Apuva Security toolbar 7.1 ja hirveesti popuppeja

Eli kone tuikkii hirveet määräät popup ikkunoita IEllä ja tuliketulla.
Taisin saada jo poistettua tuon Toolbarin mutta tässä vielä viimeisin logi HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05:58, on 7.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wiljami\Omat tiedostot\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] e:\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "E:\BitDefender plus v10\bdagent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "E:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1182366219515
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c006DAC4.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - E:\3DMaX\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - E:\Nero Burning\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - E:\BitDefender plus v10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 5444 bytes


Ajelin jo AVG antiviruksen ja spywaren muttei auta.

 

Popupit on lähinnä Jamba, smiley ja joittenkin travel sivujen.

Olisin kiitollinen avusta jos joku pystyy auttamaan!

 

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Tässäpä tämä. Latasin ja ajoin spybot-search&destroy ohjelman joka näyttää tehonneen. Näkyykö mitään muuta?

ComboFix 07-08-04.3 - "Wiljami" 2007-08-07 21:05:03.2 [GMT 3:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.Tosi


((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))


2007-08-07 20:57 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-07 20:19 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-07 18:21 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-07 13:41 3,364 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-07 13:40 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-07 13:40 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-07 13:40 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-07 13:26 6,006 --a------ C:\dnsbak.reg
2007-08-07 13:20 <KANSIO> dr------- C:\DOCUME~1\JRJEST~1\Omat tiedostot
2007-08-07 13:13 630,784 --a------ C:\DOCUME~1\JRJEST~1\NTUSER.DAT
2007-08-07 13:13 <KANSIO> dr------- C:\DOCUME~1\JRJEST~1\K„ynnist„-valikko
2007-08-07 13:13 <KANSIO> d--hs---- C:\WINDOWS\CSC
2007-08-07 13:13 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Verkkoymp„rist”
2007-08-07 13:13 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Tulostinymp„rist”
2007-08-07 13:13 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Mallit
2007-08-07 13:13 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1\Ty”p”yt„
2007-08-07 13:13 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1\Suosikit
2007-08-07 12:59 194 --a------ C:\WINDOWS\system32\RBDELDRV.BAT
2007-08-07 12:52 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2007-08-07 12:50 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-08-07 12:50 <KANSIO> d-------- C:\WINDOWS\network diagnostic
2007-08-07 12:13 80,895 --a------ C:\WINDOWS\system32\__c006DAC4.dat
2007-08-04 23:23 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-02 18:39 <KANSIO> C:\WINDOWS\Mafia
2007-08-02 18:39 <KANSIO> C:\Program Files\Mafia
2007-07-29 14:37 52,736 --a------ C:\WINDOWS\ipuninst.exe
2007-07-28 01:00 <KANSIO> d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-07-28 00:57 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-28 00:57 <KANSIO> dr-h----- C:\DOCUME~1\Wiljami\APPLIC~1\SecuROM
2007-07-25 22:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-07-25 22:02 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-07-25 22:02 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-07-25 22:02 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-25 08:50 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2007-07-24 22:56 <KANSIO> d-------- C:\Program Files\Common Files\DirectX
2007-07-24 22:54 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-24 22:54 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-07-24 22:54 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-23 12:12 <KANSIO> d-------- C:\Program Files\Common Files\element5 Shared
2007-07-23 12:12 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\element5
2007-07-22 22:47 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-22 18:35 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2007-07-22 11:27 <KANSIO> d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Ahead
2007-07-22 11:25 <KANSIO> d-------- C:\Program Files\Common Files\Ahead
2007-07-22 11:25 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-07-21 23:32 <KANSIO> d-------- C:\DOCUME~1\Wiljami\APPLIC~1\DivX
2007-07-21 23:31 36,624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-21 23:31 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-21 23:31 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-21 23:31 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-21 23:31 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-21 23:31 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-21 23:22 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-07-21 23:22 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-07-21 21:15 <KANSIO> d--h----- C:\WINDOWS\PIF
2007-07-21 12:58 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-07-21 12:58 <KANSIO> d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Bitdefender
2007-07-21 12:56 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
2007-07-21 01:09 8,576 --a------ C:\WINDOWS\system32\drivers\ewwgyccycpsb.sys
2007-07-21 00:52 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-07-21 00:50 <KANSIO> d-------- C:\Program Files\Bonjour
2007-07-21 00:45 <KANSIO> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-07-21 00:29 <KANSIO> d-------- C:\S„l„
2007-07-21 00:28 <KANSIO> d-------- C:\Kone
2007-07-21 00:27 <KANSIO> d-------- C:\Pelit
2007-07-21 00:26 <KANSIO> d-------- C:\2D-3D
2007-07-21 00:15 <KANSIO> d-------- C:\FlexLm
2007-07-21 00:14 685,056 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2007-07-21 00:14 20,032 -ra------ C:\WINDOWS\system32\drivers\SNTNLUSB.SYS
2007-07-21 00:14 <KANSIO> d-------- C:\WINDOWS\system32\RNBOSENT
2007-07-21 00:13 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
2007-07-21 00:13 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2007-07-21 00:13 383 --a------ C:\WINDOWS\system32\haspdos.sys
2007-07-21 00:13 305,152 --a------ C:\WINDOWS\IsUninst.exe
2007-07-21 00:13 <KANSIO> d-------- C:\Program Files\Common Files\Alias Shared
2007-07-20 17:41 <KANSIO> d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Downloaded Installations
2007-07-20 17:31 <KANSIO> d-------- C:\Program Files\QuickTime
2007-07-20 17:31 <KANSIO> d-------- C:\Program Files\Apple Software Update
2007-07-20 17:31 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-20 17:17 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2007-07-19 23:41 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-07-19 23:38 <KANSIO> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-07-19 23:38 <KANSIO> d-------- C:\Program Files\Autodesk
2007-07-19 14:55 39 --a------ C:\WINDOWS\TDEVXCW60.DLL
2007-07-19 14:55 39 --a------ C:\WINDOWS\system32\TEVPXCW60.DLL
2007-07-16 23:07 <KANSIO> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-16 19:43 <KANSIO> d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Wings3D
2007-07-16 13:04 <KANSIO> d-------- C:\WINDOWS\system32\appmgmt
2007-07-16 13:02 <KANSIO> d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Apple Computer
2007-07-16 12:06 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
2007-07-09 22:07 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-09 22:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 22:07 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 22:07 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-09 22:05 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-09 22:05 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-09 22:05 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-09 22:05 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-09 22:05 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-09 22:05 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 11:18 --------- d-------- C:\DOCUME~1\Wiljami\APPLIC~1\uTorrent
2007-08-07 10:53 359808 --a--c--- C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-08-07 10:53 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-08-07 10:53 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-08-06 11:13 8704 --a-s---- C:\WINDOWS\system32\eigbbb.dll
2007-08-04 23:01 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-02 23:06 1277 --a------ C:\WINDOWS\mozver.dat
2007-07-21 13:03 913408 --a------ C:\WINDOWS\system32\xreglib.dll
2007-07-21 12:53 --------- d-------- C:\Program Files\NVIDIA Corporation
2007-07-19 23:38 70990 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-07-19 23:38 366492 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6807328 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-06-29 00:43 6807328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
2007-06-28 23:05 --------- d-------- C:\Program Files\Messenger
2007-06-27 22:18 --------- d-------- C:\Program Files\Movie Maker
2007-06-27 22:17 --------- d-------- C:\Program Files\Windows NT
2007-06-22 17:29 --------- d-------- C:\Program Files\ASUS
2007-06-21 22:15 --------- d-------- C:\DOCUME~1\Wiljami\APPLIC~1\WinRAR
2007-06-20 22:50 --------- d-------- C:\DOCUME~1\Wiljami\APPLIC~1\InstallShield
2007-06-20 22:01 --------- d-------- C:\Program Files\Logitech
2007-06-20 22:01 --------- d-------- C:\Program Files\Common Files\Logitech
2007-06-20 22:00 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-06-20 21:57 --------- d--h----- C:\Program Files\WindowsUpdate
2007-06-20 21:56 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-20 02:02 --------- d-------- C:\Program Files\Common Files\SpeechEngines
2007-06-20 02:02 --------- d-------- C:\Program Files\Common Files\ODBC
2007-06-20 01:27 --------- d-------- C:\Program Files\Realtek
2007-06-20 01:10 0 -rahs---- C:\MSDOS.SYS
2007-06-20 01:10 0 -rahs---- C:\IO.SYS
2007-06-20 01:10 0 --a------ C:\CONFIG.SYS
2007-06-20 01:10 0 --a------ C:\AUTOEXEC.BAT
2007-06-20 01:10 --------- d-------- C:\Program Files\microsoft frontpage
2007-06-20 01:09 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-06-20 01:08 21672 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-06-20 01:08 --------- d-------- C:\Program Files\Online Services
2007-06-20 01:08 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-05-16 18:14 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:14 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:14 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:14 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:14 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 11:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-10-31 07:27]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 15:44]
"JMB36X Configure"="C:\WINDOWS\System32\JMRaidSetup.exe" [2006-10-30 15:44]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 01:21 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-04 02:43 C:\WINDOWS\Alcmtr.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 22:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"BDMCon"="e:\BITDEF~1\bdmcon.exe" [2007-07-21 13:03]
"BDAgent"="E:\BitDefender plus v10\bdagent.exe" [2007-07-21 13:02]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-07 15:19]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]
"DAEMON Tools"="E:\DAEMON Tools\daemon.exe" [2007-04-04 01:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-07-10 21:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c006DAC4.dat

R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys
R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys
R0 JGOGO;JMicron Hot-Plug Driver;C:\WINDOWS\system32\DRIVERS\JGOGO.sys
R0 JRAID;JRAID;C:\WINDOWS\system32\DRIVERS\jraid.sys
R1 AsIO;AsIO;C:\WINDOWS\system32\drivers\AsIO.sys
R1 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys
R1 bdpredir;bdpredir;\??\E:\BitDefender plus v10\bdpredir.sys
R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys
R2 BDRSDRV;BDRSDRV;\??\E:\BitDefender plus v10\bdrsdrv.sys
R2 Hardlock;Hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys
R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys
R3 NVR0Dev;NVR0Dev;\??\C:\WINDOWS\nvoclock.sys
S2 DS1410D;DS1410D;\??\C:\WINDOWS\system32\drivers\ds1410d.sys
S4 Messagcr;Messagcr;c:\temp\svchost.exe

*Newly Created Service* - AVGASCLN

Contents of the 'Scheduled Tasks' folder
2007-07-24 12:01:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 21:05:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x00ffc\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-07 21:06:08

--- E O F ---

 

Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne:

Tallenna se nimellä CFScript. (Tarkista että on juuri noin kirjoitettu)

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

=======

Kaspersky online-skanneri

Skannaa koneesi Kaspersky Online Skannerilla

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.

 

Tässä tämä combofix logi

ComboFix 07-08-04.3 - "Wiljami" 2007-08-07 22:50:03.3 [GMT 3:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.Tosi


((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))


2007-08-07 22:51 <KANSIO> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-07 22:51 <KANSIO> d-------- C:\WINDOWS\LastGood
2007-08-07 22:51 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-07 20:57 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-07 20:19 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-07 18:21 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-07 13:41 3,364 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-07 13:40 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-07 13:40 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-07 13:40 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-07 13:26 6,006 --a------ C:\dnsbak.reg
2007-08-07 13:20 <KANSIO> dr------- C:\DOCUME~1\JRJEST~1\Omat tiedostot
2007-08-07 13:13 630,784 --a------ C:\DOCUME~1\JRJEST~1\NTUSER.DAT
2007-08-07 13:13 <KANSIO> dr------- C:\DOCUME~1\JRJEST~1\K„ynnist„-valikko
2007-08-07 13:13 <KANSIO> d--hs---- C:\WINDOWS\CSC
2007-08-07 13:13 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Verkkoymp„rist”
2007-08-07 13:13 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Tulostinymp„rist”
2007-08-07 13:13 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Mallit
2007-08-07 13:13 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1\Ty”p”yt„
2007-08-07 13:13 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1\Suosikit
2007-08-07 12:59 194 --a------ C:\WINDOWS\system32\RBDELDRV.BAT
2007-08-07 12:52 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2007-08-07 12:50 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-08-07 12:50 <KANSIO> d-------- C:\WINDOWS\network diagnostic
2007-08-07 12:13 80,895 --a------ C:\WINDOWS\system32\__c006DAC4.dat
2007-08-04 23:23 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-02 18:39 <KANSIO> C:\WINDOWS\Mafia
2007-08-02 18:39 <KANSIO> C:\Program Files\Mafia
2007-07-29 14:37 52,736 --a------ C:\WINDOWS\ipuninst.exe
2007-07-28 01:00 <KANSIO> d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-07-28 00:57 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-28 00:57 <KANSIO> dr-h----- C:\DOCUME~1\Wiljami\APPLIC~1\SecuROM
2007-07-25 22:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-07-25 22:02 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-07-25 22:02 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-07-25 22:02 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-25 08:50 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2007-07-24 22:56 <KANSIO> d-------- C:\Program Files\Common Files\DirectX
2007-07-24 22:54 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-24 22:54 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-07-24 22:54 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-23 12:12 <KANSIO> d-------- C:\Program Files\Common Files\element5 Shared
2007-07-23 12:12 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\element5
2007-07-22 22:47 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-22 18:35 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2007-07-22 11:27 <KANSIO> d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Ahead
2007-07-22 11:25 <KANSIO> d-------- C:\Program Files\Common Files\Ahead
2007-07-22 11:25 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-07-21 23:32 <KANSIO> d-------- C:\DOCUME~1\Wiljami\APPLIC~1\DivX
2007-07-21 23:31 36,624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-21 23:31 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-21 23:31 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-21 23:31 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-21 23:31 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-21 23:31 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-21 23:22 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-07-21 23:22 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-07-21 21:15 <KANSIO> d--h----- C:\WINDOWS\PIF
2007-07-21 12:58 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-07-21 12:58 <KANSIO> d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Bitdefender
2007-07-21 12:56 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
2007-07-21 01:09 8,576 --a------ C:\WINDOWS\system32\drivers\ewwgyccycpsb.sys
2007-07-21 00:52 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-07-21 00:50 <KANSIO> d-------- C:\Program Files\Bonjour
2007-07-21 00:45 <KANSIO> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-07-21 00:29 <KANSIO> d-------- C:\S„l„
2007-07-21 00:28 <KANSIO> d-------- C:\Kone
2007-07-21 00:27 <KANSIO> d-------- C:\Pelit
2007-07-21 00:26 <KANSIO> d-------- C:\2D-3D
2007-07-21 00:15 <KANSIO> d-------- C:\FlexLm
2007-07-21 00:14 685,056 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2007-07-21 00:14 20,032 -ra------ C:\WINDOWS\system32\drivers\SNTNLUSB.SYS
2007-07-21 00:14 <KANSIO> d-------- C:\WINDOWS\system32\RNBOSENT
2007-07-21 00:13 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
2007-07-21 00:13 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2007-07-21 00:13 383 --a------ C:\WINDOWS\system32\haspdos.sys
2007-07-21 00:13 305,152 --a------ C:\WINDOWS\IsUninst.exe
2007-07-21 00:13 <KANSIO> d-------- C:\Program Files\Common Files\Alias Shared
2007-07-20 17:41 <KANSIO> d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Downloaded Installations
2007-07-20 17:31 <KANSIO> d-------- C:\Program Files\QuickTime
2007-07-20 17:31 <KANSIO> d-------- C:\Program Files\Apple Software Update
2007-07-20 17:31 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-20 17:17 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2007-07-19 23:41 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-07-19 23:38 <KANSIO> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-07-19 23:38 <KANSIO> d-------- C:\Program Files\Autodesk
2007-07-19 14:55 39 --a------ C:\WINDOWS\TDEVXCW60.DLL
2007-07-19 14:55 39 --a------ C:\WINDOWS\system32\TEVPXCW60.DLL
2007-07-16 23:07 <KANSIO> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-16 19:43 <KANSIO> d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Wings3D
2007-07-16 13:04 <KANSIO> d-------- C:\WINDOWS\system32\appmgmt
2007-07-16 13:02 <KANSIO> d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Apple Computer
2007-07-16 12:06 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
2007-07-09 22:07 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-09 22:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 22:07 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 22:07 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-09 22:05 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-09 22:05 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-09 22:05 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 21:56 --------- d-------- C:\DOCUME~1\Wiljami\APPLIC~1\uTorrent
2007-08-07 10:53 359808 --a--c--- C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-08-07 10:53 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-08-07 10:53 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-08-06 11:13 8704 --a-s---- C:\WINDOWS\system32\eigbbb.dll
2007-08-04 23:01 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-02 23:06 1277 --a------ C:\WINDOWS\mozver.dat
2007-07-21 13:03 913408 --a------ C:\WINDOWS\system32\xreglib.dll
2007-07-21 12:53 --------- d-------- C:\Program Files\NVIDIA Corporation
2007-07-19 23:38 70990 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-07-19 23:38 366492 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6807328 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-06-29 00:43 6807328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
2007-06-28 23:05 --------- d-------- C:\Program Files\Messenger
2007-06-27 22:18 --------- d-------- C:\Program Files\Movie Maker
2007-06-27 22:17 --------- d-------- C:\Program Files\Windows NT
2007-06-22 17:29 --------- d-------- C:\Program Files\ASUS
2007-06-21 22:15 --------- d-------- C:\DOCUME~1\Wiljami\APPLIC~1\WinRAR
2007-06-20 22:50 --------- d-------- C:\DOCUME~1\Wiljami\APPLIC~1\InstallShield
2007-06-20 22:01 --------- d-------- C:\Program Files\Logitech
2007-06-20 22:01 --------- d-------- C:\Program Files\Common Files\Logitech
2007-06-20 22:00 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-06-20 21:57 --------- d--h----- C:\Program Files\WindowsUpdate
2007-06-20 21:56 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-20 02:02 --------- d-------- C:\Program Files\Common Files\SpeechEngines
2007-06-20 02:02 --------- d-------- C:\Program Files\Common Files\ODBC
2007-06-20 01:27 --------- d-------- C:\Program Files\Realtek
2007-06-20 01:10 0 -rahs---- C:\MSDOS.SYS
2007-06-20 01:10 0 -rahs---- C:\IO.SYS
2007-06-20 01:10 0 --a------ C:\CONFIG.SYS
2007-06-20 01:10 0 --a------ C:\AUTOEXEC.BAT
2007-06-20 01:10 --------- d-------- C:\Program Files\microsoft frontpage
2007-06-20 01:09 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-06-20 01:08 21672 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-06-20 01:08 --------- d-------- C:\Program Files\Online Services
2007-06-20 01:08 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-05-16 18:14 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:14 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:14 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:14 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:14 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 11:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-10-31 07:27]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 15:44]
"JMB36X Configure"="C:\WINDOWS\System32\JMRaidSetup.exe" [2006-10-30 15:44]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 01:21 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-04 02:43 C:\WINDOWS\Alcmtr.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 22:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"BDMCon"="e:\BITDEF~1\bdmcon.exe" [2007-07-21 13:03]
"BDAgent"="E:\BitDefender plus v10\bdagent.exe" [2007-07-21 13:02]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-07 15:19]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]
"DAEMON Tools"="E:\DAEMON Tools\daemon.exe" [2007-04-04 01:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-07-10 21:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c006DAC4.dat

R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys
R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys
R0 JGOGO;JMicron Hot-Plug Driver;C:\WINDOWS\system32\DRIVERS\JGOGO.sys
R0 JRAID;JRAID;C:\WINDOWS\system32\DRIVERS\jraid.sys
R1 AsIO;AsIO;C:\WINDOWS\system32\drivers\AsIO.sys
R1 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys
R1 bdpredir;bdpredir;\??\E:\BitDefender plus v10\bdpredir.sys
R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys
R2 BDRSDRV;BDRSDRV;\??\E:\BitDefender plus v10\bdrsdrv.sys
R2 Hardlock;Hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys
R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys
R3 NVR0Dev;NVR0Dev;\??\C:\WINDOWS\nvoclock.sys
S2 DS1410D;DS1410D;\??\C:\WINDOWS\system32\drivers\ds1410d.sys
S4 Messagcr;Messagcr;c:\temp\svchost.exe


Contents of the 'Scheduled Tasks' folder
2007-07-24 12:01:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 22:52:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x00ffc\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-07 22:52:49
C:\ComboFix2.txt ... 2007-08-07 21:06

--- E O F ---

Laitan kohta tuon kaspersky tuloksen kun on valmis.

 

Juups. eli toi cfscript ei nyt toiminut.. eipä se haittaa..

======

sulla on kaks antivursta avg7 ja bitdefender.. poista toinen

=======

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c006DAC4.dat

Tässä ohje miten merkataan:


========

Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin

poista tää C:\WINDOWS\system32\__c006DAC4.dat

======

eli uusi hjtlogi ja kasperskyn logi..

 

Heips.

Kokeilin poistella tuota
C:\WINDOWS\system32\__c006DAC4.dat
mutta eipä onnistunutkaan. Myöskään HjT ei poista sitä vaikka se sanoo poistavansa sen. Eli on aina vaan uudestaan siellä. Filua ei voi poistaa ja windows sanoo että lähdetiedosto on käytössä. Yritin ladata KillBoxin jota tuo HjT ehdotti mutta se ei käynnistynyt koneella jostain syystä. Liekkö syynä että oon nyt vikasietotilassa. Pitää kokeilla normaalissa..

 

Juu ei tosiaan auennut koko ohjelma, valittaa jostain "Component MSCOMCTL.OCX or one of its dependencies not correctly registered: a file is missing or invalid?

Että tälläistä, mitäs tehdään?

On muuten myös toinen juttu jota en voi poistaa
C:\Program Files\Mafia pelin kansiota
kone sanoo "Ei voi poistaa tiedosto: lähdetiedostosta tai levyltä ei voi lukea. Mitään onglemaa kovossa ei ole löytynyt joten nyt mättää jossain muualla.

 

Lataa Killbox Option^Explicitiltä.

Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi.

[*]Tallenna työpöydällesi.
[*] Valitse: [*]Replace on Reboot ja laita vielä merkki Use Dummy
[*]Kopioi ja liitä alapuolella oleva tiedostopolku leikepöydälle mustaamalla se ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):


C:\WINDOWS\system32\__c006DAC4.dat

[*] Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.

[*]Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!).
Käynnistä koneesi itse jos se ei sitä automaattisesti tee

Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan.

Sitten tee noi korjaukset hijackthissillä (jos pystyt) ja laita uusi hijackthislogi

 

No nyt tais lähteä. Ei näy enää HjT :ssä

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:07:51, on 8.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\BitDefender plus v10\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
E:\BitDefender plus v10\vsserv.exe
C:\WINDOWS\System32\svchost.exe
e:\bitdef~1\bdmcon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wiljami\Omat tiedostot\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] e:\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "E:\BitDefender plus v10\bdagent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "E:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1182366219515
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - E:\3DMaX\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - E:\Nero Burning\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - E:\BitDefender plus v10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6585 bytes

 

ei taida bitdefenderiss olla palomuuria? vai

Jos käytät vain Windowsin omaa palomuuria, niin se ei ole riittävä suoja. Lataa vaikka näistä kolmesta Yksi palomuuri koneellesi ja asenna se. Poista sitten myös windowsin palomuuri käytöstä. Nämä 3 ovat aika suosittuja ja ilmaisia palomuureja:

Comodo
Kerio
Zonealarm

========

Skannaa koneesi Ewido Online Scannerilla

* Lataa Ewido_micro.exe tästä.
* Tallenna tiedosto esimerkiksi työpöydälle.
* Tuplaklikkaa Ewido_micro.exeä työpöydälläsi.
* Ewido alkaa samantien päivittämään tunnisteitaan. Tässä voi mennä hetki.
* Kun päivitykset on ladattu, varmista että kaikki kohdat ovat rastitettuja ikkunan vasemmassa laidassa.
* Klikkaa vasemmalla alhaalla olevaa Start Scan -nappia.
* Scannaus alkaa. Tässä voi kestää jonkun aikaa, riippuen tiedostojen määrästä.
* Kun skannaus on valmis ja löytyneitä kohteita on, niin varmista, että kaikkien kohteiden vasemmalla puolella olevissa kohdissa on rastit.
* Klikkaa Save report -nappia ja tallenna raportti vaikka työpöydälle.
* Klikkaa Remove Infections -nappia.
* Kun vastaat aukeavaan ilmoitukseen ok, niin kaikki saastuneet tiedostot poistetaan.
* Poiston jälkeen voit sammuttaa Ewido Online Scannerin painamalla yläkulmassa olevaa punaista rastia.
* Käynnistä kone nyt uudelleen ja postita tallentamasi raportti viestiketjuusi
==========


Loistava ohje tietokoneeen nopeuttamiseksi

http://neko.1g.fi/ohje/hidastelua.html

++++++++++

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.

ja ewido online skannerin raportti

 

BitDefenderissä on kyllä palomuuri joka tuntuisi toimivan hyvin.

Elikkäs tässä ois näitä logeja:

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Wiljami\Cookies\wiljami@ad.yieldmanager[2].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\Wiljami\Cookies\wiljami@atdmt[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Wiljami\Cookies\wiljami@blinck.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Cpvfeed
Path: C:\Documents and Settings\Wiljami\Cookies\wiljami@cpvfeed[1].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\Wiljami\Cookies\wiljami@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Wiljami\Cookies\wiljami@msnportal.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: C:\Documents and Settings\Wiljami\Cookies\wiljami@realmedia[2].txt
Risk: Medium

Name: TrackingCookie.Statistik-gallup
Path: C:\Documents and Settings\Wiljami\Cookies\wiljami@statistik-gallup[1].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\Wiljami\Cookies\wiljami@zedo[1].txt
Risk: Medium

Name: TrackingCookie.Statistik-gallup
Path: :mozilla.6:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.7:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.8:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: :mozilla.9:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: :mozilla.10:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: :mozilla.21:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: :mozilla.22:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.40:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Cpvfeed
Path: :mozilla.42:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.43:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.44:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Cpvfeed
Path: :mozilla.48:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Cpvfeed
Path: :mozilla.49:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Cpvfeed
Path: :mozilla.50:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.86:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.87:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium


Deckard's System Scanner v20070807.62
Run by Wiljami on 2007-08-09 at 17:17:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2007-08-09 14:17:32 UTC - RP196 - Deckard's System Scanner Restore Point
11: 2007-08-08 20:31:26 UTC - RP195 - Removed World in Conflict - BETA
10: 2007-08-08 20:29:20 UTC - RP194 - Removed Maelstrom
9: 2007-08-08 20:21:04 UTC - RP193 - Installed DirectX
8: 2007-08-08 20:19:13 UTC - RP192 - Installed World in Conflict - BETA


-- First Restore Point --
1: 2007-08-07 03:41:52 UTC - RP185 - Järjestelmän tarkistuspiste


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 3 GiB (less than 15%) free.


-- HijackThis (run as Wiljami.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:27, on 9.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\BITDEF~1\bdmcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
E:\BitDefender plus v10\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Wiljami\Työpöytä\dss.exe
C:\DOCUME~1\Wiljami\OMATTI~1\Wiljami.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BDMCon] e:\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1182366219515
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - E:\3DMaX\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - E:\Nero Burning\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - E:\BitDefender plus v10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 4819 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Wiljami\OMATTI~1\backups\) ------------

backup-20070807-145603-555 O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\__c003D7FD.dat
backup-20070807-145719-864 O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
backup-20070807-145819-528 O20 - AppInit_DLLs: C:\WINDOWS\system32\__c006DAC4.dat
backup-20070807-145845-926 O23 - Service: Messagcr - Unknown owner - c:\temp\svchost.exe
backup-20070807-150406-102 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
backup-20070807-150406-959 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
backup-20070807-195207-274 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
backup-20070807-195207-295 O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
backup-20070807-195309-194 O20 - AppInit_DLLs: C:\WINDOWS\system32\__c006DAC4.dat
backup-20070807-195354-697 O22 - SharedTaskScheduler: arouse - {c4da240e-7525-404a-b366-f50a422376d8} - (no file)
backup-20070807-195355-959 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20070807-195631-291 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
backup-20070808-073440-131 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20070808-073440-828 O20 - AppInit_DLLs: C:\WINDOWS\system32\__c006DAC4.dat
backup-20070808-074139-241 O20 - AppInit_DLLs: C:\WINDOWS\system32\__c006DAC4.dat
backup-20070808-074638-357 O20 - AppInit_DLLs: C:\WINDOWS\system32\__c006DAC4.dat
backup-20070808-075025-319 O20 - AppInit_DLLs: C:\WINDOWS\system32\__c006DAC4.dat

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 aslm75 - c:\windows\system32\drivers\aslm75.sys
R1 bdpredir - e:\bitdefender plus v10\bdpredir.sys <Not Verified; Softwin SRL; BitDefender 10>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>

S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
S3 catchme - c:\docume~1\wiljami\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>

S2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - e:\3dmax\mentalray\satellite\raysat_3dsmax9_32server.exe
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 License Management Service ESD - "c:\program files\common files\element5 shared\service\licence manager esd.exe"
S3 NBService - e:\nero burning\nero 7\nero backitup\nbservice.exe
S4 Messagcr - c:\temp\svchost.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-07-24 15:01:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-07-09 and 2007-08-09 -----------------------------

2007-08-09 00:27:42 0 d-------- C:\WINDOWS\pss
2007-08-08 23:02:09 0 d-------- C:\!KillBox
2007-08-08 23:00:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-08-07 20:19:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-07 18:21:13 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Grisoft
2007-08-07 15:19:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-07 13:41:18 3364 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-07 13:40:49 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-08-07 13:40:49 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-08-07 13:40:49 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-07 13:26:46 6006 --a------ C:\dnsbak.reg
2007-08-07 13:20:43 0 dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2007-08-07 13:15:58 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Macromedia
2007-08-07 13:13:42 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2007-08-07 13:13:42 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2007-08-07 13:13:42 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2007-08-07 13:13:42 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2007-08-07 13:13:42 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja\SendTo
2007-08-07 13:13:42 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Recent
2007-08-07 13:13:42 626688 --a------ C:\Documents and Settings\Järjestelmänvalvoja\NTUSER.DAT
2007-08-07 13:13:42 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2007-08-07 13:13:42 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Local Settings
2007-08-07 13:13:42 0 dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2007-08-07 13:13:42 0 d--hs---- C:\Documents and Settings\Järjestelmänvalvoja\Cookies
2007-08-07 13:13:42 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja\Application Data
2007-08-07 13:13:42 0 d---s---- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft
2007-08-07 13:13:37 0 d--hs---- C:\WINDOWS\CSC
2007-08-07 12:59:22 194 --a------ C:\WINDOWS\system32\RBDELDRV.BAT
2007-08-07 12:52:32 0 d-------- C:\WINDOWS\system32\fi-fi
2007-08-07 12:50:51 0 d-------- C:\WINDOWS\network diagnostic
2007-08-07 12:20:21 0 --a------ C:\Documents and Settings\Wiljami\NULL
2007-08-04 23:23:10 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-08-02 23:06:18 0 d-------- C:\WINDOWS\Sun
2007-08-02 23:06:18 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Sun
2007-08-02 23:05:48 0 d-------- C:\Program Files\Java
2007-08-02 23:04:58 0 d-------- C:\Program Files\Common Files\Java
2007-07-29 14:37:21 52736 --a------ C:\WINDOWS\ipuninst.exe <Not Verified; Interplay Productions; Interplay Uninstaller for Windows 95>
2007-07-28 01:00:36 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Command & Conquer 3 Tiberium Wars
2007-07-28 00:57:16 0 dr-h----- C:\Documents and Settings\Wiljami\Application Data\SecuROM
2007-07-25 08:50:23 0 d--hs---- C:\WINDOWS\ftpcache
2007-07-24 22:56:43 0 d-------- C:\Program Files\Common Files\DirectX
2007-07-23 12:12:15 0 d-------- C:\Documents and Settings\All Users\Application Data\element5
2007-07-23 12:12:06 0 d-------- C:\Program Files\Common Files\element5 Shared
2007-07-22 22:47:20 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-22 18:35:38 0 d-------- C:\Program Files\MSXML 4.0
2007-07-22 11:27:17 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Ahead
2007-07-22 11:25:58 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-22 11:25:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-21 23:32:22 0 d-------- C:\Documents and Settings\Wiljami\Application Data\DivX
2007-07-21 23:22:51 5248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-07-21 23:22:51 160640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-07-21 21:15:51 0 d--h----- C:\WINDOWS\PIF
2007-07-21 12:58:47 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-07-21 12:58:21 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Bitdefender
2007-07-21 12:56:38 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-07-21 01:09:11 8576 --a------ C:\WINDOWS\system32\drivers\ewwgyccycpsb.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-21 00:52:08 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-07-21 00:50:22 0 d-------- C:\Program Files\Bonjour
2007-07-21 00:45:49 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-07-21 00:29:06 0 d-------- C:\Sälä
2007-07-21 00:28:19 0 d-------- C:\Kone
2007-07-21 00:27:54 0 d-------- C:\Pelit
2007-07-21 00:26:24 0 d-------- C:\2D-3D
2007-07-21 00:15:53 0 d-------- C:\FlexLm
2007-07-21 00:14:05 20032 -ra------ C:\WINDOWS\system32\drivers\SNTNLUSB.SYS <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>
2007-07-21 00:14:02 0 --a------ C:\WINDOWS\TempFile
2007-07-21 00:14:00 0 d-------- C:\WINDOWS\system32\RNBOSENT
2007-07-21 00:13:57 305152 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-07-21 00:13:54 6656 --a------ C:\WINDOWS\system32\haspvdd.dll <Not Verified; Aladdin Knowledge Systems.; Windows NT HASP Virtual Device Driver>
2007-07-21 00:13:54 383 --a------ C:\WINDOWS\system32\haspdos.sys
2007-07-21 00:13:53 47616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
2007-07-21 00:13:17 0 d-------- C:\Program Files\Common Files\Alias Shared
2007-07-20 17:44:53 0 dr-h----- C:\Documents and Settings\Wiljami\Recent
2007-07-20 17:41:05 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Downloaded Installations
2007-07-20 17:31:44 0 d-------- C:\Program Files\QuickTime
2007-07-20 17:31:38 0 d-------- C:\Program Files\Apple Software Update
2007-07-20 17:31:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-07-20 17:17:28 0 d-------- C:\WINDOWS\system32\LogFiles
2007-07-19 23:41:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2007-07-19 23:38:52 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-07-19 23:38:52 0 d-------- C:\Program Files\Autodesk
2007-07-19 14:55:51 39 --a------ C:\WINDOWS\TDEVXCW60.DLL
2007-07-19 14:55:51 39 --a------ C:\WINDOWS\system32\TEVPXCW60.DLL
2007-07-18 23:38:04 4 --a------ C:\Documents and Settings\Wiljami\ini
2007-07-16 23:07:47 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-16 19:43:13 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Wings3D
2007-07-16 13:04:55 0 d-------- C:\WINDOWS\system32\appmgmt
2007-07-16 13:02:50 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Apple Computer
2007-07-16 13:02:18 1763 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-07-16 12:06:38 0 d-------- C:\WINDOWS\Downloaded Installations
2007-07-09 22:07:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 22:05:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-09 22:05:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-09 22:05:54 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-09 22:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 22:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 22:05:54 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 22:05:28 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2007-08-08 23:19:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-08 11:53:25 0 d-------- C:\Documents and Settings\Wiljami\Application Data\uTorrent
2007-08-06 11:13:22 8704 --a-s---- C:\WINDOWS\system32\eigbbb.dll
2007-08-02 23:06:10 1277 --a------ C:\WINDOWS\mozver.dat
2007-08-02 23:04:58 0 d-------- C:\Program Files\Common Files
2007-07-22 15:03:58 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Adobe
2007-07-21 13:03:41 913408 --a------ C:\WINDOWS\system32\xreglib.dll
2007-07-21 12:53:59 0 d-------- C:\Program Files\NVIDIA Corporation
2007-07-21 00:50:21 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-19 23:38:42 366492 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-07-19 23:38:42 70990 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-07-16 18:46:57 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Macromedia
2007-06-29 00:43:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-28 23:05:25 0 d-------- C:\Program Files\Messenger
2007-06-27 22:18:15 0 d-------- C:\Program Files\Movie Maker
2007-06-27 22:17:40 0 d-------- C:\Program Files\Windows NT
2007-06-22 17:29:06 0 d-------- C:\Program Files\ASUS
2007-06-21 22:15:27 0 d-------- C:\Documents and Settings\Wiljami\Application Data\WinRAR
2007-06-20 22:50:12 0 d-------- C:\Documents and Settings\Wiljami\Application Data\InstallShield
2007-06-20 22:01:01 0 d-------- C:\Program Files\Logitech
2007-06-20 22:01:01 0 d-------- C:\Program Files\Common Files\Logitech
2007-06-20 22:00:55 0 d-------- C:\Program Files\Common Files\InstallShield
2007-06-20 21:57:05 0 d--h----- C:\Program Files\WindowsUpdate
2007-06-20 21:56:31 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-20 21:56:30 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Mozilla
2007-06-20 02:05:58 62 --ahs---- C:\Documents and Settings\Wiljami\Application Data\desktop.ini
2007-06-20 02:02:45 0 d-------- C:\Program Files\Common Files\ODBC
2007-06-20 02:02:42 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-06-20 01:27:23 0 d-------- C:\Program Files\Realtek
2007-06-20 01:13:13 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Identities
2007-06-20 01:10:41 0 d-------- C:\Program Files\microsoft frontpage
2007-06-20 01:10:29 0 -rahs---- C:\MSDOS.SYS
2007-06-20 01:10:29 0 -rahs---- C:\IO.SYS
2007-06-20 01:10:29 0 --a------ C:\CONFIG.SYS
2007-06-20 01:10:29 0 --a------ C:\AUTOEXEC.BAT
2007-06-20 01:09:17 0 d-------- C:\Program Files\Common Files\MSSoap
2007-06-20 01:08:49 21672 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-06-20 01:08:46 0 d-------- C:\Program Files\Online Services
2007-06-20 01:08:41 0 d-------- C:\Program Files\MSN Gaming Zone


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [31.10.2006 07:27]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [30.10.2006 15:44]
"Logitech Utility"="Logi_MwX.Exe" [11.12.2003 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"BDMCon"="e:\BITDEF~1\bdmcon.exe" [21.07.2007 13:03]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [29.06.2007 00:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [15.09.2004 02:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
"E:\BitDefender plus v10\bdagent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
C:\WINDOWS\System32\JMRaidSetup.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"




-- End of Deckard's System Scanner: finished at 2007-08-09 at 17:19:48 ---------



Deckard's System Scanner v20070807.62
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6

CPU 0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
CPU 1: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Percentage of Memory in Use: 19%
Physical Memory (total/avail): 2046.48 MiB / 1649.86 MiB
Pagefile Memory (total/avail): 3942.18 MiB / 3646.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1961.06 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 75.13 GiB total, 3 GiB free.
D: is Fixed (NTFS) - 136.72 GiB total, 97.43 GiB free.
E: is Fixed (NTFS) - 195.32 GiB total, 95.63 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is Fixed (NTFS) - 58.59 GiB total, 58.52 GiB free.


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntivirusOverride is set.

FW: Bitdefender Firewall v8.0 (Softwin)
AV: Bitdefender Antivirus v8.0 (Softwin) Outdated

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\\Utorrent\\utorrent.exe"="E:\\Utorrent\\utorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Wiljami\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BANAANI
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Wiljami
LOGONSERVER=\\BANAANI
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;E:\Maya3D 8.5\bin;E:\Backburner\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Wiljami\LOCALS~1\Temp
TMP=C:\DOCUME~1\Wiljami\LOCALS~1\Temp
USERDOMAIN=BANAANI
USERNAME=Wiljami
USERPROFILE=C:\Documents and Settings\Wiljami
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Wiljami (admin)
Järjestelmänvalvoja (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> E:\Nero Burning\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3dsmax ancillary install --> MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
517142 - ZBrush (Windows) (Shared Components) --> C:\Program Files\Common Files\element5 Shared\Uninstall\517142 ZBrush Windows\B1FFA000\UninstApplet.exe /uninstall
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.0 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ASUS Probe V2.25.02 --> C:\WINDOWS\uninst.exe -fd:\Probe2\DeIsL1.isu -c"d:\Probe2\probunis.dll"
µTorrent --> "E:\Utorrent\uninstall.exe"
Autodesk 3ds Max 9 32-bit --> MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4}
Autodesk Design Review 2008 --> MsiExec.exe /I{FACF203E-0F4D-489A-B80C-D185253C8FCB}
Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Backburner --> MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
BitDefender Antivirus Plus v10 --> MsiExec.exe /I{F9FFD19E-B9BA-4C0C-B088-A385F9E9A15B}
Command & Conquer 3 --> MsiExec.exe /I{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}
DivX Codec --> E:\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> E:\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> E:\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FBX Plugin 2006.08 for Max 9.0 --> C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe
Genesis Rising --> "D:\Genesis Rising\unins000.exe"
GPGNet --> MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Wiljami\Omat tiedostot\HijackThis.exe" /uninstall
Hotfix-päivitys Windows XP:lle (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix-päivitys Windows XP:lle (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
JMB36X Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
Logitech MouseWare 9.80 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0xb -l000b UNINSTALL
Lost Planet Extreme Condition --> MsiExec.exe /I{AD281A87-2AD3-4CEB-AF85-468FD84698D8}
Maya 8.5 --> MsiExec.exe /I{A1E0E88A-F5E9-4414-A0D7-31940E965EC5}
Maya 8.5 Documentation (en_US) --> MsiExec.exe /I{81525B87-9344-4834-883C-C6A9D78EA1DF}
Medieval II Total War --> C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Ultra Edition --> MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31035}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1035
Overlord --> C:\Program Files\InstallShield Installation Information\{259A8A5E-2886-4BED-9EF1-D5485282CCC3}\Setup.exe -runfromtemp -l0x0009 -removeonly
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe" -l0x9
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Päivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Prey --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}\setup.exe" -l0x9 -removeonly
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0xb -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Suojauspäivitys ohjelmistolle Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB904706) -->
Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913433) --> C:\WINDOWS\System32\MacroMed\Flash\genuinst.exe C:\WINDOWS\System32\MacroMed\Flash\KB913433.inf
Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Supreme Commander --> C:\Program Files\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}\setup.exe -runfromtemp -l0x0009 -removeonly
Sword of the Stars --> D:\Sword of the Stars\Uninstall.exe
Video ActiveX Solution 1.15 --> C:\Program Files\Video ActiveX Access\uninst.exe
Wings 3D 0.98.36 --> E:\wings3d_0.98.36\Uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
VobSub v2.23 (Remove Only) --> "C:\Documents and Settings\Wiljami\Työpöytä\VobSub\uninstall.exe"
ZBrush3 --> MsiExec.exe /I{6084D038-3401-4C9D-A216-86E6EEA25AFB}


-- Application Event Log -------------------------------------------------------

Event ID #675: Error
Event Submitted/Written: 08/09/2007 05:15:37 PM
Event Source: RaySat_3dsmax9_32 Server
Event Description:
(1632) getservbyname: Pyydetty nimi on kelvollinen ja löytyi tietokannasta, mutta siihen ei ole yhdistetty haettavia tietoja (0x2afc)

Event ID #670: Error
Event Submitted/Written: 08/09/2007 00:17:53 AM
Event Source: RaySat_3dsmax9_32 Server
Event Description:
(1632) getservbyname: Pyydetty nimi on kelvollinen ja löytyi tietokannasta, mutta siihen ei ole yhdistetty haettavia tietoja (0x2afc)

Event ID #664: Error
Event Submitted/Written: 08/08/2007 11:35:56 PM
Event Source: RaySat_3dsmax9_32 Server
Event Description:
(1632) getservbyname: Pyydetty nimi on kelvollinen ja löytyi tietokannasta, mutta siihen ei ole yhdistetty haettavia tietoja (0x2afc)

Event ID #661: Error
Event Submitted/Written: 08/08/2007 11:27:31 PM
Event Source: Application Hang
Event Description:
Lukkiutunut sovellus wic.exe, versio 0.9.0.0, lukkiutumismoduuli hungapp, versio 0.0.0.0, lukkiutumisosoite 0x00000000.

Event ID #658: Error
Event Submitted/Written: 08/08/2007 11:05:56 PM
Event Source: RaySat_3dsmax9_32 Server
Event Description:
(1632) getservbyname: Pyydetty nimi on kelvollinen ja löytyi tietokannasta, mutta siihen ei ole yhdistetty haettavia tietoja (0x2afc)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event ID #3313: Error
Event Submitted/Written: 08/09/2007 05:15:38 PM
Event Source: Service Control Manager
Event Description:
Palvelua DS1410D ei voi käynnistää. Virhekoodi on
%%2

Event ID #3289: Error
Event Submitted/Written: 08/09/2007 00:18:15 AM
Event Source: Service Control Manager
Event Description:
Palvelua DS1410D ei voi käynnistää. Virhekoodi on
%%2

Event ID #3267: Error
Event Submitted/Written: 08/08/2007 11:35:59 PM
Event Source: Service Control Manager
Event Description:
Palvelua DS1410D ei voi käynnistää. Virhekoodi on
%%2

Event ID #3243: Error
Event Submitted/Written: 08/08/2007 11:06:01 PM
Event Source: Service Control Manager
Event Description:
Palvelua DS1410D ei voi käynnistää. Virhekoodi on
%%2

Event ID #3211: Error
Event Submitted/Written: 08/08/2007 10:58:25 PM
Event Source: Service Control Manager
Event Description:
Palvelua DS1410D ei voi käynnistää. Virhekoodi on
%%2



-- End of Deckard's System Scanner: finished at 2007-08-09 at 17:19:48 ---------

 

Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.exe ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:

* Käynnistä tietokone
* Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
* Seuraavaksi pitäisi ilmestyä valikko
* Valitse valikosta vikasietotila.


* Tee ohjelmalle oma kansio C:\SDFix ja siirrä se sinne
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
* Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi

 

Tässäpä tämä


SDFix: Version 1.97

Run by Wiljami on to 09.08.2007 at 22:16

Microsoft Windows XP [versio 5.1.2600]

Running From: C:\SDFix\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"E:\\Utorrent\\utorrent.exe"="E:\\Utorrent\\utorrent.exe:*:Enabled:æTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:


Finished

 

Pysy puhtaana

-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!

 

Kiitos oiken paljon avusta! Tuli puhdasta.

Voitko vielä auttaa poistamaan tuon mafia pelin kansion kun en saa ti pois.

Eli se sijaitsee
C:\Program Files\Mafia

Pelin olen jo uninstalloinut mutta tuo kansio ei vain poistu, se myös näkyy tuolla käynnistä valikon ohjelmissa mutta sieltä siihen ei saa mitään yhteyttä eli hiiren oikealla napilla ei aukea valikkoa.

Itse kansion päältä saa avattua valikon mutta mitään sille ei kuitenkaan pysty tekemään. Olen tehnyt kovon tarkistuksen eikä siellä ollut ongelmia. Poistamista kun yrittää kertoo windows vain että "Ei voi poistaa tiedosto: lähdetiedostosta tai levyltä ei voi lukea."

Kiitos vielä avusta.

 

Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne:

Tallenna se nimellä CFScript (Tarkista että on juuri noin kirjoitettu)

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

 

Eipä se pyytänyt uudelleen käynnistämään?!?

Pitääko siihen filun nimeen jäädä se .txt vai ei? Kokeilin kummallakin tavalla muttei mitään sen kummempaa tapahtunut. Mafia kansiokin on vielä paikallaan. Mutta tässä vielä tuo logi

ComboFix 07-08-09.3 - "Wiljami" 2007-08-10 22:00:43.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1547 [GMT 3:00]
Command switches used :: C:\Documents and Settings\Wiljami\Ty”p”yt„\CFScript
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))


2007-08-10 01:05 <KANSIO> d--hs---- C:\$RECYCLE.BIN
2007-08-10 00:38 <KANSIO> d--hs---- C:\Boot
2007-08-09 22:16 <KANSIO> d-------- C:\WINDOWS\ERUNT
2007-08-09 17:17 <KANSIO> d-------- C:\Deckard
2007-08-09 00:27 <KANSIO> d-------- C:\WINDOWS\pss
2007-08-08 23:21 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-08-08 23:21 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-08-08 23:21 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-08-08 23:02 <KANSIO> d-------- C:\!KillBox
2007-08-07 20:57 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-07 20:19 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-07 18:21 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-07 13:41 3,364 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-07 13:40 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-07 13:40 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-07 13:40 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-07 13:26 6,006 --a------ C:\dnsbak.reg
2007-08-07 13:20 <KANSIO> dr------- C:\DOCUME~1\JRJEST~1\Omat tiedostot
2007-08-07 13:13 626,688 --a------ C:\DOCUME~1\JRJEST~1\NTUSER.DAT
2007-08-07 13:13 <KANSIO> dr------- C:\DOCUME~1\JRJEST~1\K„ynnist„-valikko
2007-08-07 13:13 <KANSIO> d--hs---- C:\WINDOWS\CSC
2007-08-07 13:13 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Verkkoymp„rist”
2007-08-07 13:13 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Tulostinymp„rist”
2007-08-07 13:13 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Mallit
2007-08-07 13:13 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1\Ty”p”yt„
2007-08-07 13:13 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1\Suosikit
2007-08-07 12:59 194 --a------ C:\WINDOWS\system32\RBDELDRV.BAT
2007-08-07 12:52 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2007-08-07 12:50 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-08-07 12:50 <KANSIO> d-------- C:\WINDOWS\network diagnostic
2007-08-04 23:23 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-02 18:39 <KANSIO> C:\WINDOWS\Mafia
2007-08-02 18:39 <KANSIO> C:\Program Files\Mafia
2007-07-29 14:37 52,736 --a------ C:\WINDOWS\ipuninst.exe
2007-07-28 01:00 <KANSIO> d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-07-28 00:57 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-28 00:57 <KANSIO> dr-h----- C:\DOCUME~1\Wiljami\APPLIC~1\SecuROM
2007-07-25 22:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-07-25 22:02 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-07-25 22:02 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-07-25 22:02 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-25 08:50 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2007-07-24 22:56 <KANSIO> d-------- C:\Program Files\Common Files\DirectX
2007-07-24 22:54 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-24 22:54 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-07-24 22:54 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-23 12:12 <KANSIO> d-------- C:\Program Files\Common Files\element5 Shared
2007-07-23 12:12 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\element5
2007-07-22 22:47 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-22 18:35 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2007-07-22 11:27 <KANSIO> d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Ahead
2007-07-22 11:25 <KANSIO> d-------- C:\Program Files\Common Files\Ahead
2007-07-22 11:25 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-07-21 23:32 <KANSIO> d-------- C:\DOCUME~1\Wiljami\APPLIC~1\DivX
2007-07-21 23:31 36,624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-21 23:31 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-21 23:31 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-21 23:31 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-21 23:31 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-21 23:31 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-21 23:22 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-07-21 23:22 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-07-21 21:15 <KANSIO> d--h----- C:\WINDOWS\PIF
2007-07-21 12:58 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-07-21 12:58 <KANSIO> d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Bitdefender
2007-07-21 12:56 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
2007-07-21 01:09 8,576 --a------ C:\WINDOWS\system32\drivers\ewwgyccycpsb.sys
2007-07-21 00:52 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-07-21 00:50 <KANSIO> d-------- C:\Program Files\Bonjour
2007-07-21 00:45 <KANSIO> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-07-21 00:29 <KANSIO> d-------- C:\S„l„
2007-07-21 00:28 <KANSIO> d-------- C:\Kone
2007-07-21 00:27 <KANSIO> d-------- C:\Pelit
2007-07-21 00:26 <KANSIO> d-------- C:\2D-3D
2007-07-21 00:15 <KANSIO> d-------- C:\FlexLm
2007-07-21 00:14 685,056 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2007-07-21 00:14 20,032 -ra------ C:\WINDOWS\system32\drivers\SNTNLUSB.SYS
2007-07-21 00:14 <KANSIO> d-------- C:\WINDOWS\system32\RNBOSENT
2007-07-21 00:13 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
2007-07-21 00:13 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2007-07-21 00:13 383 --a------ C:\WINDOWS\system32\haspdos.sys
2007-07-21 00:13 305,152 --a------ C:\WINDOWS\IsUninst.exe
2007-07-21 00:13 <KANSIO> d-------- C:\Program Files\Common Files\Alias Shared
2007-07-20 17:41 <KANSIO> d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Downloaded Installations
2007-07-20 17:31 <KANSIO> d-------- C:\Program Files\QuickTime
2007-07-20 17:31 <KANSIO> d-------- C:\Program Files\Apple Software Update
2007-07-20 17:31 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-20 17:17 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2007-07-19 23:41 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-07-19 23:38 <KANSIO> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-07-19 23:38 <KANSIO> d-------- C:\Program Files\Autodesk
2007-07-19 14:55 39 --a------ C:\WINDOWS\TDEVXCW60.DLL
2007-07-19 14:55 39 --a------ C:\WINDOWS\system32\TEVPXCW60.DLL
2007-07-16 23:07 <KANSIO> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-16 19:43 <KANSIO> d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Wings3D
2007-07-16 13:04 <KANSIO> d-------- C:\WINDOWS\system32\appmgmt
2007-07-16 13:02 <KANSIO> d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Apple Computer
2007-07-16 12:06 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-10 16:32 --------- d-------- C:\DOCUME~1\Wiljami\APPLIC~1\uTorrent
2007-08-08 23:19 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-07 10:53 359808 --a--c--- C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-08-07 10:53 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-08-07 10:53 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-08-06 11:13 8704 --a-s---- C:\WINDOWS\system32\eigbbb.dll
2007-08-02 23:06 1277 --a------ C:\WINDOWS\mozver.dat
2007-07-21 13:03 913408 --a------ C:\WINDOWS\system32\xreglib.dll
2007-07-21 12:53 --------- d-------- C:\Program Files\NVIDIA Corporation
2007-07-19 23:38 70990 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-07-19 23:38 366492 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-07-09 22:07 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-09 22:07 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 22:07 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 22:07 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-09 22:05 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-09 22:05 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-09 22:05 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-09 22:05 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-09 22:05 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-09 22:05 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-09 22:05 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-09 22:05 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-09 22:05 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-09 22:05 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-09 22:05 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-09 22:05 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-09 22:05 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-09 22:05 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6807328 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-06-29 00:43 6807328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
2007-06-28 23:05 --------- d-------- C:\Program Files\Messenger
2007-06-27 22:18 --------- d-------- C:\Program Files\Movie Maker
2007-06-27 22:17 --------- d-------- C:\Program Files\Windows NT
2007-06-22 17:29 --------- d-------- C:\Program Files\ASUS
2007-06-21 22:15 --------- d-------- C:\DOCUME~1\Wiljami\APPLIC~1\WinRAR
2007-06-20 22:50 --------- d-------- C:\DOCUME~1\Wiljami\APPLIC~1\InstallShield
2007-06-20 22:01 --------- d-------- C:\Program Files\Logitech
2007-06-20 22:01 --------- d-------- C:\Program Files\Common Files\Logitech
2007-06-20 22:00 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-06-20 21:57 --------- d--h----- C:\Program Files\WindowsUpdate
2007-06-20 21:56 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-20 02:02 --------- d-------- C:\Program Files\Common Files\SpeechEngines
2007-06-20 02:02 --------- d-------- C:\Program Files\Common Files\ODBC
2007-06-20 01:27 --------- d-------- C:\Program Files\Realtek
2007-06-20 01:10 0 -rahs---- C:\MSDOS.SYS
2007-06-20 01:10 0 -rahs---- C:\IO.SYS
2007-06-20 01:10 0 --a------ C:\CONFIG.SYS
2007-06-20 01:10 0 --a------ C:\AUTOEXEC.BAT
2007-06-20 01:10 --------- d-------- C:\Program Files\microsoft frontpage
2007-06-20 01:09 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-06-20 01:08 21672 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-06-20 01:08 --------- d-------- C:\Program Files\Online Services
2007-06-20 01:08 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-05-16 18:14 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:14 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:14 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:14 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:14 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-10-31 07:27]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 15:44]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"BDMCon"="e:\BITDEF~1\bdmcon.exe" [2007-07-21 13:03]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
"E:\BitDefender plus v10\bdagent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
C:\WINDOWS\System32\JMRaidSetup.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys
R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys
R0 JGOGO;JMicron Hot-Plug Driver;C:\WINDOWS\system32\DRIVERS\JGOGO.sys
R0 JRAID;JRAID;C:\WINDOWS\system32\DRIVERS\jraid.sys
R1 AsIO;AsIO;C:\WINDOWS\system32\drivers\AsIO.sys
R1 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys
R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys
R2 Hardlock;Hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys
R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys
R3 NVR0Dev;NVR0Dev;\??\C:\WINDOWS\nvoclock.sys
S2 DS1410D;DS1410D;\??\C:\WINDOWS\system32\drivers\ds1410d.sys
S4 Messagcr;Messagcr;c:\temp\svchost.exe


Contents of the 'Scheduled Tasks' folder
2007-07-24 12:01:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 22:01:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x00ffc\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVG Anti-Spyware Driver]
"ImagePath"="\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVG Anti-Spyware Guard]
"ImagePath"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AvgAsCln]
"ImagePath"="System32\DRIVERS\AvgAsCln.sys"

Completion time: 2007-08-10 22:01:26
C:\ComboFix2.txt ... 2007-08-10 21:52
C:\ComboFix3.txt ... 2007-08-07 22:52

--- E O F ---

 

Käynnistä tietokone vikasietotilaan:

ja koita sitten poistaa kansio?