TR/Vundo.Gen Ongelma

Combofix logi
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-08-18 to 2008-09-18 )))))))))))))))))
.

2008-09-18 20:30 . 2008-09-18 20:30 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-09-18 20:29 . 2008-09-18 20:30 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-18 20:29 . 2008-09-18 20:29 <KANSIO> d-------- C:\Documents and Settings\Tuomas\Application Data\Malwarebytes
2008-09-18 20:29 . 2008-09-18 20:29 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-18 20:29 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-18 20:29 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-18 15:22 . 2008-09-18 15:22 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-09-18 15:22 . 2008-09-18 15:24 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-18 15:14 . 2008-09-18 15:14 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-09-18 15:13 . 2008-09-18 15:13 <KANSIO> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-18 15:09 . 2008-09-18 15:13 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-09-18 15:09 . 2008-09-18 15:09 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-09-18 15:09 . 2008-09-18 15:09 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-09-18 14:57 . 2008-09-18 14:57 <KANSIO> d-------- C:\Program Files\SpeedFan
2008-09-15 18:30 . 2008-09-15 18:30 <KANSIO> d-------- C:\Program Files\calac
2008-09-14 14:21 . 2008-09-14 14:22 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
2008-09-14 12:53 . 2008-09-14 12:53 <KANSIO> d-------- C:\Documents and Settings\Tuomas\Application Data\Logitech
2008-09-14 12:50 . 2008-09-14 12:50 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2008-09-14 12:49 . 2008-09-14 12:49 <KANSIO> d-------- C:\Program Files\Logitech
2008-09-14 12:49 . 2008-09-14 12:49 <KANSIO> d-------- C:\Program Files\Common Files\Logitech
2008-09-14 12:49 . 2004-12-10 12:48 68,992 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-09-14 12:49 . 2004-12-10 12:48 52,992 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2008-09-14 12:49 . 2004-12-10 12:45 49,152 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-09-14 12:49 . 2004-12-10 12:48 36,480 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
2008-09-14 12:49 . 2004-12-10 12:48 24,704 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2008-09-14 12:49 . 2004-12-10 12:47 13,056 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-09-13 20:29 . 2003-09-17 09:06 36,484 --a------ C:\WINDOWS\system32\drivers\SMBios.sys
2008-09-11 15:45 . 2008-09-11 15:45 <KANSIO> d-------- C:\Documents and Settings\Tuomas\Application Data\Media Player Classic
2008-09-11 15:44 . 2008-09-11 15:44 <KANSIO> d-------- C:\Program Files\Webteh
2008-09-11 15:44 . 2008-09-11 15:45 <KANSIO> d-------- C:\Program Files\K-Lite Codec Pack
2008-09-11 15:44 . 2003-04-21 15:09 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2008-09-11 15:44 . 2001-09-17 13:20 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2008-09-11 15:44 . 2005-11-29 21:17 5,632 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-09-11 07:49 . 2008-09-11 15:48 <KANSIO> d-------- C:\Program Files\VideoLAN
2008-09-11 07:45 . 2008-09-11 07:45 <KANSIO> d-------- C:\Program Files\URUSoft
2008-09-11 07:45 . 2008-09-11 07:45 <KANSIO> d-------- C:\Documents and Settings\Tuomas\Application Data\URUSoft
2008-09-10 22:27 . 2008-09-14 14:49 <KANSIO> d-------- C:\Program Files\MSI
2008-09-10 15:42 . 2008-09-10 15:42 <KANSIO> d-------- C:\WINDOWS\.jagex_cache_32
2008-09-09 15:08 . 2008-09-09 15:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-09-08 15:42 . 2008-09-08 15:42 <KANSIO> d-------- C:\Program Files\WINnerTweak3
2008-09-08 15:42 . 2004-06-14 17:01 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-09-08 15:42 . 2003-06-23 02:05 262,144 --a------ C:\WINDOWS\system32\lst_v.ocx
2008-09-08 15:42 . 1999-02-09 20:40 188,928 --a------ C:\WINDOWS\system32\vbuzip10.DLL
2008-09-08 15:42 . 1998-06-24 00:00 167,683 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-09-08 15:42 . 2003-04-23 14:03 159,744 --a------ C:\WINDOWS\system32\wt_menu.dll
2008-09-08 15:42 . 2004-03-18 04:22 145,920 --a------ C:\WINDOWS\system32\tssTaskPane1a.ocx
2008-09-08 15:42 . 2000-07-15 00:00 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-09-08 15:42 . 2000-05-22 01:00 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-09-08 15:42 . 2003-04-01 08:36 94,208 --a------ C:\WINDOWS\system32\img_lst.ocx
2008-09-08 15:42 . 2003-01-26 13:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2008-09-08 15:19 . 2008-09-08 15:20 <KANSIO> d-------- C:\Documents and Settings\Tuomas\.gimp-2.4
2008-09-03 15:38 . 2008-09-03 15:57 <KANSIO> d-------- C:\Documents and Settings\Tuomas\Application Data\Winamp
2008-09-02 21:56 . 2008-09-03 15:39 <KANSIO> d-------- C:\Program Files\Winamp
2008-09-02 21:56 . 2008-09-02 22:06 24 --a------ C:\WINDOWS\winamp.ini
2008-09-02 21:55 . 2008-09-02 21:55 <KANSIO> d-------- C:\Program Files\GIMP-2.0
2008-09-02 15:32 . 2008-09-02 15:38 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2008-09-02 15:31 . 2008-09-02 15:31 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-09-02 15:31 . 2008-09-02 15:31 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-30 22:00 . 2008-09-12 23:48 <KANSIO> d-------- C:\Program Files\DC++
2008-08-28 21:18 . 2008-08-28 21:18 <KANSIO> d--h----- C:\WINDOWS\PIF
2008-08-27 19:04 . 2008-08-27 19:04 <KANSIO> d-------- C:\Program Files\choac
2008-08-25 23:13 . 2008-09-18 14:57 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-08-24 01:32 . 2008-08-24 01:34 10 --a------ C:\WINDOWS\WININIT.INI
2008-08-24 01:24 . 2008-04-14 09:11 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-24 01:10 . 2008-08-24 01:12 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
2008-08-24 01:10 . 2008-04-14 09:12 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe
2008-08-24 01:07 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002742_.tmp
2008-08-24 01:05 . 2008-08-24 01:05 <KANSIO> d-------- C:\WINDOWS\EHome
2008-08-19 09:35 . 2008-08-19 09:35 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-08-19 09:35 . 2008-08-19 09:35 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-18 21:22 . 2008-08-18 21:22 <KANSIO> d-------- C:\Program Files\Common Files\HP
2008-08-18 21:21 . 2008-08-18 21:21 <KANSIO> d-------- C:\Program Files\Hewlett-Packard
2008-08-18 21:21 . 2008-08-18 21:21 <KANSIO> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-08-18 21:21 . 2008-08-18 21:21 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-08-18 21:21 . 2004-05-11 10:53 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2008-08-18 21:21 . 2004-05-11 10:53 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2008-08-18 21:21 . 2004-05-11 10:53 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2008-08-18 21:21 . 2004-05-11 10:53 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
2008-08-18 21:21 . 2004-05-11 10:53 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2008-08-18 21:20 . 2008-08-18 21:20 <KANSIO> d-------- C:\WINDOWS\system32\URTTEMP
2008-08-18 21:16 . 2004-03-18 16:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-08-18 21:16 . 2004-03-18 16:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-08-18 21:16 . 2004-03-18 16:39 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-08-18 21:16 . 2004-03-18 16:55 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-08-18 21:16 . 2004-03-18 16:38 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-08-18 21:16 . 2004-03-18 16:39 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-08-18 21:16 . 2008-04-13 11:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-18 21:15 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-08-18 21:14 . 2008-08-18 21:23 <KANSIO> d-------- C:\Program Files\HP
2008-08-18 21:14 . 2008-08-18 21:23 104,182 --a------ C:\WINDOWS\hpoins04.dat
2008-08-18 21:14 . 2004-06-22 08:04 17,176 --------- C:\WINDOWS\hpomdl04.dat
2008-08-18 21:13 . 2008-08-18 21:14 <KANSIO> d-------- C:\temp\HP_WebRelease
2008-08-18 21:13 . 2008-08-18 21:13 <KANSIO> d-------- C:\temp
2008-08-18 19:51 . 2008-04-13 11:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-18 19:51 . 2008-04-13 11:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 17:37 6,094,880 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-18 17:36 1,571,949 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-18 17:36 --------- d-----w C:\Program Files\Steam
2008-09-18 17:35 74,516 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-18 12:46 --------- d-----w C:\Documents and Settings\Tuomas\Application Data\uTorrent
2008-09-18 12:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-18 04:09 --------- d-----w C:\Program Files\mIRC
2008-09-16 20:02 2,944,512 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-09-16 20:02 1,556,992 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-09-14 09:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-13 15:48 828,928 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-09-13 15:48 1,535,488 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-09-13 11:29 2,076,160 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-09-13 11:29 1,535,488 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-09-12 21:52 24 ----a-w C:\Documents and Settings\Tuomas\jagex_runescape_preferences.dat
2008-09-12 18:31 2,884,096 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-09-12 18:31 1,538,560 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-09-09 20:19 2,869,760 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-09-09 20:19 1,509,376 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-09-08 12:40 --------- d-----w C:\Program Files\TuneXP
2008-09-08 12:39 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-09-03 19:13 2,940,928 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-09-03 19:13 1,497,600 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-09-02 12:46 2,957,824 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-09-02 12:46 1,497,600 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-08-31 08:39 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-08-24 17:06 --------- d-----w C:\Documents and Settings\Tuomas\Application Data\Ventrilo
2008-08-23 22:23 2,939,392 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-08-23 22:23 1,433,600 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-08-20 17:35 2,960,384 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-08-20 17:35 1,376,768 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-08-17 19:02 --------- d-----w C:\Program Files\Lavalys
2008-08-17 00:01 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-16 22:05 --------- d-----w C:\Program Files\Sun
2008-08-16 22:05 --------- d-----w C:\Program Files\Java
2008-08-16 22:01 --------- d-----w C:\Program Files\Common Files\Java
2008-08-16 20:24 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-16 20:24 --------- d-----w C:\Program Files\Windows Live
2008-08-16 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-16 19:08 --------- d-----w C:\Program Files\Ventrilo
2008-08-16 19:04 --------- d-----w C:\Program Files\VentriloMIX
2008-08-16 18:58 --------- d-----w C:\Program Files\Avira
2008-08-16 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-08-16 18:23 --------- d-----w C:\Program Files\uTorrent
2008-08-16 18:12 --------- d-----w C:\Program Files\Zone Labs
2008-08-16 18:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-08-16 17:29 --------- d-----w C:\Documents and Settings\Tuomas\Application Data\ATI
2008-08-16 17:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-08-16 17:27 --------- d-----w C:\Program Files\ATI Technologies
2008-08-16 16:10 --------- d-----w C:\Program Files\MSBuild
2008-08-16 16:09 --------- d-----w C:\Program Files\Reference Assemblies
2008-08-16 15:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-16 15:18 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-08-16 15:18 --------- d-----w C:\Program Files\Realtek
2008-08-16 15:15 --------- d-----w C:\Program Files\Intel
2008-08-16 15:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-01 06:38 3,266,560 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-01 05:40 9,928,704 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-08-01 04:58 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-08-01 04:33 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-08-01 04:32 311,296 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-08-01 04:23 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-08-01 04:23 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-08-01 04:22 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-08-01 04:22 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-08-01 04:22 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-08-01 04:21 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-08-01 04:19 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-08-01 04:10 3,917,568 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-08-01 03:59 2,183,552 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-08-01 03:46 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-08-01 03:42 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-08-01 03:40 35,328 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-08-01 03:40 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-08-01 03:39 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-08-01 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-08-01 03:34 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-07-31 18:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-07-09 06:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-07-09 06:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-04 03:48 9,490,432 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:10 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-08-16 1271032]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-09-14 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-31 C:\WINDOWS\RTHDCPL.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 02:02 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Steam\\steamapps\\skananen\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Steam\\steamapps\\skananen\\counter-strike\\hl.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"H:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-10 38528]
S3 RTCore32;RTCore32;C:\Documents and Settings\Tuomas\Työpöytä\leka\RTCore32.sys [ ]
.
- - - - POISTETUT JŽMŽRIVIT - - - -

HKCU-Run-TransparentTaskBar - (no file)


.
------- T„ydent„v„ tarkistus -------
.
FireFox -: Profile - C:\Documents and Settings\Tuomas\Application Data\Mozilla\Firefox\Profiles\wkljl4zr.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-18 20:36:18
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja k„ynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
------------------------ Muut prosessit ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Valmistumisajankohta: 2008-09-18 20:38:32 - kone k„ynnistettiin uudelleen
ComboFix-quarantined-files.txt 2008-09-18 17:38:29

Pre-Run: 76,788,158,464 tavua vapaana
Post-Run: 76,926,894,080 tavua vapaana

289 --- E O F --- 2008-08-24 13:00:25









Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:26, on 18.9.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: mirc.exe.lnk = C:\Program Files\mIRC\mirc.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {04B45494-8D75-4FDE-ABCF-F8DF34284CD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 18062 bytes

 

Malwarebytes' Anti-Malware 1.28
Tietokantaversio: 1169
Windows 5.1.2600 Service Pack 3

18.9.2008 21:05:25
mbam-log-2008-09-18 (21-05-25).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|H:\|)
Tarkistetut kohteet: 107653
Kulunut aika: 21 minute(s), 47 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 4

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\QooBox\Quarantine\C\WINDOWS\system32\fcccyAtq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\urqNghge.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BDED432C-772C-465A-A4AF-25BE4A401235}\RP71\A0018858.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BDED432C-772C-465A-A4AF-25BE4A401235}\RP71\A0018859.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Poista lisää poista sovelutuksesta

Logitech Desktop Messenger


korja tuota combofix loki niin että se on kokonaisena

 

((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tuomas\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\fcccyAtq.dll
C:\WINDOWS\system32\urqNghge.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-08-18 to 2008-09-18 )))))))))))))))))
.

2008-09-18 20:30 . 2008-09-18 20:30 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-09-18 20:29 . 2008-09-18 20:30 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-18 20:29 . 2008-09-18 20:29 <KANSIO> d-------- C:\Documents and Settings\Tuomas\Application Data\Malwarebytes
2008-09-18 20:29 . 2008-09-18 20:29 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-18 20:29 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-18 20:29 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-18 15:22 . 2008-09-18 15:22 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-09-18 15:22 . 2008-09-18 15:24 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-18 15:14 . 2008-09-18 15:14 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-09-18 15:13 . 2008-09-18 15:13 <KANSIO> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-18 15:09 . 2008-09-18 15:13 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-09-18 15:09 . 2008-09-18 15:09 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-09-18 15:09 . 2008-09-18 15:09 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-09-18 14:57 . 2008-09-18 14:57 <KANSIO> d-------- C:\Program Files\SpeedFan
2008-09-15 18:30 . 2008-09-15 18:30 <KANSIO> d-------- C:\Program Files\calac
2008-09-14 14:21 . 2008-09-14 14:22 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
2008-09-14 12:53 . 2008-09-14 12:53 <KANSIO> d-------- C:\Documents and Settings\Tuomas\Application Data\Logitech
2008-09-14 12:50 . 2008-09-14 12:50 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2008-09-14 12:49 . 2008-09-14 12:49 <KANSIO> d-------- C:\Program Files\Logitech
2008-09-14 12:49 . 2008-09-14 12:49 <KANSIO> d-------- C:\Program Files\Common Files\Logitech
2008-09-14 12:49 . 2004-12-10 12:48 68,992 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-09-14 12:49 . 2004-12-10 12:48 52,992 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2008-09-14 12:49 . 2004-12-10 12:45 49,152 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-09-14 12:49 . 2004-12-10 12:48 36,480 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
2008-09-14 12:49 . 2004-12-10 12:48 24,704 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2008-09-14 12:49 . 2004-12-10 12:47 13,056 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-09-13 20:29 . 2003-09-17 09:06 36,484 --a------ C:\WINDOWS\system32\drivers\SMBios.sys
2008-09-11 15:45 . 2008-09-11 15:45 <KANSIO> d-------- C:\Documents and Settings\Tuomas\Application Data\Media Player Classic
2008-09-11 15:44 . 2008-09-11 15:44 <KANSIO> d-------- C:\Program Files\Webteh
2008-09-11 15:44 . 2008-09-11 15:45 <KANSIO> d-------- C:\Program Files\K-Lite Codec Pack
2008-09-11 15:44 . 2003-04-21 15:09 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2008-09-11 15:44 . 2001-09-17 13:20 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2008-09-11 15:44 . 2005-11-29 21:17 5,632 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-09-11 07:49 . 2008-09-11 15:48 <KANSIO> d-------- C:\Program Files\VideoLAN
2008-09-11 07:45 . 2008-09-11 07:45 <KANSIO> d-------- C:\Program Files\URUSoft
2008-09-11 07:45 . 2008-09-11 07:45 <KANSIO> d-------- C:\Documents and Settings\Tuomas\Application Data\URUSoft
2008-09-10 22:27 . 2008-09-14 14:49 <KANSIO> d-------- C:\Program Files\MSI
2008-09-10 15:42 . 2008-09-10 15:42 <KANSIO> d-------- C:\WINDOWS\.jagex_cache_32
2008-09-09 15:08 . 2008-09-09 15:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-09-08 15:42 . 2008-09-08 15:42 <KANSIO> d-------- C:\Program Files\WINnerTweak3
2008-09-08 15:42 . 2004-06-14 17:01 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-09-08 15:42 . 2003-06-23 02:05 262,144 --a------ C:\WINDOWS\system32\lst_v.ocx
2008-09-08 15:42 . 1999-02-09 20:40 188,928 --a------ C:\WINDOWS\system32\vbuzip10.DLL
2008-09-08 15:42 . 1998-06-24 00:00 167,683 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-09-08 15:42 . 2003-04-23 14:03 159,744 --a------ C:\WINDOWS\system32\wt_menu.dll
2008-09-08 15:42 . 2004-03-18 04:22 145,920 --a------ C:\WINDOWS\system32\tssTaskPane1a.ocx
2008-09-08 15:42 . 2000-07-15 00:00 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-09-08 15:42 . 2000-05-22 01:00 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-09-08 15:42 . 2003-04-01 08:36 94,208 --a------ C:\WINDOWS\system32\img_lst.ocx
2008-09-08 15:42 . 2003-01-26 13:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2008-09-08 15:19 . 2008-09-08 15:20 <KANSIO> d-------- C:\Documents and Settings\Tuomas\.gimp-2.4
2008-09-03 15:38 . 2008-09-03 15:57 <KANSIO> d-------- C:\Documents and Settings\Tuomas\Application Data\Winamp
2008-09-02 21:56 . 2008-09-03 15:39 <KANSIO> d-------- C:\Program Files\Winamp
2008-09-02 21:56 . 2008-09-02 22:06 24 --a------ C:\WINDOWS\winamp.ini
2008-09-02 21:55 . 2008-09-02 21:55 <KANSIO> d-------- C:\Program Files\GIMP-2.0
2008-09-02 15:32 . 2008-09-02 15:38 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2008-09-02 15:31 . 2008-09-02 15:31 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-09-02 15:31 . 2008-09-02 15:31 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-30 22:00 . 2008-09-12 23:48 <KANSIO> d-------- C:\Program Files\DC++
2008-08-28 21:18 . 2008-08-28 21:18 <KANSIO> d--h----- C:\WINDOWS\PIF
2008-08-27 19:04 . 2008-08-27 19:04 <KANSIO> d-------- C:\Program Files\choac
2008-08-25 23:13 . 2008-09-18 14:57 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-08-24 01:32 . 2008-08-24 01:34 10 --a------ C:\WINDOWS\WININIT.INI
2008-08-24 01:24 . 2008-04-14 09:11 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-24 01:10 . 2008-08-24 01:12 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
2008-08-24 01:10 . 2008-04-14 09:12 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe
2008-08-24 01:07 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002742_.tmp
2008-08-24 01:05 . 2008-08-24 01:05 <KANSIO> d-------- C:\WINDOWS\EHome
2008-08-19 09:35 . 2008-08-19 09:35 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-08-19 09:35 . 2008-08-19 09:35 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-18 21:22 . 2008-08-18 21:22 <KANSIO> d-------- C:\Program Files\Common Files\HP
2008-08-18 21:21 . 2008-08-18 21:21 <KANSIO> d-------- C:\Program Files\Hewlett-Packard
2008-08-18 21:21 . 2008-08-18 21:21 <KANSIO> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-08-18 21:21 . 2008-08-18 21:21 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-08-18 21:21 . 2004-05-11 10:53 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2008-08-18 21:21 . 2004-05-11 10:53 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2008-08-18 21:21 . 2004-05-11 10:53 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2008-08-18 21:21 . 2004-05-11 10:53 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
2008-08-18 21:21 . 2004-05-11 10:53 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2008-08-18 21:20 . 2008-08-18 21:20 <KANSIO> d-------- C:\WINDOWS\system32\URTTEMP
2008-08-18 21:16 . 2004-03-18 16:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-08-18 21:16 . 2004-03-18 16:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-08-18 21:16 . 2004-03-18 16:39 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-08-18 21:16 . 2004-03-18 16:55 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-08-18 21:16 . 2004-03-18 16:38 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-08-18 21:16 . 2004-03-18 16:39 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-08-18 21:16 . 2008-04-13 11:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-18 21:15 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-08-18 21:14 . 2008-08-18 21:23 <KANSIO> d-------- C:\Program Files\HP
2008-08-18 21:14 . 2008-08-18 21:23 104,182 --a------ C:\WINDOWS\hpoins04.dat
2008-08-18 21:14 . 2004-06-22 08:04 17,176 --------- C:\WINDOWS\hpomdl04.dat
2008-08-18 21:13 . 2008-08-18 21:14 <KANSIO> d-------- C:\temp\HP_WebRelease
2008-08-18 21:13 . 2008-08-18 21:13 <KANSIO> d-------- C:\temp
2008-08-18 19:51 . 2008-04-13 11:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-18 19:51 . 2008-04-13 11:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 17:37 6,094,880 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-18 17:36 1,571,949 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-18 17:36 --------- d-----w C:\Program Files\Steam
2008-09-18 17:35 74,516 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-18 12:46 --------- d-----w C:\Documents and Settings\Tuomas\Application Data\uTorrent
2008-09-18 12:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-18 04:09 --------- d-----w C:\Program Files\mIRC
2008-09-16 20:02 2,944,512 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-09-16 20:02 1,556,992 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-09-14 09:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-13 15:48 828,928 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-09-13 15:48 1,535,488 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-09-13 11:29 2,076,160 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-09-13 11:29 1,535,488 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-09-12 21:52 24 ----a-w C:\Documents and Settings\Tuomas\jagex_runescape_preferences.dat
2008-09-12 18:31 2,884,096 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-09-12 18:31 1,538,560 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-09-09 20:19 2,869,760 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-09-09 20:19 1,509,376 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-09-08 12:40 --------- d-----w C:\Program Files\TuneXP
2008-09-08 12:39 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-09-03 19:13 2,940,928 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-09-03 19:13 1,497,600 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-09-02 12:46 2,957,824 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-09-02 12:46 1,497,600 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-08-31 08:39 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-08-24 17:06 --------- d-----w C:\Documents and Settings\Tuomas\Application Data\Ventrilo
2008-08-23 22:23 2,939,392 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-08-23 22:23 1,433,600 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-08-20 17:35 2,960,384 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-08-20 17:35 1,376,768 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-08-17 19:02 --------- d-----w C:\Program Files\Lavalys
2008-08-17 00:01 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-16 22:05 --------- d-----w C:\Program Files\Sun
2008-08-16 22:05 --------- d-----w C:\Program Files\Java
2008-08-16 22:01 --------- d-----w C:\Program Files\Common Files\Java
2008-08-16 20:24 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-16 20:24 --------- d-----w C:\Program Files\Windows Live
2008-08-16 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-16 19:08 --------- d-----w C:\Program Files\Ventrilo
2008-08-16 19:04 --------- d-----w C:\Program Files\VentriloMIX
2008-08-16 18:58 --------- d-----w C:\Program Files\Avira
2008-08-16 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-08-16 18:23 --------- d-----w C:\Program Files\uTorrent
2008-08-16 18:12 --------- d-----w C:\Program Files\Zone Labs
2008-08-16 18:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-08-16 17:29 --------- d-----w C:\Documents and Settings\Tuomas\Application Data\ATI
2008-08-16 17:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-08-16 17:27 --------- d-----w C:\Program Files\ATI Technologies
2008-08-16 16:10 --------- d-----w C:\Program Files\MSBuild
2008-08-16 16:09 --------- d-----w C:\Program Files\Reference Assemblies
2008-08-16 15:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-16 15:18 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-08-16 15:18 --------- d-----w C:\Program Files\Realtek
2008-08-16 15:15 --------- d-----w C:\Program Files\Intel
2008-08-16 15:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-01 06:38 3,266,560 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-01 05:40 9,928,704 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-08-01 04:58 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-08-01 04:33 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-08-01 04:32 311,296 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-08-01 04:23 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-08-01 04:23 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-08-01 04:22 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-08-01 04:22 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-08-01 04:22 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-08-01 04:21 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-08-01 04:19 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-08-01 04:10 3,917,568 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-08-01 03:59 2,183,552 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-08-01 03:46 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-08-01 03:42 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-08-01 03:40 35,328 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-08-01 03:40 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-08-01 03:39 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-08-01 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-08-01 03:34 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-07-31 18:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-07-09 06:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-07-09 06:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-04 03:48 9,490,432 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:10 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-08-16 1271032]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-09-14 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-31 C:\WINDOWS\RTHDCPL.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 02:02 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Steam\\steamapps\\skananen\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Steam\\steamapps\\skananen\\counter-strike\\hl.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"H:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-10 38528]
S3 RTCore32;RTCore32;C:\Documents and Settings\Tuomas\Työpöytä\leka\RTCore32.sys [ ]
.
- - - - POISTETUT JŽMŽRIVIT - - - -

HKCU-Run-TransparentTaskBar - (no file)


.
------- T„ydent„v„ tarkistus -------
.
FireFox -: Profile - C:\Documents and Settings\Tuomas\Application Data\Mozilla\Firefox\Profiles\wkljl4zr.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-18 20:36:18
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja k„ynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
------------------------ Muut prosessit ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Valmistumisajankohta: 2008-09-18 20:38:32 - kone k„ynnistettiin uudelleen
ComboFix-quarantined-files.txt 2008-09-18 17:38:29

Pre-Run: 76,788,158,464 tavua vapaana
Post-Run: 76,926,894,080 tavua vapaana

289 --- E O F --- 2008-08-24 13:00:25
tuossa on kaikki mitä antaa

 

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

Älä tee muuta sillä voi aiheuttaa koneen jumiutumisen

 

Juu, Ei ole vähään aikaan pukannut tota kun tuon antimalware jutun hyrräsin ja deletoin ne Torjan.Vundo jutut , teen tuon jos pukkaa vielä