|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Hijack logit
|
|
|
Tatimo
Suspended due to non-functional email address
|
4. heinäkuuta 2008 @ 11:39 |
Linkki tähän viestiin
|
Ongelman huomasin kun en saanut päälle automaattisia päivityksiä. Tais ain päälle mutta ne ei pysyny päällä kymmentä minuuttia kauempaa.
Skannalin sitten avastilla käynnistyksen yhteydessä koneen. Sieltähän sitten löyty Windowsin system32 kansiosta tartunnan saaneita .Dll -tiedostoja ihan perkeleesti. Mitään muuta ei löytäny kuin noi.
Lainaus:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:16, on 4.7.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\ProgramData\slkrehub\mxizkryx.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\regsvr32.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Users\Järjestelmänvalvoja\DAEMON Tools Lite\daemon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\ergfofch.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {1E17FEFF-1CA9-4120-9B1B-0DE19C2F9C59} - C:\Windows\system32\fCrSkhij.dll (file missing)
O2 - BHO: {c6cc3287-da31-71cb-9e24-41bf6b91a1f1} - {1f1a19b6-fb14-42e9-bc17-13ad7823cc6c} - C:\Windows\system32\sohnna.dll
O2 - BHO: (no name) - {4B941E37-FC86-8865-C731-04437695998C} - C:\Windows\system32\UiSmart.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F0BC581A-7F44-478A-A103-C692FB3EBF78} - C:\Windows\system32\vtUkkkLF.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ufohetwp] regsvr32 /u "C:\ProgramData\ufohetwp.dll"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [b4636868] rundll32.exe "C:\Windows\system32\trieewjv.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Users\Järjestelmänvalvoja\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [kuamnkzz] C:\Windows\system32\ergfofch.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [InGaGLIcya] C:\ProgramData\slkrehub\mxizkryx.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 12596 bytes
/quote]
|
Senior Member
4 tuotearviota
|
4. heinäkuuta 2008 @ 12:20 |
Linkki tähän viestiin
|
Vundohan se siellä luuraa.
Lataa Malwarebytes' Anti-Malware työpöydällesi.
* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.
1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe
Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
Tyhjennä roskakori ja käynnistä koneesi uudelleen.
Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*
|
|
Tatimo
Suspended due to non-functional email address
|
4. heinäkuuta 2008 @ 16:56 |
Linkki tähän viestiin
|
HJT logi
Lainaus:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:50:25, on 4.7.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\ProgramData\slkrehub\mxizkryx.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\regsvr32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\Järjestelmänvalvoja\DAEMON Tools Lite\daemon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Windows\System32\mnybqdmd.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {1E17FEFF-1CA9-4120-9B1B-0DE19C2F9C59} - C:\Windows\system32\fCrSkhij.dll (file missing)
O2 - BHO: {c6cc3287-da31-71cb-9e24-41bf6b91a1f1} - {1f1a19b6-fb14-42e9-bc17-13ad7823cc6c} - C:\Windows\system32\sohnna.dll (file missing)
O2 - BHO: (no name) - {3F262AB5-DD3D-A956-E150-012E3C652E66} - C:\Windows\system32\actshmsg.dll
O2 - BHO: (no name) - {4B941E37-FC86-8865-C731-04437695998C} - C:\Windows\system32\UiSmart.dll
O2 - BHO: (no name) - {743A5BB3-F8E4-BDEE-0BEF-04CBF5ED1A80} - C:\Windows\system32\MntComGen.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ufohetwp] regsvr32 /u "C:\ProgramData\ufohetwp.dll"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [fmvszkve] regsvr32 /u "C:\ProgramData\fmvszkve.dll"
O4 - HKLM\..\Run: [wrihyjwj] regsvr32 /u "C:\ProgramData\wrihyjwj.dll"
O4 - HKLM\..\Run: [nmhiditw] regsvr32 /u "C:\ProgramData\nmhiditw.dll"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Users\Järjestelmänvalvoja\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [kuamnkzz] C:\Windows\system32\ergfofch.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [oirrgtzs] C:\Windows\system32\xebmxcls.exe
O4 - HKCU\..\Run: [kkbdbfxo] C:\Windows\system32\mnybqdmd.exe
O4 - HKCU\..\Run: [allekibg] C:\Windows\system32\zijapktq.exe
O4 - HKLM\..\Policies\Explorer\Run: [InGaGLIcya] C:\ProgramData\slkrehub\mxizkryx.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 13066 bytes
Combofix raportti
Lainaus:
ComboFix 08-07-03.5 - Järjestelmänvalvoja 2008-07-04 14:52:42.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1271 [GMT 3:00]
Running from: C:\Users\Järjestelmänvalvoja\Desktop\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\fesqgrsy.dll
C:\Windows\System32\fPqsCJjl.ini
C:\Windows\System32\fPqsCJjl.ini2
C:\Windows\System32\gOXHOXbc.ini
C:\Windows\System32\gOXHOXbc.ini2
C:\Windows\system32\hjbabtle.ini
C:\Windows\system32\ibbfom.dll
C:\Windows\System32\jihkSrCf.ini
C:\Windows\System32\jihkSrCf.ini2
C:\Windows\system32\kjklfmeg.dll
C:\Windows\system32\ktgywecm.ini
C:\Windows\system32\lbofongq.ini
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\nhqsxfky.dll
C:\Windows\system32\pgbhgvmx.ini
C:\Windows\system32\qprglcmg.ini
C:\Windows\system32\qusgil.dll
C:\Windows\system32\sohnna.dll
C:\Windows\system32\spzikz.dll
C:\Windows\system32\trieewjv.dll
C:\Windows\system32\wavvcjvm.dll
C:\Windows\system32\vtUkkkLF.dll
C:\Windows\system32\wxnjfljg.ini
C:\Windows\Web\def.htm
.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-06-04 to 2008-07-04 )))))))))))))))))
.
2008-07-04 14:59 . 2008-07-04 14:59 110,592 --a------ C:\Windows\System32\MntComGen.dll
2008-07-04 14:59 . 2008-07-04 14:59 110,592 --a------ C:\Users\All Users\wrihyjwj.dll
2008-07-04 14:59 . 2008-07-04 14:59 110,592 --a------ C:\PROGRA~2\wrihyjwj.dll
2008-07-04 14:59 . 2008-07-04 14:59 98,304 --a------ C:\Windows\System32\mnybqdmd.exe
2008-07-04 14:42 . 2008-07-04 14:42 110,592 --a------ C:\Users\All Users\fmvszkve.dll
2008-07-04 14:42 . 2008-07-04 14:42 110,592 --a------ C:\PROGRA~2\fmvszkve.dll
2008-07-04 14:41 . 2008-07-04 14:41 110,592 --a------ C:\Windows\System32\AdmGen.dll
2008-07-04 14:41 . 2008-07-04 14:41 98,304 --a------ C:\Windows\System32\xebmxcls.exe
2008-07-04 13:32 . 2008-07-04 13:32 <KANSIO> d-------- C:\Users\JRJEST~1\AppData\Roaming\Malwarebytes
2008-07-04 13:31 . 2008-07-04 13:31 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-07-04 13:31 . 2008-07-04 13:31 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-04 13:31 . 2008-07-04 13:31 <KANSIO> d-------- C:\PROGRA~2\Malwarebytes
2008-07-04 13:31 . 2008-06-28 14:16 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-07-04 13:31 . 2008-06-28 14:16 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-03 15:00 . 2008-07-03 15:00 <KANSIO> d-------- C:\Program Files\PFConfig
2008-07-03 14:00 . 2008-07-03 14:00 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-07-03 12:15 . 2008-07-03 12:15 <KANSIO> d-------- C:\Users\JRJEST~1\AppData\Roaming\Comodo
2008-07-03 12:15 . 2008-07-03 13:22 <KANSIO> d-------- C:\Users\All Users\comodo
2008-07-03 12:15 . 2008-07-03 12:15 <KANSIO> d-------- C:\Program Files\COMODO
2008-07-03 12:15 . 2008-07-03 13:22 <KANSIO> d-------- C:\PROGRA~2\comodo
2008-07-03 12:15 . 2008-07-03 12:15 143,104 --a------ C:\Windows\System32\guard32.dll
2008-07-03 12:15 . 2008-07-03 12:15 85,008 --a------ C:\Windows\System32\drivers\cmdguard.sys
2008-07-03 12:15 . 2008-07-03 12:15 25,104 --a------ C:\Windows\System32\drivers\cmdhlp.sys
2008-07-03 11:52 . 2008-07-03 11:52 3,764 --a------ C:\Windows\System32\tmp.reg
2008-07-03 11:52 . 2008-07-03 11:52 691 --a------ C:\Users\JRJEST~1\AppData\Roaming\GetValue.vbs
2008-07-03 11:52 . 2008-07-03 11:52 35 --a------ C:\Users\JRJEST~1\AppData\Roaming\SetValue.bat
2008-07-03 11:51 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-07-03 11:51 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-07-03 11:51 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-07-03 11:51 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe
2008-07-03 11:51 . 2008-07-02 13:33 82,432 --a------ C:\Windows\System32\IEDFix.C.exe
2008-07-03 11:51 . 2008-05-23 18:21 81,920 --a------ C:\Windows\System32\404Fix.exe
2008-07-03 11:51 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-07-03 11:51 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-07-03 11:51 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-07-02 20:06 . 2008-07-02 20:06 268 --ah----- C:\sqmdata08.sqm
2008-07-02 20:06 . 2008-07-02 20:06 244 --ah----- C:\sqmnoopt08.sqm
2008-07-02 16:55 . 2008-07-02 16:55 268 --ah----- C:\sqmdata07.sqm
2008-07-02 16:55 . 2008-07-02 16:55 244 --ah----- C:\sqmnoopt07.sqm
2008-07-01 22:35 . 2008-07-01 22:35 102,400 --a------ C:\Windows\System32\UiSmart.dll
2008-07-01 22:35 . 2008-07-01 22:35 102,400 --a------ C:\Users\All Users\ufohetwp.dll
2008-07-01 22:35 . 2008-07-01 22:35 102,400 --a------ C:\PROGRA~2\ufohetwp.dll
2008-07-01 22:35 . 2008-07-01 22:35 86,016 --a------ C:\Windows\System32\ergfofch.exe
2008-07-01 22:25 . 2008-07-01 22:25 <KANSIO> d-------- C:\Users\JRJEST~1\AppData\Roaming\Media Player Classic
2008-07-01 22:24 . 2008-07-01 22:24 <KANSIO> d-------- C:\Users\All Users\Real
2008-07-01 22:24 . 2008-07-01 22:24 <KANSIO> d-------- C:\Program Files\Real Alternative
2008-07-01 19:22 . 2008-07-01 19:22 244 --ah----- C:\sqmnoopt06.sqm
2008-07-01 19:22 . 2008-07-01 19:22 232 --ah----- C:\sqmdata06.sqm
2008-07-01 10:46 . 2008-07-01 10:46 <KANSIO> d-------- C:\Program Files\Microsoft Silverlight
2008-06-30 10:53 . 2008-06-30 10:53 <KANSIO> d-------- C:\Program Files\Opera
2008-06-29 12:30 . 2008-06-29 12:30 <KANSIO> d-------- C:\Users\All Users\slkrehub
2008-06-29 12:30 . 2008-06-29 12:30 <KANSIO> d-------- C:\PROGRA~2\slkrehub
2008-06-26 10:18 . 2008-06-26 10:18 <KANSIO> d-------- C:\Program Files\PowerISO
2008-06-23 16:10 . 2008-06-23 16:10 <KANSIO> d-------- C:\Program Files\Bradbury
2008-06-23 16:10 . 2005-09-01 18:32 72,192 --a------ C:\Windows\unlite3.exe
2008-06-23 12:51 . 2008-06-23 12:51 <KANSIO> d-------- C:\Program Files\Astyle CSS editor
2008-06-23 12:36 . 2008-06-23 14:17 <KANSIO> d-------- C:\Users\JRJEST~1\AppData\Roaming\com.oxygenxml
2008-06-23 12:35 . 2008-06-23 12:59 <KANSIO> d-------- C:\Program Files\Oxygen XML Editor 9
2008-06-23 12:25 . 2008-06-23 12:25 <KANSIO> d-------- C:\Users\All Users\Altova
2008-06-23 12:25 . 2008-06-23 12:26 <KANSIO> d-------- C:\Program Files\Common Files\Altova
2008-06-23 12:25 . 2008-06-23 12:25 <KANSIO> d-------- C:\Program Files\Altova
2008-06-23 12:25 . 2008-06-23 12:25 <KANSIO> d-------- C:\PROGRA~2\Altova
2008-06-23 12:24 . 2008-06-23 12:24 <KANSIO> d-------- C:\Windows\Downloaded Installations
2008-06-22 13:18 . 2008-06-22 13:18 <KANSIO> d-------- C:\Program Files\Konami
2008-06-21 19:36 . 2008-06-21 19:36 <KANSIO> d-------- C:\Program Files\EXPStudio
2008-06-21 19:36 . 2008-06-21 19:36 119,964 --a------ C:\Windows\EXPStudio's Audio Converter Uninstaller.exe
2008-06-21 19:24 . 2008-06-21 19:29 <KANSIO> d-------- C:\Program Files\HooTech
2008-06-21 16:11 . 2008-06-21 16:11 <KANSIO> d-------- C:\Program Files\OpenAL
2008-06-21 16:10 . 2008-06-21 16:23 <KANSIO> d-------- C:\Program Files\Penumbra
2008-06-19 21:32 . 2008-06-19 21:32 <KANSIO> d-------- C:\WOLF3D
2008-06-14 20:54 . 2008-04-23 08:11 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-06-14 20:54 . 2008-04-23 07:27 428,032 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 20:54 . 2008-04-23 08:12 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 20:54 . 2008-04-23 08:12 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 20:54 . 2008-04-23 08:12 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-14 20:54 . 2008-04-23 08:11 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-14 20:54 . 2008-04-23 08:11 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 19:10 . 2008-06-14 19:10 <KANSIO> d-------- C:\Program Files\Worms
2008-06-13 20:46 . 2008-06-13 20:46 <KANSIO> d-------- C:\Program Files\ffdshow
2008-06-13 20:20 . 2008-06-13 20:20 <KANSIO> d-------- C:\Program Files\AviSynth 2.5
2008-06-13 19:33 . 2008-06-13 19:52 <KANSIO> d-------- C:\Program Files\Audacity
2008-06-12 09:28 . 2008-06-12 09:28 56,108 --a------ C:\Windows\System32\drivers\scdemu.sys
2008-06-09 16:42 . 2008-07-04 14:59 <KANSIO> d-------- C:\Users\JRJEST~1\AppData\Roaming\Hamachi
2008-06-09 16:42 . 2008-06-09 16:42 <KANSIO> d-------- C:\Program Files\Hamachi
2008-06-09 16:42 . 2008-06-09 16:42 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-06-08 16:07 . 2008-06-09 01:20 721 --ah----- C:\os604495.bin
2008-06-08 15:51 . 2008-06-08 15:51 <KANSIO> d-------- C:\Program Files\Macromedia
2008-06-08 15:51 . 2008-06-08 15:51 <KANSIO> d-------- C:\Program Files\Common Files\Vbox
2008-06-06 01:02 . 2008-07-03 00:04 <KANSIO> d-------- C:\Users\JRJEST~1\AppData\Roaming\DivX
2008-06-04 20:13 . 2008-06-04 20:13 <KANSIO> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-04 11:14 . 2008-06-04 11:14 889,856 --a------ C:\Windows\System32\wer.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-04 11:59 --------- d-----w C:\Program Files\Steam
2008-07-04 11:42 --------- d-----w C:\Users\JRJEST~1\AppData\Roaming\OpenOffice.org2
2008-07-04 08:18 --------- d-----w C:\Users\JRJEST~1\AppData\Roaming\mIRC
2008-07-04 08:17 --------- d-----w C:\Program Files\mIRC
2008-07-01 19:23 --------- d-----w C:\Program Files\Real
2008-07-01 19:23 --------- d-----w C:\Program Files\Common Files\Real
2008-06-30 17:46 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-06-29 10:57 --------- d-----w C:\Users\JRJEST~1\AppData\Roaming\uTorrent
2008-06-29 09:28 --------- d-----w C:\Program Files\DC++
2008-06-26 16:41 --------- d-----w C:\Program Files\Soulseek
2008-06-22 10:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-12 19:27 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 13:40 --------- d-----w C:\Program Files\Common Files\Steam
2008-06-04 17:13 --------- d-----w C:\Program Files\DivX
2008-06-03 06:54 --------- d-----w C:\Program Files\Cheat Engine
2008-06-01 15:29 --------- d-----w C:\Program Files\id Software
2008-06-01 09:44 --------- d-----w C:\Program Files\Alwil Software
2008-06-01 09:44 --------- d-----w C:\PROGRA~2\Avg7
2008-05-31 16:57 --------- d-----w C:\Program Files\Guitar Pro 5
2008-05-31 16:39 --------- d-----w C:\Program Files\iTunes
2008-05-31 16:39 --------- d-----w C:\Program Files\iPod
2008-05-31 16:39 --------- d-----w C:\PROGRA~2\Apple Computer
2008-05-31 16:38 --------- d-----w C:\Program Files\QuickTime
2008-05-31 16:31 --------- d-----w C:\Program Files\Apple Software Update
2008-05-29 10:45 --------- d-----w C:\Program Files\Last.fm
2008-05-26 14:48 --------- d-----w C:\PROGRA~2\Age of Empires 3
2008-05-26 14:27 --------- d-----w C:\Program Files\Microsoft Games
2008-05-26 12:03 --------- d--h--w C:\PROGRA~2\{5553977E-AF8B-4870-AEB6-53B6C1BC822D}
2008-05-26 12:02 --------- d-----w C:\Program Files\Stardock Games
2008-05-26 10:54 --------- d-----w C:\Program Files\America's Army Server Manager
2008-05-26 10:52 --------- d-----w C:\Program Files\Logitech
2008-05-26 10:52 --------- d-----w C:\PROGRA~2\Logitech
2008-05-26 10:50 --------- d-----w C:\Program Files\Canon
2008-05-25 12:46 --------- d-----w C:\Program Files\Ubisoft
2008-05-24 09:26 22,328 ----a-w C:\Users\JRJEST~1\AppData\Roaming\PnkBstrK.sys
2008-05-24 08:43 --------- d-----w C:\Program Files\Project64 1.6
2008-05-24 08:40 --------- d-----w C:\Program Files\Delta
2008-05-17 16:16 104,938 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_05_17_18_45_19_small.dmp.zip
2008-05-17 15:44 --------- d-----w C:\Users\JRJEST~1\AppData\Roaming\FrostWire
2008-05-17 15:42 --------- d-----w C:\Program Files\FrostWire
2008-05-17 15:42 --------- d-----w C:\Program Files\AskSBar
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-08 15:25 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2006-11-03 18:33 10,073,543 ----a-w C:\Users\Public\WinMPG_VideoConvert_Setup6.9.exe
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B941E37-FC86-8865-C731-04437695998C}]
2008-07-01 22:35 102400 --a------ C:\Windows\system32\UiSmart.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{743A5BB3-F8E4-BDEE-0BEF-04CBF5ED1A80}]
2008-07-04 14:59 110592 --a------ C:\Windows\system32\MntComGen.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 11:21 153136]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:35 125440]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-04 10:37 171448]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 16:43 1271032]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 13:46 196608]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-03-09 11:41 20480]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]
"kuamnkzz"="C:\Windows\system32\ergfofch.exe" [2008-07-01 22:35 86016]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728]
"oirrgtzs"="C:\Windows\system32\xebmxcls.exe" [2008-07-04 14:41 98304]
"kkbdbfxo"="C:\Windows\system32\mnybqdmd.exe" [2008-07-04 14:59 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-24 11:45 1006264]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 12:09 458752]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 15:35 176128]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 12:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 12:03 217088]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 17:43 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 17:57 2095640]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-06-16 11:52 167936]
"ufohetwp"="C:\ProgramData\ufohetwp.dll" [2008-07-01 22:35 102400]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-07-03 12:15 1655552]
"fmvszkve"="C:\ProgramData\fmvszkve.dll" [2008-07-04 14:42 110592]
"combofix"="C:\Windows\system32\CF3876.exe" [2006-11-02 12:44 320000]
"wrihyjwj"="C:\ProgramData\wrihyjwj.dll" [2008-07-04 14:59 110592]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-12 12:28 4702208 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"InGaGLIcya"="C:\ProgramData\slkrehub\mxizkryx.exe" [2008-06-29 12:30 53248]
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-28 18:43:11 113664]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-03-09 11:41:26 450560]
C:\Users\JRJEST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-06-09 16:42:15 624416]
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 17:54:44 393216]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\Windows\system32\guard32.dll
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.enc"= ITIG726.acm
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_SZ scecli
Authentication Packages REG_SZ msv1_0
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E28FCCE4-7055-4FC8-AEF4-D2582C0D6EA4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0625017A-5F29-45C5-B2C1-34FC90A57DF2}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C3389188-478D-4DA8-B5AC-E7116375D8B3}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{445901D8-4D93-434C-AF92-99E7055366EC}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{F8C06969-8EE5-4144-97E6-D95F4FD8F153}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{B70F0699-4BE5-472C-91C7-E0D0E7096A46}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{30113142-8E7A-4670-9319-EE5956C43AB2}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{A4234120-9EF5-4CBD-889D-DB168D11A027}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{9F772EB8-3FF3-4342-AC40-FC9AFB8524D2}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{F052FC65-6462-456B-8F9F-ED5ABB629223}"= Disabled:TCP:27015:Steam.exe
"TCP Query User{17715FA3-9DA2-4E70-94B4-003B90CF9A99}D:\\steam\\steamapps\\timota\\source dedicated server\\srcds.exe"= UDP:D:\steam\steamapps\timota\source dedicated server\srcds.exe:srcds
"UDP Query User{888D9895-BF87-4E30-BE8C-138ECF6193A3}D:\\steam\\steamapps\\timota\\source dedicated server\\srcds.exe"= TCP:D:\steam\steamapps\timota\source dedicated server\srcds.exe:srcds
"{88640FC8-D3EB-4D2E-AF6B-9A07089BFE0A}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{0CD212F6-5C97-41DC-83AA-6E4E6FD7FD4F}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"TCP Query User{B561D025-1A4D-4F98-9F33-63BB926DA535}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{BED9181D-43ED-44F2-8A46-8B5744DFDA75}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"{599BE233-549A-4C63-92D4-414D4381245A}"= UDP:D:\Steam\Steam.exe:Steam.exe
"{5B510EE5-578F-4F33-87B7-9E014E7F67B2}"= TCP:D:\Steam\Steam.exe:Steam.exe
"{990F59E7-B130-4CF8-8A22-4315A55154DF}"= UDP:D:\bin\Mythos.exe:Mythos
"{767C9F64-B54F-430A-AFC4-EA0097F21D88}"= TCP:D:\bin\Mythos.exe:Mythos
"{2175583B-6141-4FC9-8594-92405BC51975}"= UDP:23841:BitComet 23841 TCP
"{2DA1D5F6-F8D3-49C5-BA3B-12CD9EDB5988}"= TCP:23841:BitComet 23841 UDP
"{AEC50E39-BA1E-43B7-AFFE-BB8701EB3393}"= UDP:25400:BitComet 25400 TCP
"{446A5944-5FA4-435F-8DFD-AE5D6B2B8304}"= TCP:25400:BitComet 25400 UDP
"{3004B4C8-0EE1-480F-A4A1-80005A8F59F9}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{48894512-4F73-4486-B266-445E7B43548D}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{92E79A01-7B89-4041-B81F-4EA08CCCB7B6}"= UDP:C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2
"{17026EAF-1E56-4B56-8AD1-FBE05FC2242F}"= TCP:C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2
"{8C53F1A4-4ECC-45B2-AAC9-5CE21BF27ADE}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{4A1D08DE-1890-4DB4-BF26-3DFCE850F7AD}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6190278E-2839-4BA8-8141-F30F66B2A11A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7A1C31C4-E349-4828-A359-EEBF54CB5CA9}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{C03CD2D3-CCC1-4AA8-A6C7-62922FCC1F24}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{F306393D-FC3A-4279-B7EF-4ED1E664D474}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{54C557A7-6236-485C-9F65-2018B3B39D45}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D29E03BF-7971-486A-86B7-A7A140E8B248}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{5208B67F-A8AE-4C1B-8F83-A8DE2BB8B7BC}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{01FA6B27-3CAB-46B7-89A2-F85546D7A2FE}"= UDP:C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe:Sins of a Solar Empire Demo
"{6D90AF6F-B7FF-44F9-AED2-D710ACA053DC}"= TCP:C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe:Sins of a Solar Empire Demo
"{A36AEE61-7BCA-4AA0-BE35-2A118E3FEB4F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F46FF498-2EB0-4F8F-809E-21AA7E2F563F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0C4DB925-2BCA-4EA8-9508-F5C06CACDDDF}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars(TM) Demo
"{9C38FB3C-DC94-48AE-AA15-8A8A28C20C36}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars(TM) Demo
"{5256EB68-9792-410F-A161-A19669EA91C2}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe
"{D3DAAC92-61B1-4B09-B6C1-76839EDF1724}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe
"{B73A3B0D-CAB1-429A-B6E3-0E9692032C8B}"= UDP:25400:BitComet 25400 TCP
"{0257D59E-0E7F-4832-9419-CEAEF487280B}"= TCP:25400:BitComet 25400 UDP
"{1BD615B5-F24F-4B9C-A999-8223D321A415}"= TCP:2799:Altova License Metering Port (UDP)
"{7638CF70-641B-4044-AC18-5BA471EE5E97}"= UDP:2799:Altova License Metering Port (TCP)
"{2803CED2-F4AE-452E-8E6C-ACE940347F21}"= UDP:16377:BitComet 16377 TCP
"{CF771389-8B43-4C7C-9030-92AD2DD38136}"= TCP:16377:BitComet 16377 UDP
"{3B3F6B5E-65FB-4659-AE65-E00DC8721517}"= UDP:27533:BitComet 27533 TCP
"{934D4851-5058-4EE3-96C7-E659AF72F0E7}"= TCP:27533:BitComet 27533 UDP
"{6DC53A18-28A9-4167-B23C-FD656774B848}"= UDP:D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{5EFE33DF-9F45-4CA9-B983-A8ED9B69569A}"= TCP:D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{AE5C635F-2856-46AE-9CD3-25078973CAE4}"= UDP:D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{EB5CF2FE-ECA2-4A51-AC43-F820D8CF82DC}"= TCP:D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{8E480DCA-7163-4F87-8999-00B97F51299C}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\backweb-8876480.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe:Logitech Desktop Messenger
"UDP Query User{1339349C-CE98-48EF-B98F-89C1BD31B984}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\backweb-8876480.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe:Logitech Desktop Messenger
"TCP Query User{D1E94D65-6954-4A76-B47A-E4B3DC718F64}C:\\program files\\steam\\steamapps\\timota\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\timota\counter-strike source\hl2.exe:hl2
"UDP Query User{CAAE050F-3EC2-4013-BA17-EDDCAD217B22}C:\\program files\\steam\\steamapps\\timota\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\timota\counter-strike source\hl2.exe:hl2
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\\Windows\\system32\\winver.exe"= C:\Windows\System32\winver.exe:*:Enabled:winver
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-07-03 12:15]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-07-03 12:15]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 02:18]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-05 06:08]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\Windows\system32\DRIVERS\LV532AV.SYS [2005-01-31 11:13]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-11 12:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{307f4e03-bdf2-11dc-a18b-001d9233499b}]
\shell\AutoRun\command - F:\install.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b971055-d3f8-11dc-9a10-001d9233499b}]
\shell\AutoRun\command - F:\setup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5084F01D-458E-45EB-A6FD-692D4C9D2789}]
C:\Windows\system32\msiexec.exe /qn /fpu {5084F01D-458E-45EB-A6FD-692D4C9D2789}
.
- - - - ORPHANS REMOVED - - - -
BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
BHO-{1E17FEFF-1CA9-4120-9B1B-0DE19C2F9C59} - C:\Windows\system32\fCrSkhij.dll
BHO-{1f1a19b6-fb14-42e9-bc17-13ad7823cc6c} - C:\Windows\system32\sohnna.dll
HKCU-Run-DAEMON Tools Lite - C:\Users\Järjestelmänvalvoja\DAEMON Tools Lite\daemon.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 14:59:46
Windows 6.0.6000 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\guard32.dll
PROCESS: C:\Windows\system32\lsass.exe
-> C:\Windows\system32\guard32.dll
PROCESS: C:\Windows\explorer.exe
-> C:\Windows\system32\guard32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\VSSVC.exe
.
**************************************************************************
.
Completion time: 2008-07-04 15:07:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-04 12:06:36
Pre-Run: 86,634,856,448 tavua vapaana
Post-Run: 86,263,750,656 tavua vapaana
401 --- E O F --- 2008-07-04 12:05:12
Malware
Lainaus:
Malwarebytes' Anti-Malware 1.19
Tietokantaversio: 920
Windows 6.0.6000
14:36:21 4.7.2008
mbam-log-7-4-2008 (14-36-21).txt
Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|F:\|G:\|H:\|)
Tarkistetut kohteet: 306445
Kulunut aika: 55 minute(s), 55 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 2
Saastuneita rekisteriavaimia: 17
Saastuneita rekisteriarvoja: 4
Saastuneita rekisterikohteita: 2
Saastuneita hakemistoja: 2
Saastuneita tiedostoja: 18
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
C:\Windows\System32\trieewjv.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\vtUkkkLF.dll (Trojan.Vundo) -> Unloaded module successfully.
Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0bc581a-7f44-478a-a103-c692fb3ebf78} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f0bc581a-7f44-478a-a103-c692fb3ebf78} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4e3e60f5-f691-475f-afba-cf9fcab47c15} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b4636868 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\Wallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Saastuneita rekisterikohteita:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtukkklf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.vundo) -> Data: c:\windows\system32\vtukkklf -> Quarantined and deleted successfully.
Saastuneita hakemistoja:
C:\Program Files\RADIO_USA (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.
Saastuneita tiedostoja:
C:\Windows\System32\vtUkkkLF.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\FLkkkUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\FLkkkUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\trieewjv.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\vjweeirt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vtUlKAPf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\fPAKlUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\fPAKlUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Järjestelmänvalvoja\AppData\Local\Temp\gos107.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Users\Järjestelmänvalvoja\AppData\Local\Temp\tmp0000b0f0 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Järjestelmänvalvoja\AppData\Local\Temp\tmp0000b4aa (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\RADIO_USA\INSTALL.LOG (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Live_TV\INSTALL.LOG (Adware.Agent) -> Quarantined and deleted successfully.
|
Senior Member
4 tuotearviota
|
5. heinäkuuta 2008 @ 07:09 |
Linkki tähän viestiin
|
1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe
Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:
Lainaus:
File::
C:\Windows\System32\MntComGen.dll
C:\Users\All Users\wrihyjwj.dll
C:\PROGRA~2\wrihyjwj.dll
C:\Windows\System32\mnybqdmd.exe
C:\Users\All Users\fmvszkve.dll
C:\PROGRA~2\fmvszkve.dll
C:\Windows\System32\AdmGen.dll
C:\Windows\System32\xebmxcls.exe
C:\Windows\system32\actshmsg.dll
C:\Windows\system32\UiSmart.dll
C:\ProgramData\ufohetwp.dll
C:\ProgramData\fmvszkve.dll
C:\ProgramData\wrihyjwj.dll
C:\ProgramData\nmhiditw.dll
C:\Windows\system32\ergfofch.exe
C:\Windows\system32\xebmxcls.exe
C:\Windows\system32\mnybqdmd.exe
C:\Windows\system32\zijapktq.exe
Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).
Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: (no name) - {1E17FEFF-1CA9-4120-9B1B-0DE19C2F9C59} - C:\Windows\system32\fCrSkhij.dll (file missing)
O2 - BHO: {c6cc3287-da31-71cb-9e24-41bf6b91a1f1} - {1f1a19b6-fb14-42e9-bc17-13ad7823cc6c} - C:\Windows\system32\sohnna.dll (file missing)
O2 - BHO: (no name) - {3F262AB5-DD3D-A956-E150-012E3C652E66} - C:\Windows\system32\actshmsg.dll
O2 - BHO: (no name) - {4B941E37-FC86-8865-C731-04437695998C} - C:\Windows\system32\UiSmart.dll
O2 - BHO: (no name) - {743A5BB3-F8E4-BDEE-0BEF-04CBF5ED1A80} - C:\Windows\system32\MntComGen.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ufohetwp] regsvr32 /u "C:\ProgramData\ufohetwp.dll"
O4 - HKLM\..\Run: [fmvszkve] regsvr32 /u "C:\ProgramData\fmvszkve.dll"
O4 - HKLM\..\Run: [wrihyjwj] regsvr32 /u "C:\ProgramData\wrihyjwj.dll"
O4 - HKLM\..\Run: [nmhiditw] regsvr32 /u "C:\ProgramData\nmhiditw.dll"
O4 - HKCU\..\Run: [kuamnkzz] C:\Windows\system32\ergfofch.exe
O4 - HKCU\..\Run: [oirrgtzs] C:\Windows\system32\xebmxcls.exe
O4 - HKCU\..\Run: [kkbdbfxo] C:\Windows\system32\mnybqdmd.exe
O4 - HKCU\..\Run: [allekibg] C:\Windows\system32\zijapktq.exe
Tyhjennä roskakori ja käynnistä koneesi uudelleen.
Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*
|
|
Tatimo
Suspended due to non-functional email address
|
5. heinäkuuta 2008 @ 12:13 |
Linkki tähän viestiin
|
En kyllä läytäny läheskään kaikkia tuossa listassa mainitsemiasi tiedostoja.
Lainaus:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:15, on 5.7.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\ProgramData\slkrehub\mxizkryx.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\Järjestelmänvalvoja\DAEMON Tools Lite\daemon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Windows\system32\xanexqha.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Opera\Opera.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: {c6cc3287-da31-71cb-9e24-41bf6b91a1f1} - {1f1a19b6-fb14-42e9-bc17-13ad7823cc6c} - C:\Windows\system32\sohnna.dll (file missing)
O2 - BHO: (no name) - {357488CD-E882-679B-64B9-0261583CBAB4} - C:\Windows\system32\DbShApi.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [sxsrkrur] regsvr32 /u "C:\ProgramData\sxsrkrur.dll"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Users\Järjestelmänvalvoja\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [xljrxhka] C:\Windows\system32\xanexqha.exe
O4 - HKLM\..\Policies\Explorer\Run: [InGaGLIcya] C:\ProgramData\slkrehub\mxizkryx.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 11666 bytes
Combofix
Lainaus:
ComboFix 08-07-03.5 - Järjestelmänvalvoja 2008-07-05 11:47:06.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1136 [GMT 3:00]
Running from: C:\Users\Järjestelmänvalvoja\Desktop\ComboFix.exe
Command switches used :: C:\Users\Järjestelmänvalvoja\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\PROGRA~2\fmvszkve.dll
C:\PROGRA~2\wrihyjwj.dll
C:\ProgramData\fmvszkve.dll
C:\ProgramData\nmhiditw.dll
C:\ProgramData\ufohetwp.dll
C:\ProgramData\wrihyjwj.dll
C:\Users\All Users\fmvszkve.dll
C:\Users\All Users\wrihyjwj.dll
C:\Windows\system32\actshmsg.dll
C:\Windows\System32\AdmGen.dll
C:\Windows\system32\ergfofch.exe
C:\Windows\System32\MntComGen.dll
C:\Windows\System32\mnybqdmd.exe
C:\Windows\system32\mnybqdmd.exe
C:\Windows\system32\UiSmart.dll
C:\Windows\system32\xebmxcls.exe
C:\Windows\System32\xebmxcls.exe
C:\Windows\system32\zijapktq.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\PROGRA~2\fmvszkve.dll
C:\PROGRA~2\wrihyjwj.dll
C:\ProgramData\fmvszkve.dll
C:\ProgramData\nmhiditw.dll
C:\ProgramData\ufohetwp.dll
C:\ProgramData\wrihyjwj.dll
C:\Users\All Users\fmvszkve.dll
C:\Users\All Users\wrihyjwj.dll
C:\Windows\system32\actshmsg.dll
C:\Windows\System32\AdmGen.dll
C:\Windows\system32\ergfofch.exe
C:\Windows\System32\MntComGen.dll
C:\Windows\system32\mnybqdmd.exe
C:\Windows\system32\UiSmart.dll
C:\Windows\system32\xebmxcls.exe
C:\Windows\system32\zijapktq.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-06-05 to 2008-07-05 )))))))))))))))))
.
2008-07-05 11:55 . 2008-07-05 11:55 118,784 --a------ C:\Users\All Users\sxsrkrur.dll
2008-07-05 11:55 . 2008-07-05 11:55 118,784 --a------ C:\PROGRA~2\sxsrkrur.dll
2008-07-05 11:54 . 2008-07-05 11:54 118,784 --a------ C:\Windows\System32\DbShApi.dll
2008-07-05 11:54 . 2008-07-05 11:54 106,496 --a------ C:\Windows\System32\xanexqha.exe
2008-07-04 13:31 . 2008-07-04 13:31 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-07-04 13:31 . 2008-07-04 13:31 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-04 13:31 . 2008-07-04 13:31 <KANSIO> d-------- C:\PROGRA~2\Malwarebytes
2008-07-04 13:31 . 2008-06-28 14:16 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-07-04 13:31 . 2008-06-28 14:16 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-03 15:00 . 2008-07-03 15:00 <KANSIO> d-------- C:\Program Files\PFConfig
2008-07-03 14:00 . 2008-07-03 14:00 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-07-03 12:15 . 2008-07-03 13:22 <KANSIO> d-------- C:\Users\All Users\comodo
2008-07-03 12:15 . 2008-07-03 12:15 <KANSIO> d-------- C:\Program Files\COMODO
2008-07-03 12:15 . 2008-07-03 13:22 <KANSIO> d-------- C:\PROGRA~2\comodo
2008-07-03 12:15 . 2008-07-03 12:15 143,104 --a------ C:\Windows\System32\guard32.dll
2008-07-03 12:15 . 2008-07-03 12:15 85,008 --a------ C:\Windows\System32\drivers\cmdguard.sys
2008-07-03 12:15 . 2008-07-03 12:15 25,104 --a------ C:\Windows\System32\drivers\cmdhlp.sys
2008-07-03 11:52 . 2008-07-03 11:52 3,764 --a------ C:\Windows\System32\tmp.reg
2008-07-03 11:51 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-07-03 11:51 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-07-03 11:51 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-07-03 11:51 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe
2008-07-03 11:51 . 2008-07-02 13:33 82,432 --a------ C:\Windows\System32\IEDFix.C.exe
2008-07-03 11:51 . 2008-05-23 18:21 81,920 --a------ C:\Windows\System32\404Fix.exe
2008-07-03 11:51 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-07-03 11:51 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-07-03 11:51 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-07-02 20:06 . 2008-07-02 20:06 268 --ah----- C:\sqmdata08.sqm
2008-07-02 20:06 . 2008-07-02 20:06 244 --ah----- C:\sqmnoopt08.sqm
2008-07-02 16:55 . 2008-07-02 16:55 268 --ah----- C:\sqmdata07.sqm
2008-07-02 16:55 . 2008-07-02 16:55 244 --ah----- C:\sqmnoopt07.sqm
2008-07-01 22:24 . 2008-07-01 22:24 <KANSIO> d-------- C:\Users\All Users\Real
2008-07-01 22:24 . 2008-07-01 22:24 <KANSIO> d-------- C:\Program Files\Real Alternative
2008-07-01 19:22 . 2008-07-01 19:22 244 --ah----- C:\sqmnoopt06.sqm
2008-07-01 19:22 . 2008-07-01 19:22 232 --ah----- C:\sqmdata06.sqm
2008-07-01 10:46 . 2008-07-01 10:46 <KANSIO> d-------- C:\Program Files\Microsoft Silverlight
2008-06-30 10:53 . 2008-06-30 10:53 <KANSIO> d-------- C:\Program Files\Opera
2008-06-29 12:30 . 2008-06-29 12:30 <KANSIO> d-------- C:\Users\All Users\slkrehub
2008-06-29 12:30 . 2008-06-29 12:30 <KANSIO> d-------- C:\PROGRA~2\slkrehub
2008-06-26 10:18 . 2008-06-26 10:18 <KANSIO> d-------- C:\Program Files\PowerISO
2008-06-23 16:10 . 2008-06-23 16:10 <KANSIO> d-------- C:\Program Files\Bradbury
2008-06-23 16:10 . 2005-09-01 18:32 72,192 --a------ C:\Windows\unlite3.exe
2008-06-23 12:51 . 2008-06-23 12:51 <KANSIO> d-------- C:\Program Files\Astyle CSS editor
2008-06-23 12:35 . 2008-06-23 12:59 <KANSIO> d-------- C:\Program Files\Oxygen XML Editor 9
2008-06-23 12:25 . 2008-06-23 12:25 <KANSIO> d-------- C:\Users\All Users\Altova
2008-06-23 12:25 . 2008-06-23 12:26 <KANSIO> d-------- C:\Program Files\Common Files\Altova
2008-06-23 12:25 . 2008-06-23 12:25 <KANSIO> d-------- C:\Program Files\Altova
2008-06-23 12:25 . 2008-06-23 12:25 <KANSIO> d-------- C:\PROGRA~2\Altova
2008-06-23 12:24 . 2008-06-23 12:24 <KANSIO> d-------- C:\Windows\Downloaded Installations
2008-06-22 13:18 . 2008-06-22 13:18 <KANSIO> d-------- C:\Program Files\Konami
2008-06-21 19:36 . 2008-06-21 19:36 <KANSIO> d-------- C:\Program Files\EXPStudio
2008-06-21 19:36 . 2008-06-21 19:36 119,964 --a------ C:\Windows\EXPStudio's Audio Converter Uninstaller.exe
2008-06-21 19:24 . 2008-06-21 19:29 <KANSIO> d-------- C:\Program Files\HooTech
2008-06-21 16:11 . 2008-06-21 16:11 <KANSIO> d-------- C:\Program Files\OpenAL
2008-06-21 16:10 . 2008-06-21 16:23 <KANSIO> d-------- C:\Program Files\Penumbra
2008-06-19 21:32 . 2008-06-19 21:32 <KANSIO> d-------- C:\WOLF3D
2008-06-14 20:54 . 2008-04-23 08:11 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-06-14 20:54 . 2008-04-23 07:27 428,032 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 20:54 . 2008-04-23 08:12 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 20:54 . 2008-04-23 08:12 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 20:54 . 2008-04-23 08:12 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-14 20:54 . 2008-04-23 08:11 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-14 20:54 . 2008-04-23 08:11 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 19:10 . 2008-06-14 19:10 <KANSIO> d-------- C:\Program Files\Worms
2008-06-13 20:46 . 2008-06-13 20:46 <KANSIO> d-------- C:\Program Files\ffdshow
2008-06-13 20:20 . 2008-06-13 20:20 <KANSIO> d-------- C:\Program Files\AviSynth 2.5
2008-06-13 19:33 . 2008-06-13 19:52 <KANSIO> d-------- C:\Program Files\Audacity
2008-06-12 09:28 . 2008-06-12 09:28 56,108 --a------ C:\Windows\System32\drivers\scdemu.sys
2008-06-09 16:42 . 2008-06-09 16:42 <KANSIO> d-------- C:\Program Files\Hamachi
2008-06-09 16:42 . 2008-06-09 16:42 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-06-08 16:07 . 2008-06-09 01:20 721 --ah----- C:\os604495.bin
2008-06-08 15:51 . 2008-06-08 15:51 <KANSIO> d-------- C:\Program Files\Macromedia
2008-06-08 15:51 . 2008-06-08 15:51 <KANSIO> d-------- C:\Program Files\Common Files\Vbox
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 08:55 --------- d-----w C:\Program Files\Steam
2008-07-05 08:43 --------- d-----w C:\Program Files\mIRC
2008-07-01 19:23 --------- d-----w C:\Program Files\Real
2008-07-01 19:23 --------- d-----w C:\Program Files\Common Files\Real
2008-06-30 17:46 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-06-29 09:28 --------- d-----w C:\Program Files\DC++
2008-06-26 16:41 --------- d-----w C:\Program Files\Soulseek
2008-06-22 10:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-12 19:27 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 13:40 --------- d-----w C:\Program Files\Common Files\Steam
2008-06-04 17:13 --------- d-----w C:\Program Files\DivX
2008-06-04 17:13 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-06-03 06:54 --------- d-----w C:\Program Files\Cheat Engine
2008-06-01 15:29 --------- d-----w C:\Program Files\id Software
2008-06-01 09:44 --------- d-----w C:\Program Files\Alwil Software
2008-06-01 09:44 --------- d-----w C:\PROGRA~2\Avg7
2008-05-31 16:57 --------- d-----w C:\Program Files\Guitar Pro 5
2008-05-31 16:39 --------- d-----w C:\Program Files\iTunes
2008-05-31 16:39 --------- d-----w C:\Program Files\iPod
2008-05-31 16:39 --------- d-----w C:\PROGRA~2\Apple Computer
2008-05-31 16:38 --------- d-----w C:\Program Files\QuickTime
2008-05-31 16:31 --------- d-----w C:\Program Files\Apple Software Update
2008-05-29 10:45 --------- d-----w C:\Program Files\Last.fm
2008-05-26 14:48 --------- d-----w C:\PROGRA~2\Age of Empires 3
2008-05-26 14:27 --------- d-----w C:\Program Files\Microsoft Games
2008-05-26 12:03 --------- d--h--w C:\PROGRA~2\{5553977E-AF8B-4870-AEB6-53B6C1BC822D}
2008-05-26 12:02 --------- d-----w C:\Program Files\Stardock Games
2008-05-26 10:54 --------- d-----w C:\Program Files\America's Army Server Manager
2008-05-26 10:52 --------- d-----w C:\Program Files\Logitech
2008-05-26 10:52 --------- d-----w C:\PROGRA~2\Logitech
2008-05-26 10:50 --------- d-----w C:\Program Files\Canon
2008-05-25 12:46 --------- d-----w C:\Program Files\Ubisoft
2008-05-24 08:43 --------- d-----w C:\Program Files\Project64 1.6
2008-05-24 08:40 --------- d-----w C:\Program Files\Delta
2008-05-17 16:16 104,938 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_05_17_18_45_19_small.dmp.zip
2008-05-17 15:42 --------- d-----w C:\Program Files\FrostWire
2008-05-17 15:42 --------- d-----w C:\Program Files\AskSBar
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-08 15:25 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2006-11-03 18:33 10,073,543 ----a-w C:\Users\Public\WinMPG_VideoConvert_Setup6.9.exe
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E17FEFF-1CA9-4120-9B1B-0DE19C2F9C59}]
C:\Windows\system32\fCrSkhij.dll [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f1a19b6-fb14-42e9-bc17-13ad7823cc6c}]
C:\Windows\system32\sohnna.dll [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{357488CD-E882-679B-64B9-0261583CBAB4}]
2008-07-05 11:54 118784 --a------ C:\Windows\system32\DbShApi.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 11:21 153136]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:35 125440]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-04 10:37 171448]
"DAEMON Tools Lite"="C:\Users\Järjestelmänvalvoja\DAEMON Tools Lite\daemon.exe" [BU]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 16:43 1271032]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 13:46 196608]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-03-09 11:41 20480]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728]
"xljrxhka"="C:\Windows\system32\xanexqha.exe" [2008-07-05 11:54 106496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 12:09 458752]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 15:35 176128]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 12:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 12:03 217088]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 17:43 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 17:57 2095640]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-06-16 11:52 167936]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-07-03 12:15 1655552]
"sxsrkrur"="C:\ProgramData\sxsrkrur.dll" [2008-07-05 11:55 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-12 12:28 4702208 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"InGaGLIcya"="C:\ProgramData\slkrehub\mxizkryx.exe" [2008-06-29 12:30 53248]
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-28 18:43:11 113664]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-03-09 11:41:26 450560]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\Windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.enc"= ITIG726.acm
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_SZ scecli
Authentication Packages REG_SZ msv1_0
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E28FCCE4-7055-4FC8-AEF4-D2582C0D6EA4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0625017A-5F29-45C5-B2C1-34FC90A57DF2}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C3389188-478D-4DA8-B5AC-E7116375D8B3}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{445901D8-4D93-434C-AF92-99E7055366EC}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{F8C06969-8EE5-4144-97E6-D95F4FD8F153}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{B70F0699-4BE5-472C-91C7-E0D0E7096A46}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{30113142-8E7A-4670-9319-EE5956C43AB2}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{A4234120-9EF5-4CBD-889D-DB168D11A027}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{9F772EB8-3FF3-4342-AC40-FC9AFB8524D2}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{F052FC65-6462-456B-8F9F-ED5ABB629223}"= Disabled:TCP:27015:Steam.exe
"TCP Query User{17715FA3-9DA2-4E70-94B4-003B90CF9A99}D:\\steam\\steamapps\\timota\\source dedicated server\\srcds.exe"= UDP:D:\steam\steamapps\timota\source dedicated server\srcds.exe:srcds
"UDP Query User{888D9895-BF87-4E30-BE8C-138ECF6193A3}D:\\steam\\steamapps\\timota\\source dedicated server\\srcds.exe"= TCP:D:\steam\steamapps\timota\source dedicated server\srcds.exe:srcds
"{88640FC8-D3EB-4D2E-AF6B-9A07089BFE0A}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{0CD212F6-5C97-41DC-83AA-6E4E6FD7FD4F}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"TCP Query User{B561D025-1A4D-4F98-9F33-63BB926DA535}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{BED9181D-43ED-44F2-8A46-8B5744DFDA75}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"{599BE233-549A-4C63-92D4-414D4381245A}"= UDP:D:\Steam\Steam.exe:Steam.exe
"{5B510EE5-578F-4F33-87B7-9E014E7F67B2}"= TCP:D:\Steam\Steam.exe:Steam.exe
"{990F59E7-B130-4CF8-8A22-4315A55154DF}"= UDP:D:\bin\Mythos.exe:Mythos
"{767C9F64-B54F-430A-AFC4-EA0097F21D88}"= TCP:D:\bin\Mythos.exe:Mythos
"{2175583B-6141-4FC9-8594-92405BC51975}"= UDP:23841:BitComet 23841 TCP
"{2DA1D5F6-F8D3-49C5-BA3B-12CD9EDB5988}"= TCP:23841:BitComet 23841 UDP
"{AEC50E39-BA1E-43B7-AFFE-BB8701EB3393}"= UDP:25400:BitComet 25400 TCP
"{446A5944-5FA4-435F-8DFD-AE5D6B2B8304}"= TCP:25400:BitComet 25400 UDP
"{3004B4C8-0EE1-480F-A4A1-80005A8F59F9}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{48894512-4F73-4486-B266-445E7B43548D}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{92E79A01-7B89-4041-B81F-4EA08CCCB7B6}"= UDP:C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2
"{17026EAF-1E56-4B56-8AD1-FBE05FC2242F}"= TCP:C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2
"{8C53F1A4-4ECC-45B2-AAC9-5CE21BF27ADE}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{4A1D08DE-1890-4DB4-BF26-3DFCE850F7AD}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6190278E-2839-4BA8-8141-F30F66B2A11A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7A1C31C4-E349-4828-A359-EEBF54CB5CA9}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{C03CD2D3-CCC1-4AA8-A6C7-62922FCC1F24}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{F306393D-FC3A-4279-B7EF-4ED1E664D474}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{54C557A7-6236-485C-9F65-2018B3B39D45}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D29E03BF-7971-486A-86B7-A7A140E8B248}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{5208B67F-A8AE-4C1B-8F83-A8DE2BB8B7BC}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{01FA6B27-3CAB-46B7-89A2-F85546D7A2FE}"= UDP:C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe:Sins of a Solar Empire Demo
"{6D90AF6F-B7FF-44F9-AED2-D710ACA053DC}"= TCP:C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe:Sins of a Solar Empire Demo
"{A36AEE61-7BCA-4AA0-BE35-2A118E3FEB4F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F46FF498-2EB0-4F8F-809E-21AA7E2F563F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0C4DB925-2BCA-4EA8-9508-F5C06CACDDDF}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars(TM) Demo
"{9C38FB3C-DC94-48AE-AA15-8A8A28C20C36}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars(TM) Demo
"{5256EB68-9792-410F-A161-A19669EA91C2}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe
"{D3DAAC92-61B1-4B09-B6C1-76839EDF1724}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe
"{B73A3B0D-CAB1-429A-B6E3-0E9692032C8B}"= UDP:25400:BitComet 25400 TCP
"{0257D59E-0E7F-4832-9419-CEAEF487280B}"= TCP:25400:BitComet 25400 UDP
"{1BD615B5-F24F-4B9C-A999-8223D321A415}"= TCP:2799:Altova License Metering Port (UDP)
"{7638CF70-641B-4044-AC18-5BA471EE5E97}"= UDP:2799:Altova License Metering Port (TCP)
"{2803CED2-F4AE-452E-8E6C-ACE940347F21}"= UDP:16377:BitComet 16377 TCP
"{CF771389-8B43-4C7C-9030-92AD2DD38136}"= TCP:16377:BitComet 16377 UDP
"{3B3F6B5E-65FB-4659-AE65-E00DC8721517}"= UDP:27533:BitComet 27533 TCP
"{934D4851-5058-4EE3-96C7-E659AF72F0E7}"= TCP:27533:BitComet 27533 UDP
"{6DC53A18-28A9-4167-B23C-FD656774B848}"= UDP:D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{5EFE33DF-9F45-4CA9-B983-A8ED9B69569A}"= TCP:D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{AE5C635F-2856-46AE-9CD3-25078973CAE4}"= UDP:D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{EB5CF2FE-ECA2-4A51-AC43-F820D8CF82DC}"= TCP:D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{8E480DCA-7163-4F87-8999-00B97F51299C}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\backweb-8876480.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe:Logitech Desktop Messenger
"UDP Query User{1339349C-CE98-48EF-B98F-89C1BD31B984}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\backweb-8876480.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe:Logitech Desktop Messenger
"TCP Query User{D1E94D65-6954-4A76-B47A-E4B3DC718F64}C:\\program files\\steam\\steamapps\\timota\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\timota\counter-strike source\hl2.exe:hl2
"UDP Query User{CAAE050F-3EC2-4013-BA17-EDDCAD217B22}C:\\program files\\steam\\steamapps\\timota\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\timota\counter-strike source\hl2.exe:hl2
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\\Windows\\system32\\winver.exe"= C:\Windows\System32\winver.exe:*:Enabled:winver
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-07-03 12:15]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-07-03 12:15]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 02:18]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-05 06:08]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\Windows\system32\DRIVERS\LV532AV.SYS [2005-01-31 11:13]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-11 12:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{307f4e03-bdf2-11dc-a18b-001d9233499b}]
\shell\AutoRun\command - F:\install.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b971055-d3f8-11dc-9a10-001d9233499b}]
\shell\AutoRun\command - F:\setup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5084F01D-458E-45EB-A6FD-692D4C9D2789}]
C:\Windows\system32\msiexec.exe /qn /fpu {5084F01D-458E-45EB-A6FD-692D4C9D2789}
.
- - - - ORPHANS REMOVED - - - -
BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
HKCU-Run-kuamnkzz - C:\Windows\system32\ergfofch.exe
HKCU-Run-oirrgtzs - C:\Windows\system32\xebmxcls.exe
HKCU-Run-kkbdbfxo - C:\Windows\system32\mnybqdmd.exe
HKCU-Run-allekibg - C:\Windows\system32\zijapktq.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 11:54:27
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Users\JRJEST~1\AppData\Local\Temp\Cab8449.tmp 27455 bytes
C:\Users\JRJEST~1\AppData\Local\Temp\Tar844A.tmp 73057 bytes
scan completed successfully
hidden files: 2
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\guard32.dll
PROCESS: C:\Windows\system32\lsass.exe
-> C:\Windows\system32\guard32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-07-05 11:59:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-05 08:58:54
ComboFix2.txt 2008-07-04 12:07:12
Pre-Run: 82,965,094,400 tavua vapaana
Post-Run: 82,813,784,064 tavua vapaana
380 --- E O F --- 2008-07-04 12:05:12
|
Senior Member
4 tuotearviota
|
5. heinäkuuta 2008 @ 12:20 |
Linkki tähän viestiin
|
Juuh ei haittaa vaikket löytänyt eivät ole enään logissa.
Poista Ask toolbar
1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe
Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:
Lainaus:
File::
C:\Windows\system32\DbShApi.dll
C:\ProgramData\sxsrkrur.dll
C:\Windows\system32\xanexqha.exe
C:\ProgramData\slkrehub\mxizkryx.exe
C:\Users\All Users\sxsrkrur.dll
C:\PROGRA~2\sxsrkrur.dll
C:\Windows\System32\DbShApi.dll
C:\Windows\System32\xanexqha.exe
Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).
Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)
O2 - BHO: {c6cc3287-da31-71cb-9e24-41bf6b91a1f1} - {1f1a19b6-fb14-42e9-bc17-13ad7823cc6c} - C:\Windows\system32\sohnna.dll (file missing)
O2 - BHO: (no name) - {357488CD-E882-679B-64B9-0261583CBAB4} - C:\Windows\system32\DbShApi.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [sxsrkrur] regsvr32 /u "C:\ProgramData\sxsrkrur.dll"
O4 - HKCU\..\Run: [xljrxhka] C:\Windows\system32\xanexqha.exe
O4 - HKLM\..\Policies\Explorer\Run: [InGaGLIcya] C:\ProgramData\slkrehub\mxizkryx.exe
Tyhjennä roskakori ja käynnistä koneesi uudelleen.
Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*
Lataa Malwarebytes' Anti-Malware työpöydällesi.
* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 5. heinäkuuta 2008 @ 12:21
|
|
lazaa
Newbie
|
9. heinäkuuta 2008 @ 17:54 |
Linkki tähän viestiin
|
Kone hidastunut ihan sairaasti joten päätin varmuuden vuoksi lähettää lokin tänne :D
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:52, on 9.7.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\Lazaa\Downloads\Steam.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Windows\system32\conime.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.msn.com//
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\users\lazaa\downloads\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Startup: Nikon Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9006 bytes
|
|
Mainos
|
|
|
|
lazaa
Newbie
|
13. heinäkuuta 2008 @ 20:17 |
Linkki tähän viestiin
|
|
Eikö kukaan halua tarkistaa tuota minun lokiani? :D
|
|
