008-06-17 20:16 --------- d-----w C:\Program Files\QuickTime Alternative
2008-06-17 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-17 20:15 --------- d-----w C:\Program Files\Sun
2008-06-17 20:15 --------- d-----w C:\Program Files\Java
2008-06-17 20:14 --------- d-----w C:\Program Files\Common Files\Java
2008-06-17 20:13 --------- d-----w C:\Program Files\GRETECH
2008-06-17 20:01 --------- d-----w C:\Documents and Settings\KARI\Application Data\Thunderbird
2008-06-17 17:55 --------- d-----w C:\Program Files\C-Media 3D Audio
2008-06-17 17:52 --------- d-----w C:\Program Files\Intel
2008-06-17 17:46 --------- d-----w C:\Program Files\Alwil Software
2008-06-17 17:39 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-15 18:13 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-06-15 07:01 60,273 ----a-w C:\WINDOWS\system32\pthreadGC2.dll
2008-06-14 17:34 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,704 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 16:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 16:15 331,264 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 16:11 997,888 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 16:10 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 16:09 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 16:09 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 15:49 2,191,360 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 15:49 2,068,224 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 15:48 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 15:46 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 15:45 80,384 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 15:44 48,640 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 15:43 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 15:41 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 15:41 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 15:40 65,536 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 15:38 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 06:12 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 06:11 992,256 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 06:11 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:40 440,832 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:36 2,921,984 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:35 186,368 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26FB7691-9B5B-533D-F606-064811F54B9C}]
2008-06-30 07:28 114688 --a------ C:\WINDOWS\system32\apiweb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D7CAC2B-0BCD-E8FF-9EA1-05D234039B46}]
2008-06-30 01:02 118784 --a------ C:\WINDOWS\system32\SmartSetUi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{731BD303-BAAF-7928-D0CD-03A5A9D86C00}]
2008-06-30 01:32 122880 --a------ C:\WINDOWS\system32\smarten.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 15:05 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 18:58 217544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl,CMICtrlWnd" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 02:52 849280]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-06-30 08:50 278264]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-30 08:49 1655552]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-06-30 08:49]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-06-30 08:49]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-18 01:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea575b10-3c94-11dd-b8a3-001966371c78}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - AVGASCLN
*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-30 09:11:01 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 13:09:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-06-30 13:10:38
ComboFix-quarantined-files.txt 2008-06-30 10:10:30

Pre-Run: 202,141,483,008 tavua vapaana
Post-Run: 202,130,165,760 tavua vapaana

312 --- E O F --- 2008-06-25 21:19:45

 

Pöpöt haihtuivat savuna ilmaan ???
Scan logitkaan ei niitä löytäneet.

Puhdasta on.
Roskat vain pois ja Baanalle:
******************************************
Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK
*************************************************************
******************************************
Käynnistä Malwarebytes Karanteeni välileti ja tyhjennä roskat.
**********************************************************

 

Kiitti, pitäs varmaan ruveta opiskelemaan tuota fixausta kun taidot ei vielä riitä.

 

Ihan hyvä ajatus !!!
Pöpöt lisääntyy ja Fixarit vähenee.

 

Tuolla virusnetissähän ne järjestää sitä koulutusta.

 

Sielläkin

HJT kouluja:
malwareremoval.com
spywareinfo.com
tomcoyote.org
geekstogo.com
bleepingcomputer.com