HJT Logi?

Tämmönen logi, niin onko tässä mitään häikkää kun virusohjelma löysi jotain ja aika paljon, mutta en saanut poistettua. Kiitos.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:29, on 27.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214158449265
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9994 bytes

 

No joo ohan siellä

avast ja avg8 virustorjunnat toinen poistoon

katos että
COMODOssa ei oo tullut kylkiäisenä virustorjunta myös

==============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

 

Okei. Malware bytes ollu jo kaks tuntia skannaamassa et silläkö siitä sit selviää ku poistan malwarella saastuneet kohteet?

Niin sehän siinä on kun en oo saanu avg:tä poistettua, eikä se oo ollu käytössäkään. Comodossa ei oo virustentorjuntaa.

 

Paljon kamaa koneella. Niin aikaa kuluu.

 

Juu eli Anti malware ei löytänyt mitään saastuneita koneelta ja skannasin nyt uudestaan tämmösen login.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57:41, on 28.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214158449265
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10159 bytes

 

scannaa hjt:llä merkkaa paina Fix checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

=============

Luo poistolista:
• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta ketjuusi

============

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

Älä asenna palautus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Tuossa ekana tuo HJT:n uninstall list ja perässä combofixin logi


2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Active Desktop Calendar 7.7
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.3 - Suomi
Adobe Shockwave Player 11
ALi USB2.0 Driver
AMIP (remove only)
AMIP for foobar2000 (remove only)
aMSN 0.97.2
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Astral Tournament 1.0.1
Atory Messenger Ad Blocker 3.0
avast! Antivirus
BitComet 1.09
Bonjour
BS.Player FREE
CCleaner (remove only)
CDBurnerXP
Championship Euchre Pro 4.78
Championship Hearts Pro 4.78
Championship Spades Pro 4.78
Choice Guard
Collab
Colorific
COMODO Firewall Pro
DAEMON Tools Toolbar
DC++ 0.706
Delayed Shutdown 2.0
DivX Converter
DivX Player
DivX Web Player
Driver Genius Professional Edition 2007
Driver Magician 3.27
DriverAgent by TouchStone Software
DriverMax 4
Drug Wars
DU Super Controler (remove only)
Duplicate Cleaner 1.2
EA Download Manager
EA.com Matchup
EA.com Update
EVEREST Ultimate Edition v5.00
FairStars Audio Converter 1.71
File Scavenger 3.2
FL Studio 7
Flock 1.2
foobar2000 v0.9.5.5
Funpok Video Poker
FuzzyLogic4
GameSpy Arcade
GetDataBack for FAT
GIMP 2.4.6
Grand Theft Auto IV
GTA San Andreas
HDD Unlock Wizard v4.2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Extended Capabilities 6.1
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP PSC & OfficeJet 6.1.A
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
IL Download Manager
InterVideo WinDVD 4
IrfanView (remove only)
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 11
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
KC Softwares SUMo
K-Lite Mega Codec Pack 4.1.7
Logitech Desktop Messenger
Malwarebytes' Anti-Malware
Mastery Series Texas Holdem
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Finnish Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - FIN
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FIN
Microsoft .NET Framework 3.0 Finnish Language Pack
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FIN
Microsoft .NET Framework 3.0:n suomen kielipaketti
Microsoft .NET Framework 3.5 Language Pack SP1 - fin
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1:n kielitukipaketti - FI
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (Finnish) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Finnish) 2007
Microsoft Office PowerPoint MUI (Finnish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Finnish) 2007
Microsoft Office Shared MUI (Finnish) 2007
Microsoft Office Word MUI (Finnish) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
mIRC
Miro
MobileMe Control Panel
Moo0 RightClicker 1.26
Mozilla Firefox (3.0.6)
Mozilla Thunderbird (2.0.0.18)
MpcStar 3.2
MSI Live Update 3
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB925673)
Nero 7 Essentials
neroxml
NHL 2002
NHL® 09
nLite 1.4.9.1
NOD32 FiX v2.1
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
NVIDIA Drivers
NVIDIA Windows 2000/XP Display Drivers
O&O Defrag Professional Edition
OpenOffice.org 2.4
Opera 9.63
PC Connectivity Solution
PC TWIN SHOCK
QuickTime
REALTEK GbE & FE Ethernet PCI NIC Driver
Rockstar Games Social Club
RunAlyzer
Safari
Saitek SD6 Programming Software 6.0.5.12
Samsung Master
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Segoe UI
SHOUTcast DNAS (remove only)
SiSoftware Sandra Lite XII.SP2c
Skype™ 3.8
SopCast 2.0.4
SoulSeek 157 NS 13c
Spybot - Search & Destroy
Spyware Doctor 6.0
Startup Delayer v2.3 (build 130)
Stellarium 0.10.0
SubDownloader
Suojauspäivitys Windows Internet Explorer 7:lle (KB938127-v2)
Suojauspäivitys Windows Internet Explorer 7:lle (KB950759)
Suojauspäivitys Windows Internet Explorer 7:lle (KB953838)
Suojauspäivitys Windows Internet Explorer 7:lle (KB956390)
Suojauspäivitys Windows Internet Explorer 7:lle (KB958215)
Suojauspäivitys Windows Internet Explorer 7:lle (KB960714)
Suojauspäivitys Windows Internet Explorer 7:lle (KB961260)
Suojauspäivitys Windows XP:lle (KB923789)
True Internet Color
Update for Office 2007 (KB946691)
VC 9.0 Runtime
Weather Watcher Live
VersionTracker Pro Windows
VIA Ohjelmistoalustan laitehallinta
VIA Rhine-Family Fast-Ethernet Adapter
ViewSonic Monitor Drivers
ViewSonic Windows 2K Signed Files
ViewSonic Windows XP Signed Files
Winamp
Windows Entertainment Pack: Volume One (PfP)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (FIN)
Windows Search 4.0
Windows Workflow Foundation FI Language Pack
Windowsin ohjainpaketti - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windowsin ohjainpaketti - Nokia Modem (02/15/2007 3.1)
Windowsin ohjainpaketti - Nokia Modem (05/22/2008 3.8)
Windowsin ohjainpaketti - Nokia Modem (10/27/2008 3.9)
Windowsin ohjainpaketti - Nokia Modem (10/27/2008 7.01.0.1)
Windowsin ohjainpaketti - Nokia pccsmcfd (08/22/2008 7.0.0.0)
WinPatrol 2008
Vio Video Converter 2.1
VLC media player 0.9.4
XML Paper Specification Shared Components Language Pack 1.0




ComboFix 09-02-28.01 - 2009-03-01 11:53:52.24 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.1023.603 [GMT 2:00]
Sijainti: c:\documents and settings\Markku\Työpöytä\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090228-0] *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
* Uusi palautuspiste luotu

VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-02-01 to 2009-03-01 )))))))))))))))))
.

2009-03-01 11:48 . 2009-03-01 11:51 <KANSIO> d-------- C:\32788R22FWJFW
2009-02-28 02:33 . 2009-02-28 02:33 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-02-27 23:13 . 2009-02-27 23:12 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-27 23:02 . 2009-02-27 23:02 <KANSIO> d-------- c:\program files\Trend Micro
2009-02-27 09:25 . 2009-02-27 09:25 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-27 09:25 . 2009-02-27 09:25 1,409 --a------ c:\windows\QTFont.for
2009-02-26 23:50 . 2009-02-26 23:51 <KANSIO> d-------- c:\documents and settings\Markku\amsn
2009-02-26 23:45 . 2009-02-26 23:45 <KANSIO> d-------- c:\program files\aMSN
2009-02-26 11:32 . 2009-01-09 21:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-22 11:04 . 2009-02-22 11:04 <KANSIO> d-------- c:\program files\VIA Technologies, INC
2009-02-22 11:03 . 2009-02-22 11:03 <KANSIO> d-------- c:\windows\system32\ALIEHCI
2009-02-22 11:03 . 2003-06-24 11:47 104,088 --------- c:\windows\system32\drivers\ALiEHCI.SYS
2009-02-22 11:03 . 2001-11-13 21:24 35,587 --------- c:\windows\system32\rmusb20.EXE
2009-02-22 11:03 . 2003-01-11 17:20 28,672 --------- c:\windows\system32\Unusb20.exe
2009-02-22 11:03 . 2003-06-24 11:54 17,835 --------- c:\windows\system32\drivers\ALiHUB.SYS
2009-02-22 11:03 . 2003-06-24 11:53 8,668 --------- c:\windows\system32\drivers\ALiGP.SYS
2009-02-22 11:03 . 2003-06-24 11:55 5,337 --------- c:\windows\system32\drivers\ALiRTHUB.SYS
2009-02-22 11:03 . 2003-06-24 13:35 635 --a------ c:\windows\system32\setup.iss
2009-02-19 20:56 . 2009-02-19 20:56 <KANSIO> d-------- c:\program files\NOS
2009-02-19 20:56 . 2009-02-19 20:56 <KANSIO> d-------- c:\program files\MuutaKoko
2009-02-19 20:56 . 2009-02-19 20:56 <KANSIO> d-------- c:\program files\Aijaa
2009-02-12 16:03 . 2009-02-12 16:03 <KANSIO> d-------- c:\program files\Alwil Software
2009-02-11 12:53 . 2009-02-11 12:53 <KANSIO> d-------- c:\documents and settings\Markku\Application Data\XemiComputers
2009-02-11 12:52 . 2009-02-11 12:52 <KANSIO> d-------- c:\program files\XemiComputers
2009-02-10 15:52 . 2009-02-28 11:26 <KANSIO> d-------- c:\program files\HNselain
2009-02-10 15:51 . 2009-02-19 20:57 <KANSIO> d-------- c:\program files\HNIlmoittaja
2009-02-09 15:05 . 2009-02-09 15:05 476 --a------ c:\windows\eReg.dat
2009-02-09 15:04 . 2009-02-19 20:56 <KANSIO> d-------- c:\program files\EACOM
2009-02-07 13:20 . 2009-02-07 13:20 67 --a------ C:\ioVIO.ini
2009-02-07 13:20 . 2009-02-07 13:20 65 --a------ C:\ioVIO1.ini
2009-02-06 19:03 . 2009-02-06 19:03 307,576 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 22:59 --------- d-----w c:\program files\BitComet
2009-02-28 00:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-27 21:12 --------- d-----w c:\program files\Java
2009-02-27 20:54 --------- d-----w c:\documents and settings\All Users\Application Data\comodo
2009-02-27 20:50 --------- d-----w c:\program files\DU Super Controler
2009-02-27 20:50 --------- d-----w c:\documents and settings\Markku\Application Data\foobar2000
2009-02-27 19:36 24,336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-02-27 19:29 155,384 ----a-w c:\windows\system32\guard32.dll
2009-02-27 19:29 110,992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-02-27 19:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-26 18:21 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-26 11:05 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 22:55 --------- d-----w c:\program files\Windows Live
2009-02-23 20:33 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-19 18:57 --------- d-----w c:\program files\Google
2009-02-19 18:54 --------- d-----w c:\program files\InterVideo
2009-02-12 13:55 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-11 08:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 08:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-10 18:09 --------- d-----w c:\documents and settings\All Users\Application Data\Soulseek
2009-02-09 21:26 --------- d-----w c:\documents and settings\Markku\Application Data\Skype
2009-02-09 18:25 --------- d-----w c:\documents and settings\Markku\Application Data\skypePM
2009-02-09 13:03 --------- d-----w c:\program files\EA Sports
2009-01-30 12:30 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-01-30 11:35 --------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts
2009-01-28 12:21 --------- d-----w c:\documents and settings\Markku\Application Data\InterVideo
2009-01-28 10:37 --------- d-----w c:\documents and settings\All Users\Application Data\qjwvkrid
2009-01-24 18:40 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-24 18:40 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-01-24 18:35 --------- d-----w c:\program files\Nokia
2009-01-24 18:35 --------- d-----w c:\program files\Common Files\PCSuite
2009-01-24 18:35 --------- d-----w c:\program files\Common Files\Nokia
2009-01-24 18:34 --------- d-----w c:\program files\PC Connectivity Solution
2009-01-24 18:32 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-01-24 18:25 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-24 18:25 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-01-23 19:01 --------- d-----w c:\program files\Yahoo!
2009-01-23 11:49 --------- d-----w c:\program files\RegTool
2009-01-22 20:44 --------- d-----w c:\program files\Windows Live Safety Center
2009-01-22 14:56 --------- d-----w c:\program files\Samsung
2009-01-18 18:40 --------- d-----w c:\program files\Common Files\Canon
2009-01-17 16:28 --------- d-----w c:\program files\CCleaner
2009-01-09 12:53 --------- d-----w c:\program files\Driver-Soft
2009-01-08 21:09 --------- d-----w c:\program files\Microsoft
2009-01-08 21:06 --------- d-----w c:\program files\Microsoft Sync Framework
2009-01-08 21:02 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-07 09:47 --------- d-----w c:\documents and settings\Markku\Application Data\VersionTracker Pro
2009-01-07 09:46 --------- d-----w c:\program files\TechTracker
2009-01-06 19:53 --------- d-----w c:\documents and settings\Markku\Application Data\Stellarium
2009-01-06 19:46 --------- d-----w c:\program files\Stellarium
2009-01-06 13:41 --------- d-----w c:\program files\VIA
2009-01-06 13:35 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-01-06 13:35 --------- d-----w c:\program files\DIFX
2009-01-06 13:29 --------- d-----w c:\program files\Driver Magician
2009-01-06 13:23 1,700,352 ----a-w c:\windows\system32\gdiplus.dll
2009-01-06 13:15 --------- d-----w c:\program files\Uusi kansio
2009-01-06 11:26 --------- d-----w c:\program files\MSBuild
2009-01-06 11:24 --------- d-----w c:\program files\Reference Assemblies
2009-01-06 11:22 --------- d-----w c:\program files\Rockstar Games
2009-01-06 11:15 --------- d--h--r c:\documents and settings\Markku\Application Data\SecuROM
2009-01-06 10:49 --------- d-----w c:\program files\Windows Media Components
2009-01-06 10:17 --------- d-----w c:\documents and settings\Markku\Application Data\RegTool
2009-01-04 16:43 --------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2009-01-04 16:42 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-01-04 16:00 --------- d-----w c:\program files\Innovative Solutions
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-02 08:13 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-10-24 10:43 157 ----a-w c:\program files\oiu.txt
2008-10-24 10:43 0 ----a-w c:\program files\Uusi Tekstitiedosto.txt
2008-07-03 14:01 135,680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-08-09 06:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008072120080728\index.dat
2008-08-09 06:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008080920080810\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-02-26_11.48.20.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-26 18:30:24 145,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\9546c5ce7c6920bfb0971ee0080ff777\WindowsLive.Client.ni.dll
+ 2009-02-26 18:30:18 152,064 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\00ad735ab245a8f45be00ba9dccc9443\WindowsLive.Writer.HtmlParser.ni.dll
+ 2009-02-26 18:30:19 108,544 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\05db615058b5e19e632385efbf3e2237\WindowsLive.Writer.Passport.ni.dll
+ 2009-02-26 18:30:21 1,105,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0a051f69ee730e16214b2657f6853dc1\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2009-02-26 18:30:12 6,392,832 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\13ec1ddc801643374544a27a41b5803e\WindowsLive.Writer.PostEditor.ni.dll
+ 2009-02-26 18:30:19 428,032 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1e25e6dbae70b2a0dba46e74e773acee\WindowsLive.Writer.Localization.ni.dll
+ 2009-02-26 18:30:23 99,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4a5ba9683bf7be94c307bd076fa568bf\WindowsLive.Writer.Api.ni.dll
+ 2009-02-26 18:30:14 843,776 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\51ff7ea9cefa9385a9597ef269236b8c\WindowsLive.Writer.Controls.ni.dll
+ 2009-02-26 18:30:27 119,296 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\55e6f7f927f7e25d68cba5cba5202ed0\WindowsLive.Writer.FileDestinations.ni.dll
+ 2009-02-26 18:30:16 2,002,432 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\63c1f01ba87e31518027469b30556590\WindowsLive.Writer.CoreServices.ni.dll
+ 2009-02-26 18:30:17 174,080 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6b30f4f0e887c26cac499a5ce4ee45d8\WindowsLive.Writer.BrowserControl.ni.dll
+ 2009-02-26 18:30:25 594,944 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\752deb2586f4ce372db2581728b3fd9d\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2009-02-26 18:30:18 334,848 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a58837d52e2eef58317a903e9b0de96d\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2009-02-26 18:30:17 319,488 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aa0d656d49e99b02f7614f4d96d8f54c\WindowsLive.Writer.Interop.ni.dll
+ 2009-02-26 18:30:27 117,760 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aa1c0fb73aba618f70e59d58a734e315\WindowsLive.Writer.Instrumentation.ni.dll
+ 2009-02-26 18:30:22 118,784 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ab125d3a580223b5c104e30afb48dee8\WindowsLive.Writer.Extensibility.ni.dll
+ 2009-02-26 18:30:26 322,048 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ba458626154b268633d17b380951dc05\WindowsLive.Writer.SpellChecker.ni.dll
+ 2009-02-26 18:30:20 258,048 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c23a281e806a14bf48225461e9504e3e\WindowsLive.Writer.Mshtml.ni.dll
+ 2009-02-26 18:30:24 851,968 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d88240dcc329907b1f7c6be038d67ccd\WindowsLive.Writer.BlogClient.ni.dll
+ 2009-02-26 18:30:28 627,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\f9ac52e76b942f38edaea1540cdce7ad\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2009-02-26 18:30:06 47,616 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\5700a35086393fff09a46fd10d2e39b5\WindowsLiveWriter.ni.exe
+ 2008-06-17 19:02:16 8,465,408 -c----w c:\windows\system32\dllcache\shell32.dll
- 2008-11-19 12:03:09 79,504 ----a-w c:\windows\system32\drivers\inspect.sys
+ 2009-02-27 19:36:42 80,400 ----a-w c:\windows\system32\drivers\inspect.sys
- 2008-06-09 22:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2009-02-27 21:12:57 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-09 22:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2009-02-27 21:12:57 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-09 23:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2009-02-27 21:12:57 148,888 ----a-w c:\windows\system32\javaws.exe
- 2009-02-26 09:35:05 72,182 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-27 20:59:20 72,182 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-26 09:35:05 95,876 ----a-w c:\windows\system32\perfc00B.dat
+ 2009-02-27 20:59:20 95,876 ----a-w c:\windows\system32\perfc00B.dat
- 2009-02-26 09:35:05 442,916 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-27 20:59:20 442,916 ----a-w c:\windows\system32\perfh009.dat
- 2009-02-26 09:35:05 438,646 ----a-w c:\windows\system32\perfh00B.dat
+ 2009-02-27 20:59:20 438,646 ----a-w c:\windows\system32\perfh00B.dat
- 2008-04-14 16:11:45 8,465,408 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:16 8,465,408 ----a-w c:\windows\system32\shell32.dll
- 2008-07-09 07:39:49 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:19:02 17,272 ------w c:\windows\system32\spmsg.dll
+ 2009-03-01 09:30:55 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_1bc.dat
+ 2009-03-01 09:31:04 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_220.dat
+ 2009-03-01 09:31:14 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_90.dat
.
-- Snapshot nollattu tähän hetkeen --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" [2007-12-14 44032]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2009-02-27 1851128]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 171008]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.tscc"= c:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^VersionTrackerPro.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\VersionTrackerPro.lnk
backup=c:\windows\pss\VersionTrackerPro.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Markku^Käynnistä-valikko^Ohjelmat^Käynnistys^NHL® 09 Registration.lnk]
path=c:\documents and settings\Markku\Käynnistä-valikko\Ohjelmat\Käynnistys\NHL® 09 Registration.lnk
backup=c:\windows\pss\NHL® 09 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 12:57 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-01-22 10:13 152872 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2009-01-20 08:37 2523960 c:\program files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 18:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 14:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
--a------ 2008-04-30 18:30 498176 c:\program files\MSI\Live Update 3\LMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 18:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-11-10 15:07 1253376 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1205760 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
--a------ 2009-01-06 14:56 306088 c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
--a------ 2007-06-04 11:40 131072 c:\program files\Saitek\SD6\Software\SaiMfd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
--------- 2008-09-19 05:59 333120 c:\program files\BillP Studios\WinPatrol\WinPatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2008-04-14 09:12 110592 c:\windows\system32\bthprops.cpl

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Markku\\Työpöytä\\Pelejä\\PC_Pro.Evolution.Soccer.2009-.direct.play.-ToeD\\KONAMI\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22987:TCP"= 22987:TCP:BitComet 22987 TCP
"22987:UDP"= 22987:UDP:BitComet 22987 UDP
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:EnabledHCP Discovery Service
"18193:TCP"= 18193:TCP:BitComet 18193 TCP(ED2K)
"18193:UDP"= 18193:UDP:BitComet 18193 UDP(ED2K)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-12 114768]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-10-07 110992]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-10-07 24336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-12 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-08 55136]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-08-22 98488]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 HomeQOS;HomeQOS Miniport;c:\windows\system32\drivers\homeqos.sys [2004-02-23 36096]
R3 SaiHF518;SaiHF518;c:\windows\system32\drivers\SaiHF518.sys [2008-12-05 135048]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-30 33752]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-10-27 356920]
S3 viafilter;VIA USB Filter;c:\windows\system32\drivers\viausb1.sys [2009-01-06 9728]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setup.exe
.
'Ajoitetut tehtävät'-kansion sisältö

2009-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-28 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool\RegTool.exe []

2009-02-28 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool [2009-01-23 13:49]
.
.
------- Täydentävä tarkistus -------
.
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Markku\Application Data\Mozilla\Firefox\Profiles\g4761fcq.default\
FF - component: c:\documents and settings\Markku\Application Data\Mozilla\Firefox\Profiles\g4761fcq.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\progra~1\Opera\program\plugins\np_gp.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npdsplay.dll
FF - plugin: c:\progra~1\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\progra~1\Opera\program\plugins\NPQNXWrap.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npsnpy.dll
FF - plugin: c:\progra~1\Opera\program\plugins\NPSWF32.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\NPQNXWrap.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\npsnpy.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 11:56:09
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_USERS\S-1-5-21-343818398-842925246-682003330-1005\Software\SecuROM\License information*]
"datasecu"=hex:fe,0e,1b,78,29,72,f2,2e,40,77,3d,b4,9c,81,59,cb,a9,9f,e8,34,47,
5c,60,9e,af,56,84,07,29,a8,c6,33,26,84,7a,74,05,63,4d,ad,c9,a3,54,a9,2a,97,\
"rkeysecu"=hex:88,71,3d,f2,7c,0f,2d,02,e7,38,b6,9d,b4,3a,bd,a3

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ëcÓw*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="89A8EBAAC6DFA83A8D5F97F9448FE3EA179CB6D5A67D664BD1A2BBD963F93B4EABBA8A0C3E33E0546506969DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A9C6AECB7A5D1407BA7FD869164D6794C2E9AA8F5249232AA2E1680E1FAE2A26D6394DE83A850FFDEB239F063560CF9DDFD63E606CC0A98787CCC38415E52E8F4A9C871C23AEA7B1AA5E6B08F30549F49BA3F18851DA3D5CABFE34FBC5BE6FE9FB1695233572B52E8ACDD40352A1C871C87CE6C962187FE18633A74D4397EBD4A6914E10D8B2B91CAB2FC1E132B8E6678D8EB00891BAC73563297E75B896D6D8DB7F01190D92600B04430EB30510F18B638D55C9E74A9FD461A50D9562A199DD7DD56F97657B90EC5B510A2CD2B2EAFA97B0533C829146A5F0EF1D7213664EAF440BD009079C6118CE2376A0366D8735CBB0192E11A02DF05CD26C75AED4C4033C1E4D90ABE521474F848C0CDFD4301E764E0C14D7C87C633B1F2B2A2EA000EAC48D8373A28BCE9721C7F48F11BB847B624A0206AF238D8B7EA8FDC39F42B86111DF851B4E881F0EDD4350EAA2BED4FA2AEC49C00489EE60E7C4FE14247659C3A91D5A9624987B8E71503208003B262942FE2222561C64B88ED13A17713C03D36B517A972EBDFD641DCC9FEEA753B3FB7051BEAE393DE2CF5C2E31E6D0D786B7048DD4F28B3D7A3EF51A15D0AC6D68C9CCB5C710D69495C811BD59C61ED2EE767766CB23EF1FF32E641E0100B7B3694E4602598F698CDA26BFE71B1BCC7774FE1FF4B4C69EB023AB2442C7F1821488271E11041FC155C5514E19D2EA60D709A32555599E7284F30FC873BEC3DCBFD15AEA42CAD046E09C9578BF536571C5CE978AA87891DBEE071834243133AAAE024E957826DE6DE7D9244CD0DF5A30DB1DF4A293C3A95B883269A0CA5FA3619A8A4EDC990224C2642C912CC2333F5CF401BA15BD619308AFFB0899DF791B0F80118951903F9EE716F555CF1278AC4AB0B849DD556B218B05226002612B45D024EE94D9CC3275117FCCCC413E525F6474B7E44C89EFC9A3EC15408CD08A70DA0A31E4AF3FA0EE8668FCB760CA553928E7A539049070A6241179D844342A10F37D9AD6E05F487623DB04BA5FBF893D26F6DED1FD21E275F25EA84004958B3C770D202A4E28D81DD928155FC3286D9503D273210579329889872C73FB81A52D55896A82AE18F5952C6115106914F08F7A6DA47BB959BB15767FC7CEB38964C21009D8E58BB1B8B8345E201F0016799A57816B9B8F06D2965C016E150244A581BFE77B41C2FB2C039DBB85BE09C7E0CCFB0A739D4DC8BAE87108C9EC93CB3D0E8E4118E28602519228D5C4895C44F25F5DC61C040FECAF7EFE5634E1E93CF1353D7A29FEDB501A2C"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(1128)
c:\windows\system32\guard32.dll
.
Valmistumisajankohta: 2009-03-01 11:58:26
ComboFix-quarantined-files.txt 2009-03-01 09:58:10
ComboFix2.txt 2009-02-26 09:50:29
ComboFix3.txt 2008-07-22 17:49:55
ComboFix4.txt 2008-07-21 06:26:56
ComboFix5.txt 2009-03-01 09:52:08

Ennen ajoa: 5 895 872 512 tavua vapaana
Ajon jälkeen: 5,886,947,328 tavua vapaana

Current=2 Default=2 Failed=1 LastKnownGood=6 Sets=1,2,4,5,6
384 --- E O F --- 2009-02-26 10:12:52

 

Tuossa ekana tuo HJT:n uninstall list ja perässä combofixin logi


2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Active Desktop Calendar 7.7
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.3 - Suomi
Adobe Shockwave Player 11
ALi USB2.0 Driver
AMIP (remove only)
AMIP for foobar2000 (remove only)
aMSN 0.97.2
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Astral Tournament 1.0.1
Atory Messenger Ad Blocker 3.0
avast! Antivirus
BitComet 1.09
Bonjour
BS.Player FREE
CCleaner (remove only)
CDBurnerXP
Championship Euchre Pro 4.78
Championship Hearts Pro 4.78
Championship Spades Pro 4.78
Choice Guard
Collab
Colorific
COMODO Firewall Pro
DAEMON Tools Toolbar
DC++ 0.706
Delayed Shutdown 2.0
DivX Converter
DivX Player
DivX Web Player
Driver Genius Professional Edition 2007
Driver Magician 3.27
DriverAgent by TouchStone Software
DriverMax 4
Drug Wars
DU Super Controler (remove only)
Duplicate Cleaner 1.2
EA Download Manager
EA.com Matchup
EA.com Update
EVEREST Ultimate Edition v5.00
FairStars Audio Converter 1.71
File Scavenger 3.2
FL Studio 7
Flock 1.2
foobar2000 v0.9.5.5
Funpok Video Poker
FuzzyLogic4
GameSpy Arcade
GetDataBack for FAT
GIMP 2.4.6
Grand Theft Auto IV
GTA San Andreas
HDD Unlock Wizard v4.2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Extended Capabilities 6.1
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP PSC & OfficeJet 6.1.A
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
IL Download Manager
InterVideo WinDVD 4
IrfanView (remove only)
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 11
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
KC Softwares SUMo
K-Lite Mega Codec Pack 4.1.7
Logitech Desktop Messenger
Malwarebytes' Anti-Malware
Mastery Series Texas Holdem
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Finnish Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - FIN
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FIN
Microsoft .NET Framework 3.0 Finnish Language Pack
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FIN
Microsoft .NET Framework 3.0:n suomen kielipaketti
Microsoft .NET Framework 3.5 Language Pack SP1 - fin
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1:n kielitukipaketti - FI
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (Finnish) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Finnish) 2007
Microsoft Office PowerPoint MUI (Finnish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Finnish) 2007
Microsoft Office Shared MUI (Finnish) 2007
Microsoft Office Word MUI (Finnish) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
mIRC
Miro
MobileMe Control Panel
Moo0 RightClicker 1.26
Mozilla Firefox (3.0.6)
Mozilla Thunderbird (2.0.0.18)
MpcStar 3.2
MSI Live Update 3
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB925673)
Nero 7 Essentials
neroxml
NHL 2002
NHL® 09
nLite 1.4.9.1
NOD32 FiX v2.1
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
NVIDIA Drivers
NVIDIA Windows 2000/XP Display Drivers
O&O Defrag Professional Edition
OpenOffice.org 2.4
Opera 9.63
PC Connectivity Solution
PC TWIN SHOCK
QuickTime
REALTEK GbE & FE Ethernet PCI NIC Driver
Rockstar Games Social Club
RunAlyzer
Safari
Saitek SD6 Programming Software 6.0.5.12
Samsung Master
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Segoe UI
SHOUTcast DNAS (remove only)
SiSoftware Sandra Lite XII.SP2c
Skype™ 3.8
SopCast 2.0.4
SoulSeek 157 NS 13c
Spybot - Search & Destroy
Spyware Doctor 6.0
Startup Delayer v2.3 (build 130)
Stellarium 0.10.0
SubDownloader
Suojauspäivitys Windows Internet Explorer 7:lle (KB938127-v2)
Suojauspäivitys Windows Internet Explorer 7:lle (KB950759)
Suojauspäivitys Windows Internet Explorer 7:lle (KB953838)
Suojauspäivitys Windows Internet Explorer 7:lle (KB956390)
Suojauspäivitys Windows Internet Explorer 7:lle (KB958215)
Suojauspäivitys Windows Internet Explorer 7:lle (KB960714)
Suojauspäivitys Windows Internet Explorer 7:lle (KB961260)
Suojauspäivitys Windows XP:lle (KB923789)
True Internet Color
Update for Office 2007 (KB946691)
VC 9.0 Runtime
Weather Watcher Live
VersionTracker Pro Windows
VIA Ohjelmistoalustan laitehallinta
VIA Rhine-Family Fast-Ethernet Adapter
ViewSonic Monitor Drivers
ViewSonic Windows 2K Signed Files
ViewSonic Windows XP Signed Files
Winamp
Windows Entertainment Pack: Volume One (PfP)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (FIN)
Windows Search 4.0
Windows Workflow Foundation FI Language Pack
Windowsin ohjainpaketti - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windowsin ohjainpaketti - Nokia Modem (02/15/2007 3.1)
Windowsin ohjainpaketti - Nokia Modem (05/22/2008 3.8)
Windowsin ohjainpaketti - Nokia Modem (10/27/2008 3.9)
Windowsin ohjainpaketti - Nokia Modem (10/27/2008 7.01.0.1)
Windowsin ohjainpaketti - Nokia pccsmcfd (08/22/2008 7.0.0.0)
WinPatrol 2008
Vio Video Converter 2.1
VLC media player 0.9.4
XML Paper Specification Shared Components Language Pack 1.0




ComboFix 09-02-28.01 - 2009-03-01 11:53:52.24 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.1023.603 [GMT 2:00]
Sijainti: c:\documents and settings\Markku\Työpöytä\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090228-0] *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
* Uusi palautuspiste luotu

VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-02-01 to 2009-03-01 )))))))))))))))))
.

2009-03-01 11:48 . 2009-03-01 11:51 <KANSIO> d-------- C:\32788R22FWJFW
2009-02-28 02:33 . 2009-02-28 02:33 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-02-27 23:13 . 2009-02-27 23:12 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-27 23:02 . 2009-02-27 23:02 <KANSIO> d-------- c:\program files\Trend Micro
2009-02-27 09:25 . 2009-02-27 09:25 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-27 09:25 . 2009-02-27 09:25 1,409 --a------ c:\windows\QTFont.for
2009-02-26 23:50 . 2009-02-26 23:51 <KANSIO> d-------- c:\documents and settings\Markku\amsn
2009-02-26 23:45 . 2009-02-26 23:45 <KANSIO> d-------- c:\program files\aMSN
2009-02-26 11:32 . 2009-01-09 21:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-22 11:04 . 2009-02-22 11:04 <KANSIO> d-------- c:\program files\VIA Technologies, INC
2009-02-22 11:03 . 2009-02-22 11:03 <KANSIO> d-------- c:\windows\system32\ALIEHCI
2009-02-22 11:03 . 2003-06-24 11:47 104,088 --------- c:\windows\system32\drivers\ALiEHCI.SYS
2009-02-22 11:03 . 2001-11-13 21:24 35,587 --------- c:\windows\system32\rmusb20.EXE
2009-02-22 11:03 . 2003-01-11 17:20 28,672 --------- c:\windows\system32\Unusb20.exe
2009-02-22 11:03 . 2003-06-24 11:54 17,835 --------- c:\windows\system32\drivers\ALiHUB.SYS
2009-02-22 11:03 . 2003-06-24 11:53 8,668 --------- c:\windows\system32\drivers\ALiGP.SYS
2009-02-22 11:03 . 2003-06-24 11:55 5,337 --------- c:\windows\system32\drivers\ALiRTHUB.SYS
2009-02-22 11:03 . 2003-06-24 13:35 635 --a------ c:\windows\system32\setup.iss
2009-02-19 20:56 . 2009-02-19 20:56 <KANSIO> d-------- c:\program files\NOS
2009-02-19 20:56 . 2009-02-19 20:56 <KANSIO> d-------- c:\program files\MuutaKoko
2009-02-19 20:56 . 2009-02-19 20:56 <KANSIO> d-------- c:\program files\Aijaa
2009-02-12 16:03 . 2009-02-12 16:03 <KANSIO> d-------- c:\program files\Alwil Software
2009-02-11 12:53 . 2009-02-11 12:53 <KANSIO> d-------- c:\documents and settings\Markku\Application Data\XemiComputers
2009-02-11 12:52 . 2009-02-11 12:52 <KANSIO> d-------- c:\program files\XemiComputers
2009-02-10 15:52 . 2009-02-28 11:26 <KANSIO> d-------- c:\program files\HNselain
2009-02-10 15:51 . 2009-02-19 20:57 <KANSIO> d-------- c:\program files\HNIlmoittaja
2009-02-09 15:05 . 2009-02-09 15:05 476 --a------ c:\windows\eReg.dat
2009-02-09 15:04 . 2009-02-19 20:56 <KANSIO> d-------- c:\program files\EACOM
2009-02-07 13:20 . 2009-02-07 13:20 67 --a------ C:\ioVIO.ini
2009-02-07 13:20 . 2009-02-07 13:20 65 --a------ C:\ioVIO1.ini
2009-02-06 19:03 . 2009-02-06 19:03 307,576 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 22:59 --------- d-----w c:\program files\BitComet
2009-02-28 00:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-27 21:12 --------- d-----w c:\program files\Java
2009-02-27 20:54 --------- d-----w c:\documents and settings\All Users\Application Data\comodo
2009-02-27 20:50 --------- d-----w c:\program files\DU Super Controler
2009-02-27 20:50 --------- d-----w c:\documents and settings\Markku\Application Data\foobar2000
2009-02-27 19:36 24,336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-02-27 19:29 155,384 ----a-w c:\windows\system32\guard32.dll
2009-02-27 19:29 110,992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-02-27 19:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-26 18:21 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-26 11:05 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 22:55 --------- d-----w c:\program files\Windows Live
2009-02-23 20:33 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-19 18:57 --------- d-----w c:\program files\Google
2009-02-19 18:54 --------- d-----w c:\program files\InterVideo
2009-02-12 13:55 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-11 08:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 08:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-10 18:09 --------- d-----w c:\documents and settings\All Users\Application Data\Soulseek
2009-02-09 21:26 --------- d-----w c:\documents and settings\Markku\Application Data\Skype
2009-02-09 18:25 --------- d-----w c:\documents and settings\Markku\Application Data\skypePM
2009-02-09 13:03 --------- d-----w c:\program files\EA Sports
2009-01-30 12:30 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-01-30 11:35 --------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts
2009-01-28 12:21 --------- d-----w c:\documents and settings\Markku\Application Data\InterVideo
2009-01-28 10:37 --------- d-----w c:\documents and settings\All Users\Application Data\qjwvkrid
2009-01-24 18:40 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-24 18:40 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-01-24 18:35 --------- d-----w c:\program files\Nokia
2009-01-24 18:35 --------- d-----w c:\program files\Common Files\PCSuite
2009-01-24 18:35 --------- d-----w c:\program files\Common Files\Nokia
2009-01-24 18:34 --------- d-----w c:\program files\PC Connectivity Solution
2009-01-24 18:32 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-01-24 18:25 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-24 18:25 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-01-23 19:01 --------- d-----w c:\program files\Yahoo!
2009-01-23 11:49 --------- d-----w c:\program files\RegTool
2009-01-22 20:44 --------- d-----w c:\program files\Windows Live Safety Center
2009-01-22 14:56 --------- d-----w c:\program files\Samsung
2009-01-18 18:40 --------- d-----w c:\program files\Common Files\Canon
2009-01-17 16:28 --------- d-----w c:\program files\CCleaner
2009-01-09 12:53 --------- d-----w c:\program files\Driver-Soft
2009-01-08 21:09 --------- d-----w c:\program files\Microsoft
2009-01-08 21:06 --------- d-----w c:\program files\Microsoft Sync Framework
2009-01-08 21:02 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-07 09:47 --------- d-----w c:\documents and settings\Markku\Application Data\VersionTracker Pro
2009-01-07 09:46 --------- d-----w c:\program files\TechTracker
2009-01-06 19:53 --------- d-----w c:\documents and settings\Markku\Application Data\Stellarium
2009-01-06 19:46 --------- d-----w c:\program files\Stellarium
2009-01-06 13:41 --------- d-----w c:\program files\VIA
2009-01-06 13:35 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-01-06 13:35 --------- d-----w c:\program files\DIFX
2009-01-06 13:29 --------- d-----w c:\program files\Driver Magician
2009-01-06 13:23 1,700,352 ----a-w c:\windows\system32\gdiplus.dll
2009-01-06 13:15 --------- d-----w c:\program files\Uusi kansio
2009-01-06 11:26 --------- d-----w c:\program files\MSBuild
2009-01-06 11:24 --------- d-----w c:\program files\Reference Assemblies
2009-01-06 11:22 --------- d-----w c:\program files\Rockstar Games
2009-01-06 11:15 --------- d--h--r c:\documents and settings\Markku\Application Data\SecuROM
2009-01-06 10:49 --------- d-----w c:\program files\Windows Media Components
2009-01-06 10:17 --------- d-----w c:\documents and settings\Markku\Application Data\RegTool
2009-01-04 16:43 --------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2009-01-04 16:42 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-01-04 16:00 --------- d-----w c:\program files\Innovative Solutions
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-02 08:13 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-10-24 10:43 157 ----a-w c:\program files\oiu.txt
2008-10-24 10:43 0 ----a-w c:\program files\Uusi Tekstitiedosto.txt
2008-07-03 14:01 135,680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-08-09 06:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008072120080728\index.dat
2008-08-09 06:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008080920080810\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-02-26_11.48.20.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-26 18:30:24 145,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\9546c5ce7c6920bfb0971ee0080ff777\WindowsLive.Client.ni.dll
+ 2009-02-26 18:30:18 152,064 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\00ad735ab245a8f45be00ba9dccc9443\WindowsLive.Writer.HtmlParser.ni.dll
+ 2009-02-26 18:30:19 108,544 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\05db615058b5e19e632385efbf3e2237\WindowsLive.Writer.Passport.ni.dll
+ 2009-02-26 18:30:21 1,105,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0a051f69ee730e16214b2657f6853dc1\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2009-02-26 18:30:12 6,392,832 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\13ec1ddc801643374544a27a41b5803e\WindowsLive.Writer.PostEditor.ni.dll
+ 2009-02-26 18:30:19 428,032 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1e25e6dbae70b2a0dba46e74e773acee\WindowsLive.Writer.Localization.ni.dll
+ 2009-02-26 18:30:23 99,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4a5ba9683bf7be94c307bd076fa568bf\WindowsLive.Writer.Api.ni.dll
+ 2009-02-26 18:30:14 843,776 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\51ff7ea9cefa9385a9597ef269236b8c\WindowsLive.Writer.Controls.ni.dll
+ 2009-02-26 18:30:27 119,296 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\55e6f7f927f7e25d68cba5cba5202ed0\WindowsLive.Writer.FileDestinations.ni.dll
+ 2009-02-26 18:30:16 2,002,432 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\63c1f01ba87e31518027469b30556590\WindowsLive.Writer.CoreServices.ni.dll
+ 2009-02-26 18:30:17 174,080 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6b30f4f0e887c26cac499a5ce4ee45d8\WindowsLive.Writer.BrowserControl.ni.dll
+ 2009-02-26 18:30:25 594,944 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\752deb2586f4ce372db2581728b3fd9d\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2009-02-26 18:30:18 334,848 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a58837d52e2eef58317a903e9b0de96d\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2009-02-26 18:30:17 319,488 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aa0d656d49e99b02f7614f4d96d8f54c\WindowsLive.Writer.Interop.ni.dll
+ 2009-02-26 18:30:27 117,760 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aa1c0fb73aba618f70e59d58a734e315\WindowsLive.Writer.Instrumentation.ni.dll
+ 2009-02-26 18:30:22 118,784 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ab125d3a580223b5c104e30afb48dee8\WindowsLive.Writer.Extensibility.ni.dll
+ 2009-02-26 18:30:26 322,048 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ba458626154b268633d17b380951dc05\WindowsLive.Writer.SpellChecker.ni.dll
+ 2009-02-26 18:30:20 258,048 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c23a281e806a14bf48225461e9504e3e\WindowsLive.Writer.Mshtml.ni.dll
+ 2009-02-26 18:30:24 851,968 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d88240dcc329907b1f7c6be038d67ccd\WindowsLive.Writer.BlogClient.ni.dll
+ 2009-02-26 18:30:28 627,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\f9ac52e76b942f38edaea1540cdce7ad\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2009-02-26 18:30:06 47,616 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\5700a35086393fff09a46fd10d2e39b5\WindowsLiveWriter.ni.exe
+ 2008-06-17 19:02:16 8,465,408 -c----w c:\windows\system32\dllcache\shell32.dll
- 2008-11-19 12:03:09 79,504 ----a-w c:\windows\system32\drivers\inspect.sys
+ 2009-02-27 19:36:42 80,400 ----a-w c:\windows\system32\drivers\inspect.sys
- 2008-06-09 22:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2009-02-27 21:12:57 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-09 22:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2009-02-27 21:12:57 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-09 23:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2009-02-27 21:12:57 148,888 ----a-w c:\windows\system32\javaws.exe
- 2009-02-26 09:35:05 72,182 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-27 20:59:20 72,182 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-26 09:35:05 95,876 ----a-w c:\windows\system32\perfc00B.dat
+ 2009-02-27 20:59:20 95,876 ----a-w c:\windows\system32\perfc00B.dat
- 2009-02-26 09:35:05 442,916 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-27 20:59:20 442,916 ----a-w c:\windows\system32\perfh009.dat
- 2009-02-26 09:35:05 438,646 ----a-w c:\windows\system32\perfh00B.dat
+ 2009-02-27 20:59:20 438,646 ----a-w c:\windows\system32\perfh00B.dat
- 2008-04-14 16:11:45 8,465,408 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:16 8,465,408 ----a-w c:\windows\system32\shell32.dll
- 2008-07-09 07:39:49 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:19:02 17,272 ------w c:\windows\system32\spmsg.dll
+ 2009-03-01 09:30:55 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_1bc.dat
+ 2009-03-01 09:31:04 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_220.dat
+ 2009-03-01 09:31:14 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_90.dat
.
-- Snapshot nollattu tähän hetkeen --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" [2007-12-14 44032]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2009-02-27 1851128]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 171008]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.tscc"= c:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^VersionTrackerPro.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\VersionTrackerPro.lnk
backup=c:\windows\pss\VersionTrackerPro.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Markku^Käynnistä-valikko^Ohjelmat^Käynnistys^NHL® 09 Registration.lnk]
path=c:\documents and settings\Markku\Käynnistä-valikko\Ohjelmat\Käynnistys\NHL® 09 Registration.lnk
backup=c:\windows\pss\NHL® 09 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 12:57 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-01-22 10:13 152872 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2009-01-20 08:37 2523960 c:\program files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 18:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 14:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
--a------ 2008-04-30 18:30 498176 c:\program files\MSI\Live Update 3\LMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 18:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-11-10 15:07 1253376 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1205760 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
--a------ 2009-01-06 14:56 306088 c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
--a------ 2007-06-04 11:40 131072 c:\program files\Saitek\SD6\Software\SaiMfd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
--------- 2008-09-19 05:59 333120 c:\program files\BillP Studios\WinPatrol\WinPatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2008-04-14 09:12 110592 c:\windows\system32\bthprops.cpl

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Markku\\Työpöytä\\Pelejä\\PC_Pro.Evolution.Soccer.2009-.direct.play.-ToeD\\KONAMI\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22987:TCP"= 22987:TCP:BitComet 22987 TCP
"22987:UDP"= 22987:UDP:BitComet 22987 UDP
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:EnabledHCP Discovery Service
"18193:TCP"= 18193:TCP:BitComet 18193 TCP(ED2K)
"18193:UDP"= 18193:UDP:BitComet 18193 UDP(ED2K)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-12 114768]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-10-07 110992]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-10-07 24336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-12 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-08 55136]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-08-22 98488]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 HomeQOS;HomeQOS Miniport;c:\windows\system32\drivers\homeqos.sys [2004-02-23 36096]
R3 SaiHF518;SaiHF518;c:\windows\system32\drivers\SaiHF518.sys [2008-12-05 135048]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-30 33752]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-10-27 356920]
S3 viafilter;VIA USB Filter;c:\windows\system32\drivers\viausb1.sys [2009-01-06 9728]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setup.exe
.
'Ajoitetut tehtävät'-kansion sisältö

2009-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-28 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool\RegTool.exe []

2009-02-28 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool [2009-01-23 13:49]
.
.
------- Täydentävä tarkistus -------
.
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Markku\Application Data\Mozilla\Firefox\Profiles\g4761fcq.default\
FF - component: c:\documents and settings\Markku\Application Data\Mozilla\Firefox\Profiles\g4761fcq.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\progra~1\Opera\program\plugins\np_gp.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npdsplay.dll
FF - plugin: c:\progra~1\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\progra~1\Opera\program\plugins\NPQNXWrap.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npsnpy.dll
FF - plugin: c:\progra~1\Opera\program\plugins\NPSWF32.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\NPQNXWrap.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\npsnpy.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 11:56:09
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_USERS\S-1-5-21-343818398-842925246-682003330-1005\Software\SecuROM\License information*]
"datasecu"=hex:fe,0e,1b,78,29,72,f2,2e,40,77,3d,b4,9c,81,59,cb,a9,9f,e8,34,47,
5c,60,9e,af,56,84,07,29,a8,c6,33,26,84,7a,74,05,63,4d,ad,c9,a3,54,a9,2a,97,\
"rkeysecu"=hex:88,71,3d,f2,7c,0f,2d,02,e7,38,b6,9d,b4,3a,bd,a3

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ëcÓw*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="89A8EBAAC6DFA83A8D5F97F9448FE3EA179CB6D5A67D664BD1A2BBD963F93B4EABBA8A0C3E33E0546506969DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A9C6AECB7A5D1407BA7FD869164D6794C2E9AA8F5249232AA2E1680E1FAE2A26D6394DE83A850FFDEB239F063560CF9DDFD63E606CC0A98787CCC38415E52E8F4A9C871C23AEA7B1AA5E6B08F30549F49BA3F18851DA3D5CABFE34FBC5BE6FE9FB1695233572B52E8ACDD40352A1C871C87CE6C962187FE18633A74D4397EBD4A6914E10D8B2B91CAB2FC1E132B8E6678D8EB00891BAC73563297E75B896D6D8DB7F01190D92600B04430EB30510F18B638D55C9E74A9FD461A50D9562A199DD7DD56F97657B90EC5B510A2CD2B2EAFA97B0533C829146A5F0EF1D7213664EAF440BD009079C6118CE2376A0366D8735CBB0192E11A02DF05CD26C75AED4C4033C1E4D90ABE521474F848C0CDFD4301E764E0C14D7C87C633B1F2B2A2EA000EAC48D8373A28BCE9721C7F48F11BB847B624A0206AF238D8B7EA8FDC39F42B86111DF851B4E881F0EDD4350EAA2BED4FA2AEC49C00489EE60E7C4FE14247659C3A91D5A9624987B8E71503208003B262942FE2222561C64B88ED13A17713C03D36B517A972EBDFD641DCC9FEEA753B3FB7051BEAE393DE2CF5C2E31E6D0D786B7048DD4F28B3D7A3EF51A15D0AC6D68C9CCB5C710D69495C811BD59C61ED2EE767766CB23EF1FF32E641E0100B7B3694E4602598F698CDA26BFE71B1BCC7774FE1FF4B4C69EB023AB2442C7F1821488271E11041FC155C5514E19D2EA60D709A32555599E7284F30FC873BEC3DCBFD15AEA42CAD046E09C9578BF536571C5CE978AA87891DBEE071834243133AAAE024E957826DE6DE7D9244CD0DF5A30DB1DF4A293C3A95B883269A0CA5FA3619A8A4EDC990224C2642C912CC2333F5CF401BA15BD619308AFFB0899DF791B0F80118951903F9EE716F555CF1278AC4AB0B849DD556B218B05226002612B45D024EE94D9CC3275117FCCCC413E525F6474B7E44C89EFC9A3EC15408CD08A70DA0A31E4AF3FA0EE8668FCB760CA553928E7A539049070A6241179D844342A10F37D9AD6E05F487623DB04BA5FBF893D26F6DED1FD21E275F25EA84004958B3C770D202A4E28D81DD928155FC3286D9503D273210579329889872C73FB81A52D55896A82AE18F5952C6115106914F08F7A6DA47BB959BB15767FC7CEB38964C21009D8E58BB1B8B8345E201F0016799A57816B9B8F06D2965C016E150244A581BFE77B41C2FB2C039DBB85BE09C7E0CCFB0A739D4DC8BAE87108C9EC93CB3D0E8E4118E28602519228D5C4895C44F25F5DC61C040FECAF7EFE5634E1E93CF1353D7A29FEDB501A2C"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(1128)
c:\windows\system32\guard32.dll
.
Valmistumisajankohta: 2009-03-01 11:58:26
ComboFix-quarantined-files.txt 2009-03-01 09:58:10
ComboFix2.txt 2009-02-26 09:50:29
ComboFix3.txt 2008-07-22 17:49:55
ComboFix4.txt 2008-07-21 06:26:56
ComboFix5.txt 2009-03-01 09:52:08

Ennen ajoa: 5 895 872 512 tavua vapaana
Ajon jälkeen: 5,886,947,328 tavua vapaana

Current=2 Default=2 Failed=1 LastKnownGood=6 Sets=1,2,4,5,6
384 --- E O F --- 2009-02-26 10:12:52

 

Poista lisää poista sovelutuksesta

Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Logitech Desktop Messenger

==========

Kirjoita suorita luukkuun

ComboFix /u

Klikkaa ok

 

Okei. Tällasen login antaa nyt HJT ja Combofix. Kiitti avusta.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:21, on 2.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214158449265
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 10298 bytes






ComboFix 09-02-28.01 - Markku 2009-03-02 1:59:42.25 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.1023.588 [GMT 2:00]
Sijainti: c:\documents and settings\Markku\Työpöytä\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090228-0] *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*

VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-02-01 to 2009-03-01 )))))))))))))))))
.

2009-03-01 23:25 . 2009-03-01 23:27 <KANSIO> d-------- c:\program files\NVIDIA Corporation
2009-03-01 23:04 . 2009-03-01 23:09 <KANSIO> d-------- c:\program files\SystemRequirementsLab
2009-03-01 23:04 . 2009-03-01 23:06 <KANSIO> d-------- c:\documents and settings\Markku\Application Data\SystemRequirementsLab
2009-03-01 22:58 . 2009-03-01 22:58 <KANSIO> d-------- c:\windows\system32\AGEIA
2009-03-01 22:58 . 2009-03-01 22:59 <KANSIO> d-------- c:\program files\AGEIA Technologies
2009-02-28 02:33 . 2009-02-28 02:33 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-02-27 23:13 . 2009-02-27 23:12 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-27 23:02 . 2009-02-27 23:02 <KANSIO> d-------- c:\program files\Trend Micro
2009-02-27 09:25 . 2009-03-01 18:17 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-27 09:25 . 2009-02-27 09:25 1,409 --a------ c:\windows\QTFont.for
2009-02-26 23:50 . 2009-02-26 23:51 <KANSIO> d-------- c:\documents and settings\Markku\amsn
2009-02-26 23:45 . 2009-02-26 23:45 <KANSIO> d-------- c:\program files\aMSN
2009-02-26 11:32 . 2009-01-09 21:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-22 11:04 . 2009-02-22 11:04 <KANSIO> d-------- c:\program files\VIA Technologies, INC
2009-02-22 11:03 . 2009-02-22 11:03 <KANSIO> d-------- c:\windows\system32\ALIEHCI
2009-02-22 11:03 . 2003-06-24 11:47 104,088 --------- c:\windows\system32\drivers\ALiEHCI.SYS
2009-02-22 11:03 . 2001-11-13 21:24 35,587 --------- c:\windows\system32\rmusb20.EXE
2009-02-22 11:03 . 2003-01-11 17:20 28,672 --------- c:\windows\system32\Unusb20.exe
2009-02-22 11:03 . 2003-06-24 11:54 17,835 --------- c:\windows\system32\drivers\ALiHUB.SYS
2009-02-22 11:03 . 2003-06-24 11:53 8,668 --------- c:\windows\system32\drivers\ALiGP.SYS
2009-02-22 11:03 . 2003-06-24 11:55 5,337 --------- c:\windows\system32\drivers\ALiRTHUB.SYS
2009-02-22 11:03 . 2003-06-24 13:35 635 --a------ c:\windows\system32\setup.iss
2009-02-19 20:56 . 2009-02-19 20:56 <KANSIO> d-------- c:\program files\NOS
2009-02-19 20:56 . 2009-02-19 20:56 <KANSIO> d-------- c:\program files\MuutaKoko
2009-02-19 20:56 . 2009-02-19 20:56 <KANSIO> d-------- c:\program files\Aijaa
2009-02-12 16:03 . 2009-02-12 16:03 <KANSIO> d-------- c:\program files\Alwil Software
2009-02-11 12:53 . 2009-02-11 12:53 <KANSIO> d-------- c:\documents and settings\Markku\Application Data\XemiComputers
2009-02-11 12:52 . 2009-02-11 12:52 <KANSIO> d-------- c:\program files\XemiComputers
2009-02-10 15:52 . 2009-02-28 11:26 <KANSIO> d-------- c:\program files\HNselain
2009-02-10 15:51 . 2009-02-19 20:57 <KANSIO> d-------- c:\program files\HNIlmoittaja
2009-02-09 15:05 . 2009-02-09 15:05 476 --a------ c:\windows\eReg.dat
2009-02-09 15:04 . 2009-02-19 20:56 <KANSIO> d-------- c:\program files\EACOM
2009-02-07 13:20 . 2009-02-07 13:20 67 --a------ C:\ioVIO.ini
2009-02-07 13:20 . 2009-02-07 13:20 65 --a------ C:\ioVIO1.ini
2009-02-06 19:03 . 2009-02-06 19:03 307,576 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 21:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-01 21:20 --------- d-----w c:\program files\BitComet
2009-03-01 20:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-01 14:05 --------- d-----w c:\program files\Java
2009-02-28 00:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-27 20:54 --------- d-----w c:\documents and settings\All Users\Application Data\comodo
2009-02-27 20:50 --------- d-----w c:\program files\DU Super Controler
2009-02-27 20:50 --------- d-----w c:\documents and settings\Markku\Application Data\foobar2000
2009-02-27 19:36 24,336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-02-27 19:29 155,384 ----a-w c:\windows\system32\guard32.dll
2009-02-27 19:29 110,992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-02-27 19:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-26 18:21 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-26 11:05 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 22:55 --------- d-----w c:\program files\Windows Live
2009-02-19 18:57 --------- d-----w c:\program files\Google
2009-02-19 18:54 --------- d-----w c:\program files\InterVideo
2009-02-12 13:55 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-11 08:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 08:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-10 18:09 --------- d-----w c:\documents and settings\All Users\Application Data\Soulseek
2009-02-09 21:26 --------- d-----w c:\documents and settings\Markku\Application Data\Skype
2009-02-09 18:25 --------- d-----w c:\documents and settings\Markku\Application Data\skypePM
2009-02-09 13:03 --------- d-----w c:\program files\EA Sports
2009-01-30 12:30 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-01-30 11:35 --------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts
2009-01-28 12:21 --------- d-----w c:\documents and settings\Markku\Application Data\InterVideo
2009-01-28 10:37 --------- d-----w c:\documents and settings\All Users\Application Data\qjwvkrid
2009-01-24 18:40 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-24 18:40 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-01-24 18:35 --------- d-----w c:\program files\Nokia
2009-01-24 18:35 --------- d-----w c:\program files\Common Files\PCSuite
2009-01-24 18:35 --------- d-----w c:\program files\Common Files\Nokia
2009-01-24 18:34 --------- d-----w c:\program files\PC Connectivity Solution
2009-01-24 18:32 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-01-24 18:25 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-24 18:25 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-01-23 19:01 --------- d-----w c:\program files\Yahoo!
2009-01-23 11:49 --------- d-----w c:\program files\RegTool
2009-01-22 20:44 --------- d-----w c:\program files\Windows Live Safety Center
2009-01-22 14:56 --------- d-----w c:\program files\Samsung
2009-01-18 18:40 --------- d-----w c:\program files\Common Files\Canon
2009-01-17 16:28 --------- d-----w c:\program files\CCleaner
2009-01-09 12:53 --------- d-----w c:\program files\Driver-Soft
2009-01-08 21:09 --------- d-----w c:\program files\Microsoft
2009-01-08 21:06 --------- d-----w c:\program files\Microsoft Sync Framework
2009-01-08 21:02 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-07 14:20 36,896 ----a-w c:\windows\nvflash.sys
2009-01-07 09:47 --------- d-----w c:\documents and settings\Markku\Application Data\VersionTracker Pro
2009-01-07 09:46 --------- d-----w c:\program files\TechTracker
2009-01-07 09:28 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-01-06 19:53 --------- d-----w c:\documents and settings\Markku\Application Data\Stellarium
2009-01-06 19:46 --------- d-----w c:\program files\Stellarium
2009-01-06 13:51 36,640 ----a-w c:\windows\nvoclock.sys
2009-01-06 13:47 430,080 ----a-w c:\windows\ntuneoem.dll
2009-01-06 13:41 --------- d-----w c:\program files\VIA
2009-01-06 13:35 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-01-06 13:35 --------- d-----w c:\program files\DIFX
2009-01-06 13:29 --------- d-----w c:\program files\Driver Magician
2009-01-06 13:23 1,700,352 ----a-w c:\windows\system32\gdiplus.dll
2009-01-06 13:15 --------- d-----w c:\program files\Uusi kansio
2009-01-06 11:26 --------- d-----w c:\program files\MSBuild
2009-01-06 11:24 --------- d-----w c:\program files\Reference Assemblies
2009-01-06 11:22 --------- d-----w c:\program files\Rockstar Games
2009-01-06 11:15 --------- d--h--r c:\documents and settings\Markku\Application Data\SecuROM
2009-01-06 10:49 --------- d-----w c:\program files\Windows Media Components
2009-01-06 10:17 --------- d-----w c:\documents and settings\Markku\Application Data\RegTool
2009-01-04 16:43 --------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2009-01-04 16:42 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-01-04 16:00 --------- d-----w c:\program files\Innovative Solutions
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-02 21:11 453,152 ----a-w c:\windows\system32\nvudisp.exe
2008-10-24 10:43 157 ----a-w c:\program files\oiu.txt
2008-10-24 10:43 0 ----a-w c:\program files\Uusi Tekstitiedosto.txt
2008-07-03 14:01 135,680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-08-09 06:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008072120080728\index.dat
2008-08-09 06:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008080920080810\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-03-01_11.56.39,00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-01 21:27:22 25,214 ----a-r c:\windows\Installer\{6F69C969-2942-4E7B-B594-75B37664B8BA}\ARPPRODUCTICON.exe
+ 2009-03-01 21:27:22 65,536 ----a-r c:\windows\Installer\{6F69C969-2942-4E7B-B594-75B37664B8BA}\NewShortcut1_04EEAF2A61AD45CDA04D1C7806FD164B.exe
+ 2009-03-01 21:27:22 65,536 ----a-r c:\windows\Installer\{6F69C969-2942-4E7B-B594-75B37664B8BA}\NewShortcut2_E672BE07733D4BEAB9E299A384DAADCA.exe
+ 2009-03-01 21:25:18 25,214 ----a-r c:\windows\Installer\{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}\ARPPRODUCTICON.exe
+ 2009-03-01 21:26:32 406,998 ----a-r c:\windows\Installer\{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}\ARPPRODUCTICON.exe
+ 2008-10-07 07:13:20 58,648 ----a-w c:\windows\system32\AgCPanelFrench.dll
+ 2008-10-07 07:13:20 58,648 ----a-w c:\windows\system32\AgCPanelGerman.dll
+ 2008-10-07 07:13:20 58,648 ----a-w c:\windows\system32\AgCPanelJapanese.dll
+ 2008-10-07 07:13:20 58,648 ----a-w c:\windows\system32\AgCPanelKorean.dll
+ 2008-10-07 07:13:20 58,648 ----a-w c:\windows\system32\AgCPanelPortugese.dll
+ 2008-10-07 07:13:20 58,648 ----a-w c:\windows\system32\AgCPanelSimplifiedChinese.dll
+ 2008-10-07 07:13:20 58,648 ----a-w c:\windows\system32\AgCPanelSpanish.dll
+ 2008-10-07 07:13:20 58,648 ----a-w c:\windows\system32\AgCPanelSwedish.dll
+ 2008-10-07 07:13:22 58,648 ----a-w c:\windows\system32\AgCPanelTraditionalChinese.dll
+ 2008-10-07 07:13:18 199,885 ----a-w c:\windows\system32\AGEIA\AG1011\app.bin
+ 2008-10-07 07:13:20 119,473 ----a-w c:\windows\system32\AGEIA\AG1011\diag.bin
+ 2008-10-07 07:13:20 214,629 ----a-w c:\windows\system32\AGEIA\AG1021\app.bin
+ 2008-10-07 07:13:20 116,977 ----a-w c:\windows\system32\AGEIA\AG1021\diag.bin
- 2003-07-28 13:19:00 1,341,339 -c--a-w c:\windows\system32\dllcache\nv4_mini.sys
+ 2006-10-22 10:22:00 3,994,624 -c--a-w c:\windows\system32\dllcache\nv4_mini.sys
- 2003-07-28 13:19:00 1,341,339 ----a-w c:\windows\system32\drivers\nv4_mini.sys
+ 2006-10-22 10:22:00 3,994,624 ----a-w c:\windows\system32\drivers\nv4_mini.sys
- 2003-07-28 13:19:00 286,806 ----a-w c:\windows\system32\keystone.exe
+ 2006-10-22 10:22:00 425,984 ----a-w c:\windows\system32\keystone.exe
- 2003-07-28 13:19:00 3,902,603 ----a-w c:\windows\system32\nv4_disp.dll
+ 2006-10-22 10:22:00 4,527,488 ----a-w c:\windows\system32\nv4_disp.dll
- 2003-07-28 13:19:00 4,841,472 ----a-w c:\windows\system32\nvcpl.dll
+ 2006-10-22 10:22:00 7,700,480 ----a-w c:\windows\system32\nvcpl.dll
- 2003-07-28 13:19:00 852,038 ----a-w c:\windows\system32\nview.dll
+ 2006-10-22 10:22:00 1,470,464 ----a-w c:\windows\system32\nview.dll
- 2003-07-28 13:19:00 323,584 ----a-w c:\windows\system32\nwiz.exe
+ 2006-10-22 10:22:00 1,622,016 ----a-w c:\windows\system32\nwiz.exe
- 2003-07-28 13:19:00 49,152 ----a-w c:\windows\system32\nvmctray.dll
+ 2006-10-22 10:22:00 86,016 ----a-w c:\windows\system32\nvmctray.dll
- 2003-07-28 13:19:00 3,850,240 ----a-w c:\windows\system32\nvoglnt.dll
+ 2006-10-22 10:22:00 5,644,288 ----a-w c:\windows\system32\nvoglnt.dll
+ 2006-10-22 10:22:00 323,584 ----a-w c:\windows\system32\nvrsar.dll
+ 2006-10-22 10:22:00 241,664 ----a-w c:\windows\system32\nvrscs.dll
+ 2006-10-22 10:22:00 245,760 ----a-w c:\windows\system32\nvrsda.dll
+ 2006-10-22 10:22:00 270,336 ----a-w c:\windows\system32\nvrsde.dll
+ 2006-10-22 10:22:00 274,432 ----a-w c:\windows\system32\nvrsel.dll
+ 2006-10-22 10:22:00 241,664 ----a-w c:\windows\system32\nvrseng.dll
+ 2006-10-22 10:22:00 274,432 ----a-w c:\windows\system32\nvrses.dll
+ 2006-10-22 10:22:00 266,240 ----a-w c:\windows\system32\nvrsesm.dll
+ 2006-10-22 10:22:00 241,664 ----a-w c:\windows\system32\nvrsfi.dll
+ 2006-10-22 10:22:00 278,528 ----a-w c:\windows\system32\nvrsfr.dll
+ 2006-10-22 10:22:00 323,584 ----a-w c:\windows\system32\nvrshe.dll
+ 2006-10-22 10:22:00 253,952 ----a-w c:\windows\system32\nvrshu.dll
+ 2006-10-22 10:22:00 274,432 ----a-w c:\windows\system32\nvrsit.dll
+ 2006-10-22 10:22:00 262,144 ----a-w c:\windows\system32\nvrsja.dll
+ 2006-10-22 10:22:00 258,048 ----a-w c:\windows\system32\nvrsko.dll
+ 2006-10-22 10:22:00 266,240 ----a-w c:\windows\system32\nvrsnl.dll
+ 2006-10-22 10:22:00 249,856 ----a-w c:\windows\system32\nvrsno.dll
+ 2006-10-22 10:22:00 249,856 ----a-w c:\windows\system32\nvrspl.dll
+ 2006-10-22 10:22:00 266,240 ----a-w c:\windows\system32\nvrspt.dll
+ 2006-10-22 10:22:00 262,144 ----a-w c:\windows\system32\nvrsptb.dll
+ 2006-10-22 10:22:00 262,144 ----a-w c:\windows\system32\nvrsru.dll
+ 2006-10-22 10:22:00 249,856 ----a-w c:\windows\system32\nvrssk.dll
+ 2006-10-22 10:22:00 249,856 ----a-w c:\windows\system32\nvrssl.dll
+ 2006-10-22 10:22:00 245,760 ----a-w c:\windows\system32\nvrssv.dll
+ 2006-10-22 10:22:00 249,856 ----a-w c:\windows\system32\nvrstr.dll
+ 2006-10-22 10:22:00 221,184 ----a-w c:\windows\system32\nvrszhc.dll
+ 2006-10-22 10:22:00 118,784 ----a-w c:\windows\system32\nvrszht.dll
- 2003-07-28 13:19:00 471,112 ----a-w c:\windows\system32\nvshell.dll
+ 2006-10-22 10:22:00 466,944 ----a-w c:\windows\system32\nvshell.dll
- 2003-07-28 13:19:00 77,824 ----a-w c:\windows\system32\nvsvc32.exe
+ 2006-10-22 10:22:00 159,810 ----a-w c:\windows\system32\nvsvc32.exe
- 2003-07-28 13:19:00 45,127 ----a-w c:\windows\system32\nvwddi.dll
+ 2006-10-22 10:22:00 81,920 ----a-w c:\windows\system32\nvwddi.dll
+ 2006-10-22 10:22:00 282,624 ----a-w c:\windows\system32\nvwrsar.dll
+ 2006-10-22 10:22:00 286,720 ----a-w c:\windows\system32\nvwrscs.dll
+ 2006-10-22 10:22:00 294,912 ----a-w c:\windows\system32\nvwrsda.dll
+ 2006-10-22 10:22:00 311,296 ----a-w c:\windows\system32\nvwrsde.dll
+ 2006-10-22 10:22:00 335,872 ----a-w c:\windows\system32\nvwrsel.dll
+ 2006-10-22 10:22:00 286,720 ----a-w c:\windows\system32\nvwrseng.dll
+ 2006-10-22 10:22:00 335,872 ----a-w c:\windows\system32\nvwrses.dll
+ 2006-10-22 10:22:00 327,680 ----a-w c:\windows\system32\nvwrsesm.dll
+ 2006-10-22 10:22:00 303,104 ----a-w c:\windows\system32\nvwrsfi.dll
+ 2006-10-22 10:22:00 327,680 ----a-w c:\windows\system32\nvwrsfr.dll
+ 2006-10-22 10:22:00 278,528 ----a-w c:\windows\system32\nvwrshe.dll
+ 2006-10-22 10:22:00 315,392 ----a-w c:\windows\system32\nvwrshu.dll
+ 2006-10-22 10:22:00 323,584 ----a-w c:\windows\system32\nvwrsit.dll
+ 2006-10-22 10:22:00 212,992 ----a-w c:\windows\system32\nvwrsja.dll
+ 2006-10-22 10:22:00 196,608 ----a-w c:\windows\system32\nvwrsko.dll
+ 2006-10-22 10:22:00 319,488 ----a-w c:\windows\system32\nvwrsnl.dll
+ 2006-10-22 10:22:00 299,008 ----a-w c:\windows\system32\nvwrsno.dll
+ 2006-10-22 10:22:00 294,912 ----a-w c:\windows\system32\nvwrspl.dll
+ 2006-10-22 10:22:00 323,584 ----a-w c:\windows\system32\nvwrspt.dll
+ 2006-10-22 10:22:00 319,488 ----a-w c:\windows\system32\nvwrsptb.dll
+ 2006-10-22 10:22:00 315,392 ----a-w c:\windows\system32\nvwrsru.dll
+ 2006-10-22 10:22:00 299,008 ----a-w c:\windows\system32\nvwrssk.dll
+ 2006-10-22 10:22:00 303,104 ----a-w c:\windows\system32\nvwrssl.dll
+ 2006-10-22 10:22:00 294,912 ----a-w c:\windows\system32\nvwrssv.dll
+ 2006-10-22 10:22:00 303,104 ----a-w c:\windows\system32\nvwrstr.dll
+ 2006-10-22 10:22:00 163,840 ----a-w c:\windows\system32\nvwrszhc.dll
+ 2006-10-22 10:22:00 167,936 ----a-w c:\windows\system32\nvwrszht.dll
+ 2008-10-07 07:13:26 288,024 ----a-w c:\windows\system32\PhysXCompatCplUI.exe
+ 2008-10-07 07:13:28 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
+ 2008-10-07 07:13:30 197,912 ----a-w c:\windows\system32\physxcudart_20.dll
+ 2008-10-07 07:13:28 23,320 ----a-w c:\windows\system32\PhysXDevice.dll
+ 2008-10-13 07:56:56 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
+ 2003-07-28 13:19:00 1,323,008 ----a-w c:\windows\system32\ReinstallBackups\0031\DriverFiles\dmcpl.exe
+ 2003-07-28 13:19:00 286,806 ----a-w c:\windows\system32\ReinstallBackups\0031\DriverFiles\keystone.exe
+ 2003-07-28 13:19:00 3,902,603 ----a-w c:\windows\system32\ReinstallBackups\0031\DriverFiles\nv4_disp.dll
+ 2003-07-28 13:19:00 1,341,339 ----a-w c:\windows\system32\ReinstallBackups\0031\DriverFiles\nv4_mini.sys
+ 2003-07-28 13:19:00 4,841,472 ----a-w c:\windows\system32\ReinstallBackups\0031\DriverFiles\nvcpl.dll
+ 2003-07-28 13:19:00 852,038 ----a-w c:\windows\system32\ReinstallBackups\0031\DriverFiles\nview.dll
+ 2003-07-28 13:19:00 512,000 ----a-w c:\windows\system32\ReinstallBackups\0031\DriverFiles\nviewimg.dll
+ 2003-07-28 13:19:00 126,976 ----a-w c:\windows\system32\ReinstallBackups\0031\DriverFiles\nvinstnt.dll
+ 2003-07-28 13:19:00 323,584 ----a-w c:\windows\system32\ReinstallBackups\0031\DriverFiles\nwiz.exe
+ 2003-07-28 13:19:00 49,152 ----a-w c:\windows\system32\ReinstallBackups\0031\DriverFiles\nvmctray.dll
+ 2003-07-28 13:19:00 3,850,240 ----a-w c:\windows\system32\ReinstallBackups\0031\DriverFiles\nvoglnt.dll
+ 2003-07-28 13:19:00 471,112 ----a-w c:\windows\system32\ReinstallBackups\0031\DriverFiles\nvshell.dll
+ 2003-07-28 13:19:00 77,824 ----a-w c:\windows\system32\ReinstallBackups\0031\DriverFiles\nvsvc32.exe
+ 2003-07-28 13:19:00 45,127 ----a-w c:\windows\system32\ReinstallBackups\0031\DriverFiles\nvwddi.dll
+ 2009-03-01 21:30:27 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_1b8.dat
+ 2009-03-01 21:30:37 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_380.dat
+ 2009-03-01 21:31:02 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_778.dat
+ 2009-03-01 21:30:43 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_914.dat
.
-- Snapshot nollattu tähän hetkeen --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" [2007-12-14 44032]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2009-02-27 1851128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-27 136600]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.tscc"= c:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^VersionTrackerPro.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\VersionTrackerPro.lnk
backup=c:\windows\pss\VersionTrackerPro.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Markku^Käynnistä-valikko^Ohjelmat^Käynnistys^NHL® 09 Registration.lnk]
path=c:\documents and settings\Markku\Käynnistä-valikko\Ohjelmat\Käynnistys\NHL® 09 Registration.lnk
backup=c:\windows\pss\NHL® 09 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 12:57 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-01-22 10:13 152872 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2009-01-20 08:37 2523960 c:\program files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 18:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 14:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
--a------ 2008-04-30 18:30 498176 c:\program files\MSI\Live Update 3\LMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 18:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-11-10 15:07 1253376 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1205760 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
--a------ 2009-01-06 14:56 306088 c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
--a------ 2007-06-04 11:40 131072 c:\program files\Saitek\SD6\Software\SaiMfd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
--------- 2008-09-19 05:59 333120 c:\program files\BillP Studios\WinPatrol\WinPatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2008-04-14 09:12 110592 c:\windows\system32\bthprops.cpl

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Markku\\Työpöytä\\Pelejä\\PC_Pro.Evolution.Soccer.2009-.direct.play.-ToeD\\KONAMI\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22987:TCP"= 22987:TCP:BitComet 22987 TCP
"22987:UDP"= 22987:UDP:BitComet 22987 UDP
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:EnabledHCP Discovery Service
"18193:TCP"= 18193:TCP:BitComet 18193 TCP(ED2K)
"18193:UDP"= 18193:UDP:BitComet 18193 UDP(ED2K)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-12 114768]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-10-07 110992]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-10-07 24336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-12 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-08 55136]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-08-22 98488]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 HomeQOS;HomeQOS Miniport;c:\windows\system32\drivers\homeqos.sys [2004-02-23 36096]
R3 SaiHF518;SaiHF518;c:\windows\system32\drivers\SaiHF518.sys [2008-12-05 135048]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-30 33752]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-10-27 356920]
S3 viafilter;VIA USB Filter;c:\windows\system32\drivers\viausb1.sys [2009-01-06 9728]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setup.exe
.
'Ajoitetut tehtävät'-kansion sisältö

2009-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-03-01 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool\RegTool.exe []

2009-03-01 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool [2009-01-23 13:49]
.
.
------- Täydentävä tarkistus -------
.
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Markku\Application Data\Mozilla\Firefox\Profiles\g4761fcq.default\
FF - component: c:\documents and settings\Markku\Application Data\Mozilla\Firefox\Profiles\g4761fcq.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\progra~1\Opera\program\plugins\np_gp.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npdsplay.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npjpi160_11.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npoji610.dll
FF - plugin: c:\progra~1\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\progra~1\Opera\program\plugins\NPQNXWrap.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npsnpy.dll
FF - plugin: c:\progra~1\Opera\program\plugins\NPSWF32.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npjpi160_11.dll
FF - plugin: c:\program files\Opera\program\plugins\npoji610.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\NPQNXWrap.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\npsnpy.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 02:03:51
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_USERS\S-1-5-21-343818398-842925246-682003330-1005\Software\SecuROM\License information*]
"datasecu"=hex:fe,0e,1b,78,29,72,f2,2e,40,77,3d,b4,9c,81,59,cb,a9,9f,e8,34,47,
5c,60,9e,af,56,84,07,29,a8,c6,33,26,84,7a,74,05,63,4d,ad,c9,a3,54,a9,2a,97,\
"rkeysecu"=hex:88,71,3d,f2,7c,0f,2d,02,e7,38,b6,9d,b4,3a,bd,a3

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ëcÓw*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="89A8EBAAC6DFA83A8D5F97F9448FE3EA179CB6D5A67D664BD1A2BBD963F93B4EABBA8A0C3E33E0546506969DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A9C6AECB7A5D1407BA7FD869164D6794C2E9AA8F5249232AA2E1680E1FAE2A26D6394DE83A850FFDEB239F063560CF9DDFD63E606CC0A98787CCC38415E52E8F4A9C871C23AEA7B1AA5E6B08F30549F49BA3F18851DA3D5CABFE34FBC5BE6FE9FB1695233572B52E8ACDD40352A1C871C87CE6C962187FE18633A74D4397EBD4A6914E10D8B2B91CAB2FC1E132B8E6678D8EB00891BAC73563297E75B896D6D8DB7F01190D92600B04430EB30510F18B638D55C9E74A9FD461A50D9562A199DD7DD56F97657B90EC5B510A2CD2B2EAFA97B0533C829146A5F0EF1D7213664EAF440BD009079C6118CE2376A0366D8735CBB0192E11A02DF05CD26C75AED4C4033C1E4D90ABE521474F848C0CDFD4301E764E0C14D7C87C633B1F2B2A2EA000EAC48D8373A28BCE9721C7F48F11BB847B624A0206AF238D8B7EA8FDC39F42B86111DF851B4E881F0EDD4350EAA2BED4FA2AEC49C00489EE60E7C4FE14247659C3A91D5A9624987B8E71503208003B262942FE2222561C64B88ED13A17713C03D36B517A972EBDFD641DCC9FEEA753B3FB7051BEAE393DE2CF5C2E31E6D0D786B7048DD4F28B3D7A3EF51A15D0AC6D68C9CCB5C710D69495C811BD59C61ED2EE767766CB23EF1FF32E641E0100B7B3694E4602598F698CDA26BFE71B1BCC7774FE1FF4B4C69EB023AB2442C7F1821488271E11041FC155C5514E19D2EA60D709A32555599E7284F30FC873BEC3DCBFD15AEA42CAD046E09C9578BF536571C5CE978AA87891DBEE071834243133AAAE024E957826DE6DE7D9244CD0DF5A30DB1DF4A293C3A95B883269A0CA5FA3619A8A4EDC990224C2642C912CC2333F5CF401BA15BD619308AFFB0899DF791B0F80118951903F9EE716F555CF1278AC4AB0B849DD556B218B05226002612B45D024EE94D9CC3275117FCCCC413E525F6474B7E44C89EFC9A3EC15408CD08A70DA0A31E4AF3FA0EE8668FCB760CA553928E7A539049070A6241179D844342A10F37D9AD6E05F487623DB04BA5FBF893D26F6DED1FD21E275F25EA84004958B3C770D202A4E28D81DD928155FC3286D9503D273210579329889872C73FB81A52D55896A82AE18F5952C6115106914F08F7A6DA47BB959BB15767FC7CEB38964C21009D8E58BB1B8B8345E201F0016799A57816B9B8F06D2965C016E150244A581BFE77B41C2FB2C039DBB85BE09C7E0CCFB0A739D4DC8BAE87108C9EC93CB3D0E8E4118E28602519228D5C4895C44F25F5DC61C040FECAF7EFE5634E1E93CF1353D7A29FEDB501A2C"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(1128)
c:\windows\system32\guard32.dll
.
Valmistumisajankohta: 2009-03-02 2:05:53
ComboFix-quarantined-files.txt 2009-03-02 00:05:41
ComboFix2.txt 2009-03-01 09:58:28
ComboFix3.txt 2009-02-26 09:50:29
ComboFix4.txt 2008-07-22 17:49:55
ComboFix5.txt 2009-03-01 23:59:12

Ennen ajoa: 4 928 790 528 tavua vapaana
Ajon jälkeen: 4,912,386,048 tavua vapaana

Current=2 Default=2 Failed=1 LastKnownGood=6 Sets=1,2,4,5,6
469 --- E O F --- 2009-02-26 10:12:52

 

Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

=============

Lataa JavaRa ja pura se työpöydällesi.

***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***

* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.
4. Asenna uusin Java päivitys seuraavasta linkistä..

Lataa täältä uusi java

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 12
Paina Download
Laita Platform -kohtaan Windows
Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue
Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe

Tallenna tiedosto vaikka työpöydälle ja asenna se.

5. Käynnistä kone uudelleen asennuksen jälkeen.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:
* Applications and Applets
* Trace and Log Files

Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically
Valitse Never check
11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.

 

Jeesh no tässä laitan vielä HJT login, eli tein kaikki nuo edelliset onnistuneesti.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:41, on 5.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\COMODO\Firewall\cfpupdat.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214158449265
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 10551 bytes

 

Mikäs on koneen toiminta

 

No enpä ole ainakaan huomannut enää mitään ihmeellistä tässä. Ihan hyvin toimii nyt.

 

Lataa Tästä Ccleaner
CCleaner v 2.14.750.- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
Asennuksen jälkeen aukaise CCleaneri.
Valitse vasemmalta pystyrivistä Options.
Valitse viereisestä pystyrivistä Settings.
Language kohtaan valitse Suomi.

Puhdistaja
Valitse vasemmalta pystyrivistä Puhdistaja.
Paina alhaalta Tutki.
Nyt CCleaneri tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaneri poistaa löydetyt tempit, cookiessit jne.

Rekisterin virheiden korjaus
Valitse vasemmalta pystyrivistä Rekisteri.
Paina alhaalta Etsi rekisterin virheitä.
Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
Saat vielä varmistus kysymyksen, paina Ok.
Kun virheet on korjattu, paina Sulje.
Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.

 

Ccleaner ollut käytössä itellä jo useamman vuoden. Kiitti avustuksesta!