Hijackthis-logini tarkistusta vailla?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27, on 2008-06-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\dna Nettiturva\fswsclds.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\sj652\hpupdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
F:\Winamp\winampa.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
F:\nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
F:\nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\Explorer.EXE
F:\HL2\Steam.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = HELLO EVERYBODY
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Call HoverToCall class - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Windows Live\Messenger\HTC.DLL
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SeekmoToolbar] C:\Program Files\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE}
O4 - HKLM\..\Run: [HP Update 3400C] C:\sj652\hpupdate.exe 3400C
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] F:\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKCU\..\Run: [Skype] "F:\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "F:\nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "F:\nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Object\isamntr.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Object\pmsnrr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: On-Screen Keyboard.lnk = C:\WINDOWS\system32\osk.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\OSKARI\P\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\OSKARI\P\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - E:\OSKARI\P\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - E:\OSKARI\P\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1020231842546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file)
O22 - SharedTaskScheduler: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\dna Nettiturva\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11730 bytes

 

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

mozilla firefox hävisi ja tilalle tuli explorer vaarallista ?

ComboFix 08-06-09.7 - Hannu 2008-06-11 8:05:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.123 [GMT 3:00]
Running from: C:\Documents and Settings\Hannu\Työpöytä\EI SAA POISTAA EIKÄ AVATA TIEDOSTOJA (Lauri)\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\skbar.log
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\1.sdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\1037721.sdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\1055531.sdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\1065003.sdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\1066677.sdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\1067059.sdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\1067085.sdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\1224397.sdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\1383918.sdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\1391177.sdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\315863.sdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\3251993.sdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\3439662.sdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\3442551.sdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\3783161.sdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\819382.sdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\969631.sdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\ASPL1.dat
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\domains.txt
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\10110
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\12457
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\127887
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\13562
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\1382
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\1424
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\14575
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\14633
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\15643
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\15649
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\17040
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\18906
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\18951
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\20673
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\22913
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\23220
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\234045
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\23901
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\25372
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\254249
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\25469
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\25698
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\26134
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\26656
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\27503
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\28812
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\29115
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\31387
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\32506
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\34123
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\34186
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\34267
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\345676
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\35000
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\35047
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\35804
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\36039
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\37081
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\39054
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\40855
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\40999
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\44293
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\44323
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\44458
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\44789
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\4822
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\49587
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\52253
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\52335
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\529505
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\53933
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\540999
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\54469
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\54473
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\577975
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\58197
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\591948
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\59844
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\61194
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\61837
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\62133
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\64414
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\64415
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\64429
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\64484
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\64502
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\64517
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\65419
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\66493
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\6873
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\68942
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\69201
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\70650
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\70989
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\737665
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\738022
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\742963
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\745088
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\745326
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\748880
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\753009
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\79257
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\79432
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\79989
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\81716
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\82292
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\86379
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\873
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\89200
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\90358
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\91224
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\92061
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\9313
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\93899
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\94407
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\9665
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\97741
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\ustat\3563.dat
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\ustat\3565.dat
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\btntrans.idx
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\btntrans1.dat
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\buttondir.txt
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\components.cdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_other.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_weather.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\default.cdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_511745-514279.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_categorize.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_comparison.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_favorites.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_Games.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_Hide.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_hsskin.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_jemster.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_jemsterie.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_jobsearch.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_Mails.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_MobileSidewalk.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_MobileSW-US.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_new.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_premium.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_reun.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_ringtones.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_searchfor.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_searchgo.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_weather.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\email-t1-bg.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\icons2.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\keywords.idx
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\keywords1.dat
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\layout.cdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\linkpathlegal.txt
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\progress.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\s_icons_buttons.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\sales_buttons.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\seekmo.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\t2_bg.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\theweb.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\top7.cdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Top7_theweb.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\tsd_bg.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\btntrans.idx
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\btntrans1.dat
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\buttondir.txt
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\components.cdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_other.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_weather.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\default.cdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_511745-514279.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_categorize.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_comparison.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_explorer-people.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_favorites.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_Games.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_Hide.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_Hotmail.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_hsskin.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_jemster.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_jemsterie.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_jobsearch.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_Mails.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_MobileSidewalk.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_MobileSW-US.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_new.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_premium.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_reun.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_ringtones.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_searchfor.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_searchgo.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_weather.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_yellowpages.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\email-t1-bg.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\icons2.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\keywords.idx
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\keywords1.dat
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\layout.cdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\linkpathlegal.txt
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\progress.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\s_icons_buttons.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\sales_buttons.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\seekmo.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\t2_bg.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\theweb.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\top7.cdf
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Top7_theweb.mnu
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\tsd_bg.res
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\buttondir.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\default.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\icons2.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\keywords.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\keywords1.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\layout.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\progress.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\seekmo.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\top7.xip
C:\Documents and Settings\Hannu\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Hannu\Suosikit\Online Security Test.url
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\GLAPILIB.dll
C:\WINDOWS\system32\MSINET.oca

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-11 to 2008-06-11 )))))))))))))))))
.

2008-06-10 21:27 . 2008-06-10 21:27 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-10 11:32 . 2008-06-10 11:32 <KANSIO> d-------- C:\Program Files\SweetIM
2008-06-10 11:32 . 2008-06-10 11:32 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-06-07 14:36 . 2008-06-07 21:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-07 14:36 . 2008-06-07 14:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-07 14:01 . 2008-06-07 14:01 <KANSIO> d-------- C:\Program Files\Nokia
2008-06-07 13:13 . 2008-06-07 13:13 <KANSIO> d-------- C:\Documents and Settings\Hannu\Application Data\Nokia Multimedia Player
2008-06-06 18:29 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-06-06 18:29 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-06-06 18:29 . 2008-06-06 18:29 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-06 18:29 . 2008-06-06 18:29 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-06 18:15 . 2008-06-06 18:15 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2008-06-06 18:15 . 2008-06-06 18:15 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-06-06 18:14 . 2008-06-06 18:14 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2008-06-06 18:14 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-06-06 18:14 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-06-06 18:14 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-06-06 18:14 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-06-06 18:14 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-06-06 18:14 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-06-05 10:04 . 2008-06-05 10:04 <KANSIO> d-------- C:\Documents and Settings\Hannu\Application Data\Media Player Classic
2008-05-23 17:02 . 2008-05-23 17:02 <KANSIO> d-------- C:\Program Files\ogf2tool
2008-05-22 15:26 . 2008-06-09 11:24 <KANSIO> d-------- C:\Program Files\Live_TV
2008-05-22 15:11 . 2008-05-22 15:11 <KANSIO> d-------- C:\Program Files\Google

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 15:09 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-10 06:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-09 08:19 --------- d-----w C:\Program Files\BitComet
2008-06-08 19:18 --------- d-----w C:\Program Files\Setup
2008-06-07 11:04 --------- d-----w C:\Documents and Settings\Hannu\Application Data\Nokia
2008-06-07 10:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-06-06 15:30 --------- d-----w C:\Documents and Settings\Hannu\Application Data\PC Suite
2008-06-06 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-30 18:33 --------- d-----w C:\Documents and Settings\Hannu\Application Data\ZoomBrowser EX
2008-05-30 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-05-28 08:52 --------- d-----w C:\Documents and Settings\Hannu\Application Data\teamspeak2
2008-05-23 13:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 07:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-04-05 10:06 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-26 12:28 796,672 ----a-w C:\WINDOWS\GPInstall.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-13 17:07 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-03-13 17:07 249,856 ------w C:\WINDOWS\Setup1.exe
2008-03-02 14:57 25,560 ----a-w C:\Documents and Settings\Hannu\Application Data\GDIPFONTCACHEV1.DAT
2004-03-11 10:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
1998-07-14 10:04 3,668,632 ----a-w C:\Program Files\dx5dan.exe
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 14:12 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ABIT uGuru"="C:\Program Files\ABIT\ABIT uGuru\uGuru.exe" [2004-05-21 16:07 1695830]
"Skype"="F:\skype\Phone\Skype.exe" [ ]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [ ]
"Start WingMan Profiler"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"Nokia.PCSync"="F:\nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="F:\nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 13:23 67584 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 21:05 344064]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-04-06 20:36 1298542]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [ ]
"MediaGateway"="C:\Program Files\MediaGateway\MediaGateway.exe" [ ]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-08-13 09:07 233512]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-15 19:27 185784]
"HP Update 3400C"="C:\sj652\hpupdate.exe" [2002-02-01 13:33 32768]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"WinampAgent"="F:\Winamp\winampa.exe" [2008-01-16 01:54 37376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

C:\Documents and Settings\Hannu\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe [2004-09-15 15:00:00 216064]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-11 15:44:55 110592]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 13:01:04 83360]
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe [2007-03-08 16:52:49 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"F:\\HL2\\Steam.exe"=
"F:\\HL2\\SteamApps\\ozcu676\\counter-strike source\\hl2.exe"=
"F:\\HL2\\SteamApps\\ozcu676\\half-life 2 deathmatch\\hl2.exe"=
"F:\\HL2\\SteamApps\\ozcu676\\source dedicated server\\srcds.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"F:\\HL2\\SteamApps\\ozcu676\\day of defeat source\\hl2.exe"=
"F:\\D++\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"F:\\BF2\\BF2.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"F:\\HL2\\SteamApps\\ozcu676\\half-life 2\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"F:\\HL2\\SteamApps\\ozcu676\\source sdk base\\hl2.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"E:\\Ubisoft\\Pf\\pf.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18897:TCP"= 18897:TCP:BitComet 18897 TCP
"18897:UDP"= 18897:UDP:BitComet 18897 UDP

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2005-07-04 11:58]
R0 uGuru;uGuru;C:\WINDOWS\system32\Drivers\uGuru.sys [2004-08-04 13:56]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2006-05-15 16:10]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2001-11-21 18:29]
R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\dna Nettiturva\fswsclds.exe [2004-01-01 01:10]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\getnd5b.sys [2004-01-29 09:32]
S3 bdacap;%BdaSWCapture.DeviceDesc%;C:\WINDOWS\system32\drivers\bdacap.sys [2006-05-18 10:01]
S3 GLHIDKBFILTER;GLHIDKBFILTER;C:\WINDOWS\system32\DRIVERS\GLKbFilter.sys [2006-01-06 09:55]

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-03 05:43:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 08:08:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-11 8:09:55
ComboFix-quarantined-files.txt 2008-06-11 05:09:44

Pre-Run: 5,301,596,160 tavua vapaana
Post-Run: 21,112,758,272 tavua vapaana

446 --- E O F --- 2008-06-10 06:46:46

 

scannaa vielä uudelleen Combofix loki

 

ComboFix 08-06-09.7 - Hannu 2008-06-11 18:11:05.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.212 [GMT 3:00]
Running from: C:\Documents and Settings\Hannu\Työpöytä\EI SAA POISTAA EIKÄ AVATA TIEDOSTOJA (Lauri)\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-11 to 2008-06-11 )))))))))))))))))
.

2008-06-11 13:08 . 2008-04-14 18:52 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:08 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 21:27 . 2008-06-10 21:27 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-10 11:32 . 2008-06-10 11:32 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-06-07 14:36 . 2008-06-07 21:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-07 14:36 . 2008-06-07 14:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-07 14:01 . 2008-06-07 14:01 <KANSIO> d-------- C:\Program Files\Nokia
2008-06-07 13:13 . 2008-06-07 13:13 <KANSIO> d-------- C:\Documents and Settings\Hannu\Application Data\Nokia Multimedia Player
2008-06-06 18:29 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-06-06 18:29 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-06-06 18:29 . 2008-06-06 18:29 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-06 18:29 . 2008-06-06 18:29 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-06 18:15 . 2008-06-06 18:15 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2008-06-06 18:15 . 2008-06-06 18:15 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-06-06 18:14 . 2008-06-06 18:14 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2008-06-06 18:14 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-06-06 18:14 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-06-06 18:14 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-06-06 18:14 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-06-06 18:14 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-06-06 18:14 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-06-05 10:04 . 2008-06-05 10:04 <KANSIO> d-------- C:\Documents and Settings\Hannu\Application Data\Media Player Classic
2008-05-23 17:02 . 2008-05-23 17:02 <KANSIO> d-------- C:\Program Files\ogf2tool
2008-05-22 15:26 . 2008-06-09 11:24 <KANSIO> d-------- C:\Program Files\Live_TV
2008-05-22 15:11 . 2008-05-22 15:11 <KANSIO> d-------- C:\Program Files\Google

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 09:20 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-11 08:00 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-11 08:00 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-10 06:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-09 08:19 --------- d-----w C:\Program Files\BitComet
2008-06-08 19:18 --------- d-----w C:\Program Files\Setup
2008-06-07 11:04 --------- d-----w C:\Documents and Settings\Hannu\Application Data\Nokia
2008-06-07 10:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-06-06 15:30 --------- d-----w C:\Documents and Settings\Hannu\Application Data\PC Suite
2008-06-06 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-30 18:33 --------- d-----w C:\Documents and Settings\Hannu\Application Data\ZoomBrowser EX
2008-05-30 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-05-28 08:52 --------- d-----w C:\Documents and Settings\Hannu\Application Data\teamspeak2
2008-05-23 13:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 07:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-26 12:28 796,672 ----a-w C:\WINDOWS\GPInstall.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-13 17:07 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-03-13 17:07 249,856 ------w C:\WINDOWS\Setup1.exe
2008-03-02 14:57 25,560 ----a-w C:\Documents and Settings\Hannu\Application Data\GDIPFONTCACHEV1.DAT
2004-03-11 10:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
1998-07-14 10:04 3,668,632 ----a-w C:\Program Files\dx5dan.exe
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-11_ 8.09.31.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-11 05:01:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 10:43:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 15:52:59 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 13:01:50 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:01:50 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:01:50 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:01:50 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:01:50 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:56 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:01:50 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:01:50 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:01:51 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:01:51 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:01:51 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:01:51 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:01:51 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:56:25 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:01:51 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:01:52 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:01:52 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 15:31:54 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:01:53 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:01:53 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:01:53 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:01:53 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:01:53 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:31:14 214,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:32:23 380,640 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:01:53 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:01:53 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:01:53 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:01:53 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2008-03-01 13:01:50 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:41 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-03-01 13:01:50 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:41 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-03-01 13:01:50 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:42 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:01:50 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:42 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 13:01:50 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:42 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 13:01:50 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:42 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-02-29 08:55:56 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:41:08 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 13:01:50 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:42 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 13:01:50 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:42 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-03-01 13:01:51 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:42 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 13:01:51 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:42 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 13:01:51 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:42 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 13:01:51 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:42 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 13:01:51 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:42 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-02-29 08:56:25 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:41:30 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-03-01 13:01:51 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:42 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-03-01 13:01:52 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:42 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 13:01:52 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:42 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 15:31:54 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-23 19:16:44 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 13:01:53 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:42 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 13:01:53 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:42 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 13:01:53 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:42 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 13:01:53 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:42 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 13:01:53 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:42 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:51 1,288,192 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:15:43 1,288,192 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-03-01 13:01:53 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:42 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 13:01:53 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:43 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 13:01:53 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:43 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 13:01:53 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:43 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-03-01 13:01:50 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:42 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 13:01:50 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:42 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 13:01:50 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:42 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-03-01 13:01:50 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:42 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:55:56 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:41:08 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 13:01:50 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:42 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 13:01:50 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:42 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-03-01 13:01:51 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:42 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 13:01:51 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:42 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 13:01:51 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:42 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-03-01 13:01:51 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:42 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 13:01:51 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:42 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-03-01 13:01:51 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:42 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 11:35:06 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-03-01 13:01:52 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:42 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 13:01:52 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:42 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 15:31:54 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-23 19:16:44 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 13:01:53 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:42 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 13:01:53 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:42 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-03-01 13:01:53 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:42 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-03-01 13:01:53 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:42 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-03-01 13:01:53 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:42 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2006-10-08 18:51:14 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:02 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-03-01 13:01:53 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:42 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 13:01:53 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:43 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-03-01 13:01:53 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:43 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ABIT uGuru"="C:\Program Files\ABIT\ABIT uGuru\uGuru.exe" [2004-05-21 16:07 1695830]
"Skype"="F:\skype\Phone\Skype.exe" [ ]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [ ]
"Start WingMan Profiler"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"Nokia.PCSync"="F:\nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="F:\nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 13:23 67584 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 21:05 344064]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-04-06 20:36 1298542]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [ ]
"MediaGateway"="C:\Program Files\MediaGateway\MediaGateway.exe" [ ]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-08-13 09:07 233512]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-15 19:27 185784]
"HP Update 3400C"="C:\sj652\hpupdate.exe" [2002-02-01 13:33 32768]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"WinampAgent"="F:\Winamp\winampa.exe" [2008-01-16 01:54 37376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

C:\Documents and Settings\Hannu\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe [2004-09-15 15:00:00 216064]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-11 15:44:55 110592]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 13:01:04 83360]
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe [2007-03-08 16:52:49 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"F:\\HL2\\Steam.exe"=
"F:\\HL2\\SteamApps\\ozcu676\\counter-strike source\\hl2.exe"=
"F:\\HL2\\SteamApps\\ozcu676\\half-life 2 deathmatch\\hl2.exe"=
"F:\\HL2\\SteamApps\\ozcu676\\source dedicated server\\srcds.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"F:\\HL2\\SteamApps\\ozcu676\\day of defeat source\\hl2.exe"=
"F:\\D++\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"F:\\BF2\\BF2.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"F:\\HL2\\SteamApps\\ozcu676\\half-life 2\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"F:\\HL2\\SteamApps\\ozcu676\\source sdk base\\hl2.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"E:\\Ubisoft\\Pf\\pf.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18897:TCP"= 18897:TCP:BitComet 18897 TCP
"18897:UDP"= 18897:UDP:BitComet 18897 UDP

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2005-07-04 11:58]
R0 uGuru;uGuru;C:\WINDOWS\system32\Drivers\uGuru.sys [2004-08-04 13:56]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2006-05-15 16:10]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2001-11-21 18:29]
R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\dna Nettiturva\fswsclds.exe [2004-01-01 01:10]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\getnd5b.sys [2004-01-29 09:32]
S3 bdacap;%BdaSWCapture.DeviceDesc%;C:\WINDOWS\system32\drivers\bdacap.sys [2006-05-18 10:01]
S3 GLHIDKBFILTER;GLHIDKBFILTER;C:\WINDOWS\system32\DRIVERS\GLKbFilter.sys [2006-01-06 09:55]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-03 05:43:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 18:14:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-11 18:15:57
ComboFix-quarantined-files.txt 2008-06-11 15:15:46
ComboFix2.txt 2008-06-11 05:09:56

Pre-Run: 20,659,085,312 tavua vapaana
Post-Run: 20,709,371,904 tavua vapaana

321 --- E O F --- 2008-06-11 10:38:16

 

Poista lisää poista sovelutuksesta

MediaGateway

Poista kansio vikasiedossa

C:\Program Files\MediaGateway

=============

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:

3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u6

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files

Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

 

Ok mitäs sitten ?

 

scannaa uusi hjt:n loki
scannaa uusi combofix loki

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:33:46, on 12.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\sj652\hpupdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
F:\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\WINDOWS\system32\ctfmon.exe
F:\nokia\Nokia PC Suite 6\PCSync2.exe
F:\nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\dna Nettiturva\fswsclds.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
F:\HL2\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Update 3400C] C:\sj652\hpupdate.exe 3400C
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] F:\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKCU\..\Run: [Skype] "F:\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "F:\nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "F:\nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: On-Screen Keyboard.lnk = C:\WINDOWS\system32\osk.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\OSKARI\P\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\OSKARI\P\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - E:\OSKARI\P\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - E:\OSKARI\P\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1020231842546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file)
O22 - SharedTaskScheduler: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\dna Nettiturva\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10393 bytes

 

ja combofix...

ComboFix 08-06-09.7 - Hannu 2008-06-12 17:36:02.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.225 [GMT 3:00]
Running from: C:\Documents and Settings\Hannu\Työpöytä\EI SAA POISTAA EIKÄ AVATA TIEDOSTOJA (Lauri)\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-12 to 2008-06-12 )))))))))))))))))
.

2008-06-12 17:24 . 2008-06-12 17:24 <KANSIO> d-------- C:\Program Files\B2BPOKER
2008-06-12 11:04 . 2008-06-12 11:04 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-06-12 11:04 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-11 13:08 . 2008-04-14 18:52 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:08 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 21:27 . 2008-06-10 21:27 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-10 11:32 . 2008-06-10 11:32 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-06-07 14:36 . 2008-06-07 21:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-07 14:36 . 2008-06-07 14:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-07 14:01 . 2008-06-07 14:01 <KANSIO> d-------- C:\Program Files\Nokia
2008-06-07 13:13 . 2008-06-07 13:13 <KANSIO> d-------- C:\Documents and Settings\Hannu\Application Data\Nokia Multimedia Player
2008-06-06 18:29 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-06-06 18:29 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-06-06 18:29 . 2008-06-06 18:29 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-06 18:29 . 2008-06-06 18:29 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-06 18:15 . 2008-06-06 18:15 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2008-06-06 18:15 . 2008-06-06 18:15 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-06-06 18:14 . 2008-06-06 18:14 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2008-06-06 18:14 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-06-06 18:14 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-06-06 18:14 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-06-06 18:14 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-06-06 18:14 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-06-06 18:14 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-06-05 10:04 . 2008-06-05 10:04 <KANSIO> d-------- C:\Documents and Settings\Hannu\Application Data\Media Player Classic
2008-05-23 17:02 . 2008-05-23 17:02 <KANSIO> d-------- C:\Program Files\ogf2tool
2008-05-22 15:26 . 2008-06-09 11:24 <KANSIO> d-------- C:\Program Files\Live_TV
2008-05-22 15:11 . 2008-05-22 15:11 <KANSIO> d-------- C:\Program Files\Google

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 08:04 --------- d-----w C:\Program Files\Java
2008-06-11 09:20 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-11 08:00 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-11 08:00 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-10 06:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-09 08:19 --------- d-----w C:\Program Files\BitComet
2008-06-08 19:18 --------- d-----w C:\Program Files\Setup
2008-06-07 11:04 --------- d-----w C:\Documents and Settings\Hannu\Application Data\Nokia
2008-06-07 10:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-06-06 15:30 --------- d-----w C:\Documents and Settings\Hannu\Application Data\PC Suite
2008-06-06 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-30 18:33 --------- d-----w C:\Documents and Settings\Hannu\Application Data\ZoomBrowser EX
2008-05-30 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-05-28 08:52 --------- d-----w C:\Documents and Settings\Hannu\Application Data\teamspeak2
2008-05-23 13:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 07:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-26 12:28 796,672 ----a-w C:\WINDOWS\GPInstall.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-13 17:07 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-03-13 17:07 249,856 ------w C:\WINDOWS\Setup1.exe
2008-03-02 14:57 25,560 ----a-w C:\Documents and Settings\Hannu\Application Data\GDIPFONTCACHEV1.DAT
2004-03-11 10:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
1998-07-14 10:04 3,668,632 ----a-w C:\Program Files\dx5dan.exe
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((( snapshot_2008-06-11_18.15.33,76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-11 10:43:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-12 08:10:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-24 22:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-24 22:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-24 23:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ABIT uGuru"="C:\Program Files\ABIT\ABIT uGuru\uGuru.exe" [2004-05-21 16:07 1695830]
"Skype"="F:\skype\Phone\Skype.exe" [ ]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [ ]
"Start WingMan Profiler"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"Nokia.PCSync"="F:\nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="F:\nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 13:23 67584 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 21:05 344064]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-04-06 20:36 1298542]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [ ]
"MediaGateway"="C:\Program Files\MediaGateway\MediaGateway.exe" [ ]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-08-13 09:07 233512]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-15 19:27 185784]
"HP Update 3400C"="C:\sj652\hpupdate.exe" [2002-02-01 13:33 32768]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"WinampAgent"="F:\Winamp\winampa.exe" [2008-01-16 01:54 37376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

C:\Documents and Settings\Hannu\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe [2004-09-15 15:00:00 216064]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-11 15:44:55 110592]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 13:01:04 83360]
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe [2007-03-08 16:52:49 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"F:\\HL2\\Steam.exe"=
"F:\\HL2\\SteamApps\\ozcu676\\counter-strike source\\hl2.exe"=
"F:\\HL2\\SteamApps\\ozcu676\\half-life 2 deathmatch\\hl2.exe"=
"F:\\HL2\\SteamApps\\ozcu676\\source dedicated server\\srcds.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"F:\\HL2\\SteamApps\\ozcu676\\day of defeat source\\hl2.exe"=
"F:\\D++\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"F:\\BF2\\BF2.exe"=
"F:\\HL2\\SteamApps\\ozcu676\\half-life 2\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\HL2\\SteamApps\\ozcu676\\source sdk base\\hl2.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"E:\\Ubisoft\\Pf\\pf.exe"=
"C:\\Program Files\\B2BPOKER\\Pokerihuone\\jre\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18897:TCP"= 18897:TCP:BitComet 18897 TCP
"18897:UDP"= 18897:UDP:BitComet 18897 UDP

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2005-07-04 11:58]
R0 uGuru;uGuru;C:\WINDOWS\system32\Drivers\uGuru.sys [2004-08-04 13:56]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2006-05-15 16:10]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2001-11-21 18:29]
R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\dna Nettiturva\fswsclds.exe [2004-01-01 01:10]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\getnd5b.sys [2004-01-29 09:32]
S3 bdacap;%BdaSWCapture.DeviceDesc%;C:\WINDOWS\system32\drivers\bdacap.sys [2006-05-18 10:01]
S3 GLHIDKBFILTER;GLHIDKBFILTER;C:\WINDOWS\system32\DRIVERS\GLKbFilter.sys [2006-01-06 09:55]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-03 05:43:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 17:38:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-12 17:40:01
ComboFix-quarantined-files.txt 2008-06-12 14:39:50
ComboFix2.txt 2008-06-11 15:15:58
ComboFix3.txt 2008-06-11 05:09:56

Pre-Run: 20,875,268,096 tavua vapaana
Post-Run: 20,868,567,040 tavua vapaana

174 --- E O F --- 2008-06-11 10:38:16

 

Poista lisää poista sovelutuksesta

MediaGateway
SeekmoToolbar
SweetIM ToolbarURLSearchHook Class


Poista kansio vikasiedossa

C:\Program Files\MediaGateway
C:\Program Files\SeekmoToolbar
C:\Program Files\SweetIM


scannaa hjt:llä merkkaa paina Fix checked

O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [SeekmoToolbar] C:\Program Files\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE}
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\OSKARI\P\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\OSKARI\P\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - E:\OSKARI\P\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - E:\OSKARI\P\PartyPokerNet\RunPF.exe (file missing)
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file)
O22 - SharedTaskScheduler: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file)

====================

Lataa SmitfraudFix (c) S!Ri
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita ponnahtava rapport – muistion sisältö viestiketjuusi.
Löytyy myös C:\rapport.txt

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat
(AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja.
A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä,
silloin ne saattavat varoittaa käyttäjää.

 

SmitFraudFix v2.323

Scan done at 18:47:42,60, to 12.06.2008
Run from C:\Documents and Settings\Hannu\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\sj652\hpupdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
F:\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\WINDOWS\system32\ctfmon.exe
F:\nokia\Nokia PC Suite 6\PCSync2.exe
F:\nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\dna Nettiturva\fswsclds.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
F:\HL2\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Hannu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Hannu\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Hannu\Suosikit


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Networking Velocity Family Giga-bit Ethernet Adapter - Paketinajoituksen miniportti
DNS Server Search Order: 62.78.102.50
DNS Server Search Order: 62.78.102.10

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D63FEE52-818F-469E-97E0-3154D8C0E486}: DhcpNameServer=62.78.102.50 62.78.102.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D63FEE52-818F-469E-97E0-3154D8C0E486}: DhcpNameServer=62.78.102.50 62.78.102.10
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D63FEE52-818F-469E-97E0-3154D8C0E486}: DhcpNameServer=62.78.102.50 62.78.102.10
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.78.102.50 62.78.102.10
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.78.102.50 62.78.102.10
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=62.78.102.50 62.78.102.10


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

scannaa uusi hjt:n loki

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:07, on 12.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\sj652\hpupdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
F:\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\WINDOWS\system32\ctfmon.exe
F:\nokia\Nokia PC Suite 6\PCSync2.exe
F:\nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\dna Nettiturva\fswsclds.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
F:\HL2\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Update 3400C] C:\sj652\hpupdate.exe 3400C
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] F:\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKCU\..\Run: [Skype] "F:\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "F:\nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "F:\nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: On-Screen Keyboard.lnk = C:\WINDOWS\system32\osk.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1020231842546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\dna Nettiturva\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9486 bytes

 

scannaa hjt:llä merkkaa paina Fix checked

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file)

=============

Lataa ja pura BFU.zip http://www.merijn.org/files/bfu.zip

Aja ohjelma ja klikkaa Web nappulaa

Käytä tämä webbiosoite "Download script" palkkiin:
http://metallica.geekstogo.com/MediaGateway.BFU

Aja skripti klikkaamalla Execute valintaa.

Jos on mitään kysymyksiä BFU:n käytöstä, lue täällä:
http://metallica.geekstogo.com/BFUinstructions.html (englanniksi)

 

Tehty mitäs sitten?

 

scannaa uusi hjt:n loki

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:18:50, on 13.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\dna Nettiturva\fswsclds.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\sj652\hpupdate.exe
F:\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
F:\nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
F:\nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
F:\HL2\Steam.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\B2BPOKER\Pokerihuone\Client.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\B2BPOKER\Pokerihuone\jre\bin\javaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Update 3400C] C:\sj652\hpupdate.exe 3400C
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WinampAgent] F:\Winamp\winampa.exe
O4 - HKCU\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKCU\..\Run: [Skype] "F:\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "F:\nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "F:\nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: On-Screen Keyboard.lnk = C:\WINDOWS\system32\osk.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1020231842546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\dna Nettiturva\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9018 bytes

 

Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
työpöydällesi.

@echo off
sc stop Fswsclds
sc delete Fswsclds

Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.

Poista vikasiedossa kansio

C:\Program Files\dna Nettiturva

 

ja sitten ?