Avastilla poistin trj:laisia koneelta..Oiskohan viellä pöpöjä?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:09, on 11.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 2019 bytes

 

Teeppä tämä varmuuden vuoksi tällä versiolla.
-> Lataa Hijackthis: http://koti.mbnet.fi/pattaya1/HijackThis.exe
-> Tallenna hakemistoon C:\hjt
->Uudelleennimeä HijackThis.exe -> scanner.exe:ksi näin:
1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia.


2. Valitse Uudelleennineä/ Rename.


3. Kirjoita scanner.exe

-> Käynnistä HijackThis ja klikkaa: do a system scan and save a logfile.
-> Lähetä ilmestynyt logisi tänne.

 

Logfile of HijackThis v1.99.1
Scan saved at 20:12:25, on 11.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

 

jopas oot saanu lokin lyhkäseks

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.

 

Deckard's System Scanner v20070708.52
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6

CPU 0: AMD Athlon(tm) 64 Processor 3200+
Percentage of Memory in Use: 28%
Physical Memory (total/avail): 1023.23 MiB / 736.53 MiB
Pagefile Memory (total/avail): 2460.36 MiB / 2303.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1967.06 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 72.54 GiB total, 3.26 GiB free.
D: is Fixed (NTFS) - 465.76 GiB total, 8.62 GiB free.
E: is Fixed (NTFS) - 37.11 GiB total, 3.97 GiB free.
F: is Fixed (NTFS) - 97.65 GiB total, 70.76 GiB free.
G: is Fixed (NTFS) - 98.11 GiB total, 0.31 GiB free.
H: is CDROM (UDF)


-- Security Center -------------------------------------------------------------

Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntivirusOverride is set.
FirewallOverride is set.

FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.) Disabled

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=Omistaja
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\
LOGONSERVER=\\
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Omist~1.ANA\LOCALS~1\Temp
TMP=C:\DOCUME~1\~1.ANA\LOCALS~1\Temp
USERDOMAIN=
USERNAME=
USERPROFILE=C:\Documents and Settings\
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Omistaja (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Advanced WindowsCare 2.51 Personal --> "C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe"
Battlefield 2(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
HijackThis 1.99.1 --> C:\hjt\HijackThis.exe /uninstall
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.5 --> MsiExec.exe /I{9A379B72-03EC-11DA-BFBD-00065BBDC0B5}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0xb -removeonly
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- End of Deckard's System Scanner: finished at 2007-07-11 at 20:44:40 ---------








Deckard's System Scanner v20070708.52
Run by on 2007-07-11 at 20:43:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2007-07-11 17:43:21 UTC - RP18 - Deckard's System Scanner Restore Point
15: 2007-07-11 03:05:12 UTC - RP17 - Installed DirectX
14: 2007-07-11 02:37:41 UTC - RP16 - Installed Battlefield 2 Patch v1.41
13: 2007-07-11 02:33:52 UTC - RP15 - Installed Battlefield 2: Armored Fury Booster Pack
12: 2007-07-11 02:32:59 UTC - RP14 - Installed Battlefield 2: Euro Force Booster Pack


-- First Restore Point --
1: 2007-07-11 00:43:35 UTC - RP3 - Installed Sygate Personal Firewall


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Omistaja.exe) ----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:43:38, on 11.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\Omistaja.Omist\Työpöytä\dss.exe
C:\hjt\.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Files created between 2007-06-11 and 2007-07-11 -----------------------------

2007-07-11 20:11:26 0 d-------- C:\hjt
2007-07-11 19:33:50 0 d-------- C:\Documents and Settings\Omistaja.Omist\Application Data\Macromedia
2007-07-11 19:33:47 1156 --a------ C:\WINDOWS\mozver.dat
2007-07-11 19:13:15 0 d-------- C:\Program Files\DivX
2007-07-11 18:59:00 0 d-------- C:\Program Files\Trend Micro
2007-07-11 05:52:26 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Työpöytä
2007-07-11 05:52:26 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Tiedostot
2007-07-11 05:52:26 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Suosikit
2007-07-11 05:52:26 0 d--h----- C:\Documents and Settings\All Users.WINDOWS\Mallit
2007-07-11 05:52:26 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Käynnistä-valikko
2007-07-11 05:50:26 0 dr-h----- C:\Documents and Settings\All Users.WINDOWS\Application Data
2007-07-11 05:50:26 0 d---s---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2007-07-11 05:45:59 0 d-------- C:\WINDOWS\ehome
2007-07-11 05:30:28 0 d-------- C:\WINDOWS\system32\appmgmt
2007-07-11 05:18:39 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-07-11 05:13:37 0 dr-h----- C:\Documents and Settings\Omistaja.Omist\Recent
2007-07-11 05:12:30 0 d-------- C:\Program Files\ToniArts
2007-07-11 05:09:31 0 d-------- C:\Program Files\IObit
2007-07-11 05:07:31 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Arovax
2007-07-11 05:02:23 0 d-------- C:\Program Files\CCleaner
2007-07-11 05:01:56 0 d-------- C:\Documents and Settings\Omistaja.Omist\Application Data\WinRAR
2007-07-11 04:53:06 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-07-11 04:52:54 0 d-------- C:\Program Files\MSN Messenger
2007-07-11 04:48:09 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\nView_Profiles
2007-07-11 03:41:19 0 dr------- C:\Documents and Settings\NetworkService.NT-HALLINTA\Suosikit
2007-07-11 03:40:34 0 d-------- C:\Documents and Settings\NetworkService.NT-HALLINTA\Application Data\Mozilla
2007-07-11 03:35:01 0 d-------- C:\Program Files\Winamp
2007-07-11 03:31:14 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
2007-07-11 03:31:13 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
2007-07-11 03:26:37 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-11 03:26:34 0 d-------- C:\Documents and Settings\Omistaja.Omist\Application Data\Mozilla
2007-07-11 03:19:45 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-07-11 03:19:36 0 d-------- C:\Documents and Settings\\WINDOWS
2007-07-11 03:19:24 5824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-07-11 03:18:05 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-07-11 03:17:15 0 d-------- C:\Program Files\Realtek AC97
2007-07-11 03:17:10 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2007-07-11 03:15:51 0 d-------- C:\NVIDIA
2007-07-11 03:15:01 0 d-------- C:\Documents and Settings\\Application Data\Identities
2007-07-11 03:14:53 0 dr------- C:\Documents and Settings\\Omat tiedostot
2007-07-11 03:14:41 0 d--h----- C:\Documents and Settings\\Verkkoympäristö
2007-07-11 03:14:41 0 d-------- C:\Documents and Settings\\Työpöytä
2007-07-11 03:14:41 0 d--h----- C:\Documents and Settings\\Tulostinympäristö
2007-07-11 03:14:41 0 dr------- C:\Documents and Settings\\Suosikit
2007-07-11 03:14:41 0 dr-h----- C:\Documents and Settings\\SendTo
2007-07-11 03:14:41 1835008 --ah----- C:\Documents and Settings\\NTUSER.DAT
2007-07-11 03:14:41 0 d--h----- C:\Documents and Settings\\Mallit
2007-07-11 03:14:41 0 d--h----- C:\Documents and Settings\\Local Settings
2007-07-11 03:14:41 0 dr------- C:\Documents and Settings\\Käynnistä-valikko
2007-07-11 03:14:41 0 d---s---- C:\Documents and Settings\\Cookies
2007-07-11 03:14:41 0 dr-h----- C:\Documents and Settings\\Application Data
2007-07-11 03:13:14 0 d--h----- C:\Documents and Settings\LocalService.NT-HALLINTA\Local Settings
2007-07-11 03:13:14 0 d---s---- C:\Documents and Settings\LocalService.NT-HALLINTA\Cookies
2007-07-11 03:13:14 0 d-------- C:\Documents and Settings\LocalService.NT-HALLINTA\Application Data
2007-07-11 03:13:14 0 d---s---- C:\Documents and Settings\LocalService.NT-HALLINTA\Application Data\Microsoft
2007-07-11 03:13:13 229376 --ah----- C:\Documents and Settings\LocalService.NT-HALLINTA\NTUSER.DAT
2007-07-11 03:12:58 0 d--h----- C:\Documents and Settings\NetworkService.NT-HALLINTA\Local Settings
2007-07-11 03:12:58 0 d---s---- C:\Documents and Settings\NetworkService.NT-HALLINTA\Cookies
2007-07-11 03:12:58 0 d-------- C:\Documents and Settings\NetworkService.NT-HALLINTA\Application Data
2007-07-11 03:12:58 0 d---s---- C:\Documents and Settings\NetworkService.NT-HALLINTA\Application Data\Microsoft
2007-07-11 03:12:57 229376 --ah----- C:\Documents and Settings\NetworkService.NT-HALLINTA\NTUSER.DAT
2007-07-11 03:06:02 0 d-------- C:\WINDOWS\Downloaded Installations
2007-07-11 03:04:59 0 d-------- C:\WINDOWS\system32\URTTemp
2007-07-11 03:02:48 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2007-07-11 03:00:47 21672 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-10 12:57:51 0 d-------- C:\WINDOWS\system32\Lang
2007-07-10 07:53:59 438840 -rahs---- C:\bootmgr
2007-07-10 07:53:58 0 d--hs---- C:\Boot
2007-07-10 01:43:09 0 d--hs---- C:\WINDOWS\Installer
2007-07-10 01:43:07 0 d-------- C:\Program Files\Common Files\ODBC
2007-07-10 01:43:04 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-07-10 01:40:45 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-07-10 01:40:45 0 d-------- C:\WINDOWS\system32\CatRoot
2007-07-10 01:40:12 0 d-------- C:\Documents and Settings
2007-07-10 01:34:43 0 d-------- C:\WINDOWS
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\WinSxS
2007-07-10 01:34:43 0 dr------- C:\WINDOWS\Web
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\twain_32
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\wins
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\wbem
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\usmt
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\spool
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\ShellExt
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\Setup
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\ras
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\oobe
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\npp
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\mui
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\inetsrv
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\IME
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\icsxml
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\ias
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\export
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\drivers
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-07-10 01:34:43 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\dhcp
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\config
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\3076
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\2052
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\1054
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\1042
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\1041
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\1037
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\1035
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\1033
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\1031
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\1028
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system32\1025
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\system
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\security
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\Resources
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\repair
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\Provisioning
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\PeerNet
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\pchealth
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\mui
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\msapps
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\msagent
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\Media
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\java
2007-07-10 01:34:43 0 d--h----- C:\WINDOWS\inf
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\ime
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\Help
2007-07-10 01:34:43 0 dr--s---- C:\WINDOWS\Fonts
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\Driver Cache
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\Debug
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\Cursors
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\Connection Wizard
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\Config
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\AppPatch
2007-07-10 01:34:43 0 d-------- C:\WINDOWS\addins
2007-07-10 01:00:23 0 dr------- C:\Documents and Settings\NetworkService\Suosikit
2007-07-10 01:00:21 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Talkback
2007-07-10 01:00:10 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Mozilla
2007-07-10 00:45:40 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-09 23:41:22 0 d-------- C:\WINDOWS\pss
2007-07-09 23:40:54 0 d-------- C:\Program Files\Sygate
2007-07-09 23:40:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-09 23:28:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-09 23:28:11 0 d-------- C:\WINDOWS\nview
2007-07-09 23:27:44 0 d-------- C:\Program Files\Common Files\InstallShield
2007-07-09 23:10:15 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-07-09 23:05:52 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-07-09 23:05:43 0 d-------- C:\WINDOWS\Prefetch
2007-07-09 23:05:42 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-07-09 23:05:41 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-07-09 23:05:41 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-07-09 23:05:41 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-07-09 23:05:41 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-07-09 23:05:40 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-07-09 23:05:24 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-07-09 23:05:24 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-07-09 23:05:24 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-07-09 23:05:24 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-07-09 23:05:23 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-07-09 23:02:20 0 d-------- C:\WINDOWS\system32\xircom
2007-07-09 23:02:20 0 d-------- C:\Program Files\microsoft frontpage
2007-07-09 23:00:22 0 dr------- C:\WINDOWS\Offline Web Pages
2007-07-09 23:00:22 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-07-09 23:00:10 0 d--h----- C:\Program Files\WindowsUpdate
2007-07-09 23:00:03 0 d-------- C:\Program Files\Online Services
2007-07-09 22:59:47 0 d-------- C:\WINDOWS\system32\DirectX
2007-07-09 22:59:24 0 d---s---- C:\WINDOWS\Tasks
2007-07-09 22:59:23 0 d-------- C:\Program Files\Common Files\MSSoap
2007-07-09 22:59:20 0 d-------- C:\WINDOWS\system32\Macromed
2007-07-09 22:59:20 0 d-------- C:\WINDOWS\srchasst
2007-07-09 22:59:14 0 d-------- C:\Program Files\Movie Maker
2007-07-09 22:59:09 0 d-------- C:\WINDOWS\system32\Restore
2007-07-09 22:58:28 0 d-------- C:\WINDOWS\Registration
2007-07-09 22:57:46 0 d-------- C:\Program Files\Messenger
2007-07-09 22:57:43 0 d-------- C:\Program Files\MSN Gaming Zone
2007-07-09 22:57:24 0 d-------- C:\Program Files\Windows NT
2007-07-09 22:57:22 0 d-------- C:\WINDOWS\system32\MsDtc
2007-07-09 22:57:20 0 d-------- C:\WINDOWS\system32\Com
2007-07-02 22:41:13 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-02 22:37:41 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-02 22:37:41 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-02 22:37:35 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-02 22:37:35 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-02 22:37:35 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-02 22:37:35 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-02 22:36:50 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2007-07-11 05:52:26 62 --ahs---- C:\Documents and Settings\\Application Data\desktop.ini
2007-07-11 05:30:08 284576 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-07-11 05:30:08 48768 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-04-19 13:26:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-04-19 13:26:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-04-19 13:26:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-04-19 13:26:00 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-04-19 13:26:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-04-19 13:26:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-04-19 13:26:00 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2007-04-19 13:26:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-04-19 13:26:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-04-19 13:26:00 212992 --a------ C:\WINDOWS\system32\nvapi.dll
2007-04-19 13:26:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\Shell]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=dword:00000002
"TapiSrv"=dword:00000003
"helpsvc"=dword:00000002
"wscsvc"=dword:00000002

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42b234f9-2f58-11dc-aafb-806d6172696f}]
Shell\AutoRun\command H:\Autorun.exe


-- End of Deckard's System Scanner: finished at 2007-07-11 at 20:44:40 ---------

 

C:\WINDOWS\system32\appmgmt

Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin

poista toi kansio

=======

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

 

Jees,huomenna saat ton raportin,en jaksa tänää enää ruveta scannaa on nii paljo kamaa koneella..