Eli tässä: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:38:36, on 27.3.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe E:\Program Files\Sonera Tietoturva\Common\FSM32.EXE C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe E:\Program Files\Sonera Tietoturva\FSGUI\fsguidll.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Program Files\WinRAR\WinRAR.exe C:\Windows\system32\SearchFilterHost.exe E:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [recinfo919] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [F-Secure Manager] "E:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "E:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [soneraVista] wscript.exe "C:\Program Files\Sonera\InternetAvustaja\agentui\snapins\vista\vistaupdate.js" sonera O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [igndlm.exe] E:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - E:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - E:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe -- End of file - 8051 bytes
merkkaa hjt:lla ja paina fix checked seuraavat: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) ----------- Javan päivitys ja välimuistin tyhjennys: 1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa. 2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... ) Niissä pitäisi olla seuraava kuva vieressä: 3. Valitse kaikki entiset Java versiosi ja valitse Poista. 4. Asenna uusin Java päivitys seuraavasta linkistä.. 5. Käynnistä kone uudelleen asennuksen jälkeen: http://java.sun.com/javase/downloads/index.jsp Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u5 Paina Download Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se. 6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi). 7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia. (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa. Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle). 8. Varmista että kaikki kaksi valintaa ovat rastitettuja: *Applications and Applets *Trace and Log Files Ja paina OK -nappia 9. Klikkaa OK "Temporary Files Settings" -ikkunassasi. 10. Klikkaa OK jättääksesi Java asetusikkunasi. =========== Lataa tuolta CCleaner v2.05.555- Standard Build, ÄLÄ aseenna Yahoo toolbaria! laita asetukset näin: Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot. aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma aja Rekisteri > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi ------------------- Ohje AVG:n Anti-Spyware 7.5:n käyttöön Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis:n työkalun toimintaa. Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta Lataa AVG:n Anti-Spyware 7.5:n ja tallenna ohjelma työpöydällesi. o Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa. o Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää. o Käynnistä AVG:n Anti-Spyware. o Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta. o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa. o Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti. o Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine". o Sitten "Reports" valikon alta: o Laita täppi kohtaan "Automatically generate report after every scan" o Ota täppi pois kohdasta"Only if threats were found" o Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa o "Resident shield is", muuta tila active:sta inactive:ksi o Sulje ohjelma, ÄLÄ skannaa vielä. Käynnistä koneesi vikasietotilaan, sammuta ja käynnistä käynnistyksen yhteydessä naputtele F8 valitse nuoli näppäimellä vikasietotila paina enter ja enter Toisissa koneissa paukutetaan F8:sin sijasta F5:tä HUOM! Älä käytä muita ohjelmia AVG:n skannauksen aikana, tämä saattaa häiritä skannausta. o Kun vikasietotilassa, käynnistä AVG:n Anti-Spyware. o Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan". o Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa. Kun skannaus on valmis: TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions" o Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta. o Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions" o Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta. o Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle. o Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi. ---------------- onko koneessa ollut mtn ongelmia??
Kiitos avusta tähän asti mutta kun tarkistin vikasietotilassa niin en muistanut painaa quarantine vaan siinä oli valmiina delete,ei kai sehaittaa kun teidostot olivat vain tracking cookieita? teen sen scannin uudelleen ku kerkeen.Ja muute en pystyny painaan save reporttia scanni jälkeen mikshiköhän?
Tällänen logi oli ei muita tää voi kyllä olla väärä:--------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 21:11:42 28.3.2008 + Scan result: C:\Users\Aiti\AppData\Roaming\Microsoft\Windows\Cookies\Low\aiti@CAL2LXGO.txt -> TrackingCookie.2o7 : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CA45CLU0.txt -> TrackingCookie.2o7 : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CABTM11T.txt -> TrackingCookie.2o7 : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CAKK33QN.txt -> TrackingCookie.2o7 : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CAVODBFY.txt -> TrackingCookie.2o7 : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CAY7GQI4.txt -> TrackingCookie.2o7 : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CA55T0DU.txt -> TrackingCookie.Adbrite : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CAQZHBDT.txt -> TrackingCookie.Adbrite : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@ads.adbrite[3].txt -> TrackingCookie.Adbrite : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@ads.adbrite[4].txt -> TrackingCookie.Adbrite : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CA2K8G4E.txt -> TrackingCookie.Adrevolver : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CAGRFN0U.txt -> TrackingCookie.Adrevolver : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CA8T0GCU.txt -> TrackingCookie.Adrevolver : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CAKQ1RHK.txt -> TrackingCookie.Adrevolver : Cleaned. C:\Users\Aiti\AppData\Roaming\Microsoft\Windows\Cookies\Low\aiti@CAJOP2EK.txt -> TrackingCookie.Adtech : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CA0P6WDP.txt -> TrackingCookie.Adtech : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CA8AGLHI.txt -> TrackingCookie.Adtech : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CA7DCWVU.txt -> TrackingCookie.Adtech : Cleaned. C:\Users\Aiti\AppData\Roaming\Microsoft\Windows\Cookies\aiti@CA5TL06G.txt -> TrackingCookie.Advertising : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CA1KFVMI.txt -> TrackingCookie.Advertising : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CABCCRQJ.txt -> TrackingCookie.Advertising : Cleaned. C:\Users\Aiti\AppData\Roaming\Microsoft\Windows\Cookies\aiti@CAK3SDE2.txt -> TrackingCookie.Atdmt : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CATYVXVD.txt -> TrackingCookie.Atdmt : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CAXIKRG3.txt -> TrackingCookie.Atdmt : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CA0TU25R.txt -> TrackingCookie.Atdmt : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CA6GOXYA.txt -> TrackingCookie.Atdmt : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CANTU7HT.txt -> TrackingCookie.Atdmt : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CAEDFIBS.txt -> TrackingCookie.Casalemedia : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned. C:\Users\Aiti\AppData\Roaming\Microsoft\Windows\Cookies\Low\aiti@CA6RIZNO.txt -> TrackingCookie.Doubleclick : Cleaned. C:\Users\Aiti\AppData\Roaming\Microsoft\Windows\Cookies\Low\aiti@CAVU3L3T.txt -> TrackingCookie.Doubleclick : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CA3F6G91.txt -> TrackingCookie.Doubleclick : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CAP4LBPK.txt -> TrackingCookie.Doubleclick : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CA28BL1U.txt -> TrackingCookie.Doubleclick : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CAD01H9J.txt -> TrackingCookie.Doubleclick : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CAHR606N.txt -> TrackingCookie.Fastclick : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CAJCRDO5.txt -> TrackingCookie.Fastclick : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CAF7YYSQ.txt -> TrackingCookie.Fastclick : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@ads.gamershell[2].txt -> TrackingCookie.Gamershell : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@gamershell[2].txt -> TrackingCookie.Gamershell : Cleaned. C:\Users\Aiti\AppData\Roaming\Microsoft\Windows\Cookies\Low\aiti@CA1R63FL.txt -> TrackingCookie.Hitbox : Cleaned. C:\Users\Aiti\AppData\Roaming\Microsoft\Windows\Cookies\Low\aiti@CATEUPJO.txt -> TrackingCookie.Hitbox : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CADBP0H9.txt -> TrackingCookie.Hitbox : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CAFKFX3J.txt -> TrackingCookie.Hitbox : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CAH2RX9P.txt -> TrackingCookie.Hitbox : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CAWTP88L.txt -> TrackingCookie.Hotlog : Cleaned. :mozilla.6:C:\Users\Ezka\AppData\Roaming\Mozilla\Firefox\Profiles\1i34s9bz.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.7:C:\Users\Ezka\AppData\Roaming\Mozilla\Firefox\Profiles\1i34s9bz.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CAZYIUWB.txt -> TrackingCookie.Ivwbox : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CA8LKW7C.txt -> TrackingCookie.Mediaplex : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CADOWHNN.txt -> TrackingCookie.Mediaplex : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CAOLHCK7.txt -> TrackingCookie.Mediaplex : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CAS3S4VX.txt -> TrackingCookie.Pointroll : Cleaned. C:\Users\Aiti\AppData\Roaming\Microsoft\Windows\Cookies\Low\aiti@CALSYZ9B.txt -> TrackingCookie.Questionmarket : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CA0DJ5Y1.txt -> TrackingCookie.Questionmarket : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CACCWWDR.txt -> TrackingCookie.Revsci : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@revsci[2].txt -> TrackingCookie.Revsci : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CASQBP86.txt -> TrackingCookie.Revsci : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CAZ0FB98.txt -> TrackingCookie.Revsci : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CA4ZSATO.txt -> TrackingCookie.Serving-sys : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CAZGWHVS.txt -> TrackingCookie.Serving-sys : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CA3TPWL2.txt -> TrackingCookie.Serving-sys : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CAB5WOGK.txt -> TrackingCookie.Statcounter : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CAPEMFCU.txt -> TrackingCookie.Statcounter : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CAYI3OBQ.txt -> TrackingCookie.Statcounter : Cleaned. C:\Users\Aiti\AppData\Roaming\Microsoft\Windows\Cookies\Low\aiti@CAMEWYLR.txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Users\Aiti\AppData\Roaming\Microsoft\Windows\Cookies\aiti@CA1BZ8MQ.txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Users\Aiti\AppData\Roaming\Microsoft\Windows\Cookies\aiti@CACRPA8J.txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Users\Aiti\AppData\Roaming\Microsoft\Windows\Cookies\aiti@CAO5ATKI.txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CA2KMNB8.txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CAC0APWV.txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CA8WXF13.txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CA5V4PWJ.txt -> TrackingCookie.Tacoda : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CAHUB6IT.txt -> TrackingCookie.Tacoda : Cleaned. C:\Users\Aiti\AppData\Roaming\Microsoft\Windows\Cookies\Low\aiti@CABBYDYC.txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CARVJ2AA.txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CAXJL9T9.txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Users\Aiti\AppData\Roaming\Microsoft\Windows\Cookies\Low\aiti@CAMA9KES.txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CA3E316I.txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CA0DV82V.txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CA6B89I5.txt -> TrackingCookie.Weborama : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@yadro[1].txt -> TrackingCookie.Yadro : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CA9AB05M.txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CADWHWSL.txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CAJF15UU.txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\ezka@CAEPQJGU.txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Users\Ezka\AppData\Roaming\Microsoft\Windows\Cookies\Low\ezka@CAYDZNDB.txt -> TrackingCookie.Zedo : Cleaned. ::Report end
Lataa Tästä Ccleaner CCleaner v2.05.555- Standard Build, ÄLÄ aseenna Yahoo toolbaria! laita asetukset näin: Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot. aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:11:33, on 30.3.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe E:\Program Files\Sonera Tietoturva\Common\FSM32.EXE C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\conime.exe E:\Program Files\Sonera Tietoturva\FSGUI\fsguidll.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe E:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [recinfo919] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [F-Secure Manager] "E:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "E:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [soneraVista] wscript.exe "C:\Program Files\Sonera\InternetAvustaja\agentui\snapins\vista\vistaupdate.js" sonera O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - E:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - E:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe -- End of file - 7488 bytes
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä: combofix.exe combofix.exe 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Tässä tulee.,..,., ComboFix 08-03-30.2 - Ezka 2008-03-30 20:11:27.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1968 [GMT 3:00] Running from: C:\Users\Ezka\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-28 to 2008-03-30 ))))))))))))))))) . 2008-03-29 20:47 . 2008-03-29 20:47 <KANSIO> d-------- C:\Windows\Java 2008-03-29 20:47 . 2008-03-29 20:47 <KANSIO> d-------- C:\Program Files\PC Wizard 2008 2008-03-29 20:47 . 2007-09-15 16:11 27,136 --a------ C:\Windows\System32\PCWizard.cpl 2008-03-28 21:16 . 2008-03-28 21:16 <KANSIO> d-------- C:\Users\Ezka\AppData\Roaming\Grisoft 2008-03-28 21:15 . 2007-05-30 15:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys 2008-03-28 21:06 . 2008-03-28 21:06 <KANSIO> d-------- C:\Program Files\Common Files\Java 2008-03-26 16:46 . 2008-03-26 16:47 <KANSIO> d-------- C:\Program Files\Safari 2008-03-26 16:39 . 2008-03-26 16:53 <KANSIO> d-------- C:\Users\Ezka\AppData\Roaming\Apple Computer 2008-03-26 16:39 . 2008-03-26 16:39 <KANSIO> d-------- C:\Program Files\iPod 2008-03-26 16:38 . 2008-03-26 16:38 <KANSIO> d-------- C:\Users\All Users\Apple Computer 2008-03-26 16:38 . 2008-03-26 16:38 <KANSIO> d-------- C:\ProgramData\Apple Computer 2008-03-26 16:38 . 2008-03-26 16:38 <KANSIO> d-------- C:\Program Files\QuickTime 2008-03-26 16:38 . 2008-03-26 16:39 <KANSIO> d-------- C:\Program Files\iTunes 2008-03-26 16:36 . 2008-03-26 16:36 <KANSIO> d-------- C:\Program Files\Common Files\Apple 2008-03-25 16:37 . 2008-03-25 16:42 <KANSIO> d-------- C:\Program Files\RivaTuner v2.08 2008-03-24 20:39 . 2008-03-05 16:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll 2008-03-24 20:39 . 2008-03-05 16:56 1,420,824 --a------ C:\Windows\System32\D3DCompiler_37.dll 2008-03-24 20:39 . 2008-03-05 17:03 479,752 --a------ C:\Windows\System32\XAudio2_0.dll 2008-03-24 20:39 . 2008-02-06 00:07 462,864 --a------ C:\Windows\System32\d3dx10_37.dll 2008-03-24 20:39 . 2008-03-05 17:03 238,088 --a------ C:\Windows\System32\xactengine3_0.dll 2008-03-24 20:39 . 2008-03-05 17:00 25,608 --a------ C:\Windows\System32\X3DAudio1_3.dll 2008-03-24 18:37 . 2008-03-24 18:37 <KANSIO> d-------- C:\Program Files\Lavalys 2008-03-23 17:08 . 2008-03-23 17:08 <KANSIO> d-------- C:\Users\Aiti\AppData\Roaming\vlc 2008-03-23 14:03 . 2008-03-23 14:03 <KANSIO> d-------- C:\Users\Aiti\AppData\Roaming\DivX 2008-03-21 20:26 . 2008-03-21 20:27 1,000,245,832 --a------ C:\Users\Ezka\conflictdeniedopsdemo.exe 2008-03-21 18:16 . 2008-03-21 18:16 307,968 --a------ C:\Windows\System32\TuneUpDefragService.exe 2008-03-21 18:16 . 2008-02-27 14:15 28,416 --a------ C:\Windows\System32\uxtuneup.dll 2008-03-21 18:16 . 2008-02-27 14:15 16,640 --a------ C:\Windows\System32\authuitu.dll 2008-03-21 18:15 . 2008-03-21 18:15 <KANSIO> d-------- C:\Users\Ezka\AppData\Roaming\TuneUp Software 2008-03-21 18:15 . 2008-03-21 18:15 <KANSIO> d-------- C:\Users\All Users\TuneUp Software 2008-03-21 18:15 . 2008-03-21 18:15 <KANSIO> d-------- C:\ProgramData\TuneUp Software 2008-03-21 18:14 . 2008-03-21 18:15 <KANSIO> d-------- C:\Program Files\TuneUp Utilities 2008 2008-03-18 16:25 . 2008-03-18 16:25 <KANSIO> d-------- C:\Users\Ezka\AppData\Roaming\vlc 2008-03-18 16:18 . 2008-03-18 16:18 <KANSIO> d-------- C:\Program Files\VideoLAN 2008-03-15 22:16 . 2008-03-15 22:16 378,602,720 --a------ C:\Users\Ezka\Crysis_Patch_1_2.exe 2008-03-15 17:22 . 2008-03-18 20:18 <KANSIO> d-------- C:\Users\Ezka\VIDEOTDE 2008-03-15 15:43 . 2008-03-15 15:44 <KANSIO> d-------- C:\Users\Ezka\AppData\Roaming\DivX 2008-03-15 15:42 . 2008-03-15 15:42 <KANSIO> d-------- C:\Program Files\Common Files\PX Storage Engine 2008-03-14 22:31 . 2008-03-04 12:02 442,368 --a------ C:\Windows\System32\NVUNINST.EXE 2008-03-12 17:27 . 2008-03-12 17:27 <KANSIO> d-------- C:\Program Files\Microsoft Silverlight 2008-03-12 16:56 . 2007-12-17 01:52 1,061,944 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-03-12 16:56 . 2007-12-16 12:50 41,984 --a------ C:\Windows\System32\drivers\monitor.sys 2008-03-09 17:32 . 2008-03-09 17:32 60,171,472 --a------ C:\Users\Ezka\169.25_forceware_winvista_32bit_international_whql.exe 2008-03-09 17:28 . 2008-03-09 17:28 <KANSIO> d-------- C:\Users\All Users\Media Center Programs 2008-03-09 17:28 . 2008-03-09 17:28 <KANSIO> d-------- C:\ProgramData\Media Center Programs 2008-03-09 12:20 . 2008-03-14 22:36 <KANSIO> d-------- C:\Windows\nvidia icons 2008-03-09 12:15 . 2008-03-09 12:15 60,554,696 --a------ C:\Users\Ezka\169.44_forceware_winvista_32bit_international_beta.exe 2008-03-08 22:38 . 2007-06-29 15:47 34,304 --a------ C:\Windows\System32\drivers\AmdLLD.sys 2008-03-08 22:37 . 2008-03-08 22:37 <KANSIO> d-------- C:\Program Files\AMD 2008-03-08 18:43 . 2008-03-08 18:43 <KANSIO> d-------- C:\Windows\System32\URTTEMP 2008-03-08 18:32 . 2008-03-09 17:29 669,184 --a------ C:\Windows\System32\pbsvc.exe 2008-03-08 18:32 . 2008-03-09 17:29 22,328 --a------ C:\Users\Ezka\AppData\Roaming\PnkBstrK.sys 2008-03-07 17:33 . 2008-03-09 17:29 103,736 --a------ C:\Windows\System32\PnkBstrB.exe 2008-03-07 17:33 . 2008-03-07 17:33 66,872 --a------ C:\Windows\System32\PnkBstrA.exe 2008-03-07 17:33 . 2008-03-09 17:29 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys 2008-03-06 20:01 . 2008-03-06 20:05 <KANSIO> d-------- C:\Users\All Users\Lavasoft 2008-03-06 20:01 . 2008-03-06 20:05 <KANSIO> d-------- C:\ProgramData\Lavasoft 2008-03-06 20:01 . 2008-03-06 20:01 <KANSIO> d-------- C:\Program Files\Lavasoft 2008-03-06 19:57 . 2008-03-06 20:57 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-03-06 19:57 . 2008-03-06 20:57 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-03-06 19:57 . 2008-03-06 19:58 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-05 17:31 . 2008-03-08 18:06 <KANSIO> d-------- C:\Users\All Users\Microsoft Games 2008-03-05 17:31 . 2008-03-08 18:06 <KANSIO> d-------- C:\ProgramData\Microsoft Games 2008-03-05 17:26 . 2008-03-08 18:06 <KANSIO> d-------- C:\Users\Ezka\AppData\Roaming\Microsoft Game Studios 2008-03-04 19:16 . 2008-03-04 19:15 4,358,144 --a------ C:\Windows\uncsetup.exe 2008-03-04 19:16 . 2008-03-04 19:16 53,248 --a------ C:\Windows\System32\unrar.dll 2008-03-03 15:55 . 2008-03-30 17:58 12 --a------ C:\Windows\bthservsdp.dat 2008-03-02 21:38 . 2008-03-02 21:38 <KANSIO> d-------- C:\Users\Ezka\AppData\Roaming\InstallShield 2008-03-02 18:50 . 2008-03-02 18:50 268 --ah----- C:\sqmdata00.sqm 2008-03-02 18:50 . 2008-03-02 18:50 244 --ah----- C:\sqmnoopt00.sqm 2008-03-02 18:28 . 2008-03-02 18:29 <KANSIO> d-------- C:\Program Files\PeerGuardian2 2008-03-02 12:58 . 2008-03-02 12:58 <KANSIO> d-------- C:\Program Files\Common Files\Thraex Software 2008-03-01 21:33 . 2008-03-01 21:33 1,568,889 --a------ C:\Users\Ezka\P-660HW-D1_3.40(AGL.4)C0.zip 2008-03-01 17:47 . 2008-03-01 17:49 <KANSIO> d--hs---- C:\Users\Ezka\Phone Browser 2008-03-01 11:51 . 2008-03-01 11:51 651,896 --a------ C:\Users\Ezka\Metacafe4Windows.exe 2008-02-22 16:16 . 2008-02-22 16:16 <KANSIO> d-------- C:\Program Files\America's Army Server Manager 2008-02-21 05:05 . 2008-02-21 05:05 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll 2008-02-21 05:05 . 2008-02-21 05:05 1,044,480 --a------ C:\Windows\System32\libdivx.dll 2008-02-21 05:05 . 2008-02-21 05:05 524,288 --a------ C:\Windows\System32\DivXsm.exe 2008-02-21 05:05 . 2008-02-21 05:05 200,704 --a------ C:\Windows\System32\ssldivx.dll 2008-02-21 05:05 . 2008-02-21 05:05 4,816 --a------ C:\Windows\System32\divxsm.tlb 2008-02-21 05:03 . 2008-02-21 05:03 630,784 --a------ C:\Windows\System32\divxdec.ax 2008-02-21 05:03 . 2008-02-21 05:03 156,992 --a------ C:\Windows\System32\DivXCodecVersionChecker.exe 2008-02-21 05:03 . 2008-02-21 05:03 12,288 --a------ C:\Windows\System32\DivXWMPExtType.dll 2008-02-20 08:36 . 2008-02-21 21:00 <KANSIO> d-------- C:\Users\Ezka\SmartMovie converted files 2008-02-19 09:03 . 2008-02-19 09:09 <KANSIO> d-------- C:\Users\Ezka\AppData\Roaming\Azureus 2008-02-19 09:03 . 2008-02-19 09:03 <KANSIO> d-------- C:\Users\All Users\Azureus 2008-02-19 09:03 . 2008-02-19 09:03 <KANSIO> d-------- C:\ProgramData\Azureus 2008-02-18 20:26 . 2008-02-18 21:01 <KANSIO> d-------- C:\Downloads 2008-02-18 18:57 . 2004-05-17 09:15 17,536 --a------ C:\Windows\System32\drivers\PCASp50.sys 2008-02-16 14:47 . 2008-02-16 14:47 <KANSIO> d-------- C:\Program Files\Common Files\SupportSoft 2008-02-16 14:46 . 2008-02-18 15:45 <KANSIO> d-------- C:\Program Files\Sonera 2008-02-16 13:00 . 2008-02-16 13:00 <KANSIO> d-------- C:\Program Files\eRightSoft 2008-02-15 19:54 . 2008-01-10 08:42 1,244,672 --a------ C:\Windows\System32\mcmde.dll 2008-02-14 16:41 . 2008-03-08 18:06 <KANSIO> d-------- C:\Users\All Users\Google 2008-02-14 16:41 . 2008-03-08 21:31 <KANSIO> d-------- C:\Program Files\Google 2008-02-13 18:00 . 2008-02-13 18:00 196,096 --a------ C:\Windows\System32\WebClnt.dll 2008-02-13 18:00 . 2008-02-13 18:00 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys 2008-02-13 18:00 . 2008-02-13 18:00 48,640 --a------ C:\Windows\System32\davclnt.dll 2008-02-13 17:55 . 2008-02-13 17:55 806,400 --a------ C:\Windows\System32\drivers\tcpip.sys . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-29 17:28 --------- d-----w C:\Users\Ezka\AppData\Roaming\uTorrent 2008-03-28 18:07 --------- d-----w C:\Program Files\Java 2008-03-26 14:53 --------- d-----w C:\Users\Ezka\AppData\Roaming\IGN_DLM 2008-03-23 14:08 --------- d-----w C:\Users\Aiti\AppData\Roaming\vlc 2008-03-22 08:47 418,480 ----a-w C:\Windows\System32\wrap_oal.dll 2008-03-22 08:47 115,432 ----a-w C:\Windows\System32\OpenAL32.dll 2008-03-21 15:57 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-21 15:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-21 09:38 --------- d---a-w C:\ProgramData\TEMP 2008-03-19 14:26 --------- d-----w C:\Users\Ezka\AppData\Roaming\MP3Rocket 2008-03-18 13:25 --------- d-----w C:\Users\Ezka\AppData\Roaming\vlc 2008-03-17 12:10 60,064 ----a-w C:\Windows\system32\drivers\fsdfw.sys 2008-03-15 12:42 --------- d-----w C:\Program Files\DivX 2008-03-14 19:39 --------- d-----w C:\ProgramData\NVIDIA 2008-03-12 14:20 --------- d-----w C:\Program Files\Windows Mail 2008-03-12 14:09 --------- d-----w C:\ProgramData\Microsoft Help 2008-03-09 11:50 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-08 15:09 --------- d-----w C:\Users\Ezka\AppData\Roaming\InstallShield Installation Information 2008-03-08 15:06 --------- d-----w C:\Program Files\Microsoft Games 2008-03-08 15:06 --------- d-----w C:\Program Files\iolo 2008-03-06 18:00 --------- d-----w C:\Program Files\FreeRIP3 2008-03-05 15:52 --------- d-----w C:\ProgramData\iolo 2008-03-02 16:02 --------- d-----w C:\Program Files\Common Files\Steam 2008-03-02 15:32 --------- d-----w C:\Users\Ezka\AppData\Roaming\LimeWire 2008-03-02 15:23 --------- d-----w C:\Program Files\Windows Live 2008-03-02 15:20 --------- d-----w C:\ProgramData\WLInstaller 2008-02-29 19:22 --------- d-----w C:\Program Files\LimeWire 2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll 2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx07.dll 2008-02-21 02:04 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-02-21 02:04 802,816 ----a-w C:\Windows\System32\divx_xx11.dll 2008-02-21 02:04 682,496 ----a-w C:\Windows\System32\DivX.dll 2008-02-21 02:04 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll 2008-02-21 02:04 57,344 ----a-w C:\Windows\System32\dpv11.dll 2008-02-21 02:04 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll 2008-02-21 02:04 344,064 ----a-w C:\Windows\System32\dpus11.dll 2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu11.dll 2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu10.dll 2008-02-21 02:04 196,608 ----a-w C:\Windows\System32\dtu100.dll 2008-02-17 15:55 --------- d-----w C:\Users\Ezka\AppData\Roaming\iolo 2008-02-13 14:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-13 14:54 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-13 14:54 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-13 14:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-13 14:52 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-13 14:52 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-13 14:52 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-13 14:52 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-12 14:57 --------- d-----w C:\Users\Ezka\AppData\Roaming\Media Center Programs 2008-02-08 13:56 --------- d-----w C:\Users\Ezka\AppData\Roaming\Nokia 2008-02-07 15:32 --------- d-----w C:\Program Files\Common Files\Nokia 2008-02-07 15:31 --------- d-----w C:\ProgramData\Installations 2008-02-05 15:18 32,768 ----a-w C:\Windows\System32\iolobtdfg.exe 2008-02-05 15:18 24,064 ----a-w C:\Windows\System32\smrgdf.exe 2008-01-31 15:31 --------- d-----w C:\Users\Ezka\AppData\Roaming\Media Player Classic 2008-01-30 17:30 --------- d-----w C:\Program Files\Video Converter 2008-01-30 17:25 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-01-29 14:25 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-01-28 17:04 --------- d-----w C:\Program Files\Mopokorttikoulu 2008-01-28 16:37 74,703 ----a-w C:\Windows\System32\mfc45.dll 2008-01-09 13:16 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2007-12-22 05:58 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2007-12-22 05:58 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2007-12-22 05:58 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2007-12-22 05:55 3,505,848 ----a-w C:\Windows\System32\ntkrnlpa.exe 2007-12-22 05:55 3,472,056 ----a-w C:\Windows\System32\ntoskrnl.exe 2007-12-22 05:19 53,080 ----a-w C:\Windows\System32\wuauclt.exe 2007-12-22 05:19 43,352 ----a-w C:\Windows\System32\wups2.dll 2007-12-22 05:19 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll 2007-12-22 05:19 1,524,224 ----a-w C:\Windows\System32\wucltux.dll 2007-12-22 05:18 80,896 ----a-w C:\Windows\System32\wudriver.dll 2007-12-22 05:18 549,720 ----a-w C:\Windows\System32\wuapi.dll 2007-12-22 05:18 33,624 ----a-w C:\Windows\System32\wups.dll 2007-12-22 05:18 31,232 ----a-w C:\Windows\System32\wuapp.exe 2007-12-22 05:18 163,000 ----a-w C:\Windows\System32\wuwebv.dll 2007-12-20 12:53 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll 2007-12-19 17:14 0 ----a-w C:\Users\Ezka\AppData\Roaming\wklnhst.dat 2007-12-14 09:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe 2007-12-11 15:06 795,104 ----a-w C:\Windows\System32\dpinst.exe 2007-01-01 08:23 174 --sha-w C:\Program Files\desktop.ini . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:35 125440] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 12:53 4702208 C:\Windows\RtHDVCpl.exe] "recinfo919"="c:\RecInfo\RecInfo.exe" [2007-10-23 15:52 2764800] "F-Secure Manager"="E:\Program Files\Sonera Tietoturva\Common\FSM32.exe" [2007-04-26 20:12 183208] "F-Secure TNB"="E:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil.exe" [2007-04-26 20:10 740208] "soneraVista"="wscript.exe" [2006-11-02 12:46 135168 C:\Windows\System32\wscript.exe] "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 12:06 77824] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-03-04 12:02 92704] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-03-04 12:02 8530464] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-03-04 12:02 88608] "MSConfig"="C:\Windows\system32\msconfig.exe" [2007-11-03 17:21 222208] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] --a------ 2007-03-06 00:57 1103480 E:\Program Files\Download Manager\DLM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Startup] --a------ 2008-02-11 18:35 302448 C:\Program Files\iolo\Common\Lib\ioloLManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-02-26 21:46 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2007-12-10 11:12 695808 E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2007-11-03 16:03 1006264 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-332621374-1900857233-3605568749-1000] "EnableNotificationsRef"=dword:00000004 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{86CDBB66-BC8B-451D-8E6E-F474F38AC052}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{D80FDAEC-251F-49B2-9463-2F58DC92E289}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{A87687EC-A822-4CDD-8566-9B7A26094B8E}"= UDP:\PELIT\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo "{D3F461DD-698A-4314-B755-6EDFDD6A6C33}"= TCP:\PELIT\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo "{9FF213A0-2DD8-416D-814E-C0FAC2F79613}"= UDP:\PELIT\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{AD8AEA3C-D981-451D-9E24-325121AEBA6F}"= TCP:\PELIT\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{13FCD21A-1B21-41F8-A8FA-76B0681A292C}"= UDP:\PELIT\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{0723B84C-B28A-4CC0-BB9E-40A98A444EDB}"= TCP:\PELIT\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{AF3B243B-EF96-480A-B1A4-4182DB600B56}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{E908A133-3CD0-4208-83E0-2870E074CFAB}"= UDP:\PELIT\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{FD98D057-7F81-43AB-BC89-8530754A1D1F}"= TCP:\PELIT\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{25762E4E-0AC8-411D-AC8C-A1133CEFE5E4}"= UDP:\PELIT\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo "{C1778E0E-664C-4AE3-8FA2-E44F9ED122DB}"= TCP:\PELIT\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo "{DF0E2772-7757-4A7E-BD30-205388824C1B}"= UDP:C:\Users\Ezka\Program Files\uTorrent\uTorrent.exe:µTorrent "{2C6BDEF8-5844-4279-9F24-851FAB7B0C2F}"= TCP:C:\Users\Ezka\Program Files\uTorrent\uTorrent.exe:µTorrent "{F2192CF2-C239-4D9C-886F-A1D634885803}"= UDP:16969:BitComet 16969 TCP "{F60C91D4-9C45-448C-90A3-19B67C21C3ED}"= TCP:16969:BitComet 16969 UDP "{78D3F9A3-AADE-4473-9E53-D680C3C8AE0F}"= UDP:9336:BitComet 9336 TCP "{CE0AC8A1-0751-4703-8AF8-D6455D6F078E}"= TCP:9336:BitComet 9336 UDP "TCP Query User{CBC9B237-E44B-42CA-B490-191ED9FCC79E}D:\\pelit\\america's army\\system\\armyops.exe"= UDP:\pelit\america's army\system\armyops.exe:ArmyOps "UDP Query User{593DABF5-31F3-486D-8C5C-E0431D7ED99E}D:\\pelit\\america's army\\system\\armyops.exe"= TCP:\pelit\america's army\system\armyops.exe:ArmyOps "TCP Query User{E9DE1D66-CA30-433B-B06E-1F6CA6AA169F}C:\\users\\ezka\\desktop\\utorrent.exe"= UDP:C:\users\ezka\desktop\utorrent.exe:utorrent.exe "UDP Query User{4A8D2846-9545-4A26-8765-D52DD2E7DFA6}C:\\users\\ezka\\desktop\\utorrent.exe"= TCP:C:\users\ezka\desktop\utorrent.exe:utorrent.exe "TCP Query User{8AB0AEEC-F8B4-4F70-B421-DCEDF0C26E7A}D:\\pelit\\steam\\steamapps\\etzka333\\half-life 2 deathmatch\\hl2.exe"= UDP:\pelit\steam\steamapps\etzka333\half-life 2 deathmatch\hl2.exe:hl2 "UDP Query User{3F71303D-C49F-4C95-9AED-43BB73C6707E}D:\\pelit\\steam\\steamapps\\etzka333\\half-life 2 deathmatch\\hl2.exe"= TCP:\pelit\steam\steamapps\etzka333\half-life 2 deathmatch\hl2.exe:hl2 "TCP Query User{84B04250-8A73-411B-B448-26C86D6A31A2}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java(TM) Platform SE binary "UDP Query User{106968E6-3F62-454C-8F4B-557A796ED2D8}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java(TM) Platform SE binary "{A292E65D-B0A8-4817-A656-9B772F390EA5}"= UDP:C:\Program Files\Messenger\Msmsgs.exe:Windows Messenger "{01A8ABD7-8EFB-43CC-9AB9-40513F8670CD}"= TCP:C:\Program Files\Messenger\Msmsgs.exe:Windows Messenger "{F55229CF-F5E8-4B83-9218-582F6369391B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{D280E26C-F92B-4800-A8FE-B97974516923}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA "{C38041B1-03C4-442B-BE6D-9997666F1D7E}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA "{CE884FC8-A62C-468D-9710-164880807A4B}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB "{74836543-086D-49E6-88B8-7B35AF37DE49}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB "{865AEDD1-7503-4801-9D71-A8BEC0447EDF}"= UDP:\PELIT\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{CEAB9948-E3A6-4103-8A57-AFFB9DC2AE1A}"= TCP:\PELIT\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{7E00EC66-82C5-4A61-BE92-034112BF7158}"= UDP:\PELIT\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{BC506A33-0C58-455E-92A5-DA2A4707832C}"= TCP:\PELIT\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{88ABBD47-A9EF-4832-A2E5-3DBC5E832319}"= UDP:\PELIT\Eidos\Conflict Denied Ops Demo\ConflictDeniedOps.exe:Conflict: Denied Ops Demo "{162A0C1B-36EE-4EC8-8BCC-6A9AF2EAF938}"= TCP:\PELIT\Eidos\Conflict Denied Ops Demo\ConflictDeniedOps.exe:Conflict: Denied Ops Demo "{31D4E799-D7CF-4024-A938-20064E9D6C0F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{CE9C6782-7771-4ECE-B2CA-20F488220B26}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 12:22] R1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 14:12] R1 F-Secure HIPS;F-Secure HIPS;E:\Program Files\Sonera Tietoturva\HIPS\fshs.sys [2008-02-13 17:30] R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-04-26 20:08] R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2008-03-17 15:10] R1 fsvista;F-Secure Vista Support Driver;E:\Program Files\Sonera Tietoturva\Anti-Virus\minifilter\fsvista.sys [2007-04-26 20:07] R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 21:52] R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 12:45] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;E:\Program Files\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys [2007-04-26 20:07] S3 ADM8511;USB To Fast Ethernet/ HomePNA Adapter;C:\Windows\system32\DRIVERS\NETUSB.SYS [2001-10-24 17:43] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2004-05-17 09:15] S4 F-Secure Filter;F-Secure File System Filter;E:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 20:08] S4 F-Secure Recognizer;F-Secure File System Recognizer;E:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys [2007-04-26 20:08] S4 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 01:11] S4 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 01:11] S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 18:37] S4 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-02 13:20] S4 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-21 18:16] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - CATCHME . 'Ajoitetut tehtävät'-kansion sisältö "2008-03-30 17:04:21 C:\Windows\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe "2008-03-30 12:32:59 C:\Windows\Tasks\Scheduled scanning task.job" - E:\PROGRA~1\SONERA~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=E:\PROGRA~1\SONERA~1\ANTI-V~1\report.txt "2008-02-17 05:57:02 C:\Windows\Tasks\SmartDefrag.job" - C:\Program Files\IObit\IObit SmartDefrag\schedule.exe "2007-12-22 09:03:25 C:\Windows\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-30 20:15:04 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-30 20:15:48 ComboFix-quarantined-files.txt 2008-03-30 17:15:45 Pre-Run: 221,238,669,312 tavua vapaana Post-Run: 221,205,381,120 tavua vapaana . 2008-03-28 16:32:24 --- E O F ---
