HJT-logi

Ensimmäinen kerta kun moista teen, toivottavasti tekstin muokkaus onnistui. Äskettäin koneelle tuli hidastumisia, netin katkeilua ja suoritin huusi satasella. Net Limiter ohjelma kertoi että "directx32v.exe" lähettää ihan vauhdilla. Ei ole mitään hajua mikä tuo voisi olla, hyvä vai paha. Tuossa nyt logia jos joku voisi autella sen kanssa.


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 20:44:02, on 5.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton 360\Norton 360\AddOns\Norton AddOn
Pack\Engine\3.7.0.23\ccProxy.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Calibrize\CalibrizeResume.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS:directx32v.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plaza.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://tw.msi.com.tw/autobios/VerChk/LSeries.asp?MSIOCXVersion=3.79&WorkFunction=LMonitor
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Linkit
O1 - Hosts: [Internet Media][AS12008][204.69.234.0 - 204.69.234.255]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -
C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention -
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton
360\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -
C:\Program Files\Microsoft\Search Enhancement Pack\Search
Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID -kirjautumisapuohjelma -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper -
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar -
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows
Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common
Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft
IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP
UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common
Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common
Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA
Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ProfilerU] C:\Program
Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common
Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common
Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [directx32v] C:\WINDOWS:directx32v.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"
-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [CalibrizeResume] C:\Program Files\Calibrize\CalibrizeResume.exe
O4 - HKCU\..\Run: [CGFLoader] C:\Program Files\Calibrize\CalibrizeLoader.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
(User 'Default user')
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live
Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) -
http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -
http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety
Center Base Module) -
http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuwe
b_site.cab?1246036031234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/mu
web_site.cab?1246036116234
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} -
C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O22 - SharedTaskScheduler: Browseui preloader -
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -
{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -
C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
C:\Program Files\Norton 360\Norton 360\AddOns\Norton AddOn
Pack\Engine\3.7.0.23\ccProxy.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG
- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program
Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) -
Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. -
C:\Program Files\Common Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9f8df199be594)
(gupdate1c9f8df199be594) - Unknown owner - C:\Program
Files\Google\Update\GoogleUpdate.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService)
- Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program
Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner
- C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program
Files\Norton 360\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero
BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program
Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common
Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation
- C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc.
- C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown
owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Saitek DirectOutput (SaiDOutput) - Saitek - C:\Program
Files\Saitek\DirectOutput\DirectOutputService.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) -
SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner -
C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity
Solution\ServiceLayer.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner -
C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner -
C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc)
- Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 15056 bytes

 

On ja Ei !!!

Kerrassaan uusi ja outo. => directx32v.exe

Lataa SystemLook by. jpshortstuff TÄÄLTÄ. ja tallenna se työpöydälle.

Tupla-klikkaa SystemLook.exe ajaaksesi sen.
Kopioi(CTRL+C) alla olevasta laatikosta kaikki teksti, tekstialueeseen.

Code:

:regfind
directx32v.exe

:filefind 
directx32v.exe
directx32v.*

:dir
C:\WINDOWS\system32\drivers\etc /s

Klikkaa nappulaa Look aloittaaksesi skannauksen.

Kun skannaus on valmis avautuu muistio joka sisältää lokitiedot
Klikkaa lokia hiiren oikealla painikkeella ja valitse "Valitse kaikki"
Kopio ja liitä se seuraavaan viestiisi.
(Loki löytyy myös työpöydältäsi nimellä SystemLook.txt)


.

 

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 17:23 on 06/01/2010 by J N (Administrator - Elevation successful)

========== regfind ==========

Searching for "directx32v.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed

Components\{7JY53RF5-0KPN-08P4-QOS5-XC108Q1WKTW5}]
"StubPath"="C:\WINDOWS:directx32v.exe -ac"

========== filefind ==========

Searching for "directx32v.exe"
No files found.

Searching for "directx32v.*"
No files found.

========== dir ==========

C:\WINDOWS\system32\drivers\etc - Parameters: "/s"

---Files---
HOSTS --a--- 626367 bytes [12:00 09/10/2001] [14:07 04/01/2010]
hosts.ics --a--- 375 bytes [16:04 01/01/2010] [16:05

01/01/2010]
hosts.msn --a--- 625907 bytes [10:54 26/12/2009] [02:13

22/12/2009]
HOSTS.MVP --a--- 1147 bytes [12:00 09/10/2001] [00:44

26/12/2009]
lmhosts.sam --a--- 3705 bytes [12:00 09/10/2001] [12:00

09/10/2001]
networks --a--- 416 bytes [12:00 09/10/2001] [12:00

09/10/2001]
protocol --a--- 829 bytes [12:00 09/10/2001] [12:00

09/10/2001]
services --a--- 7151 bytes [12:00 09/10/2001] [12:00

09/10/2001]

No folders found.

-=End Of File=-

 

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:

combofix.exe


Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)



Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Lähetä => (C:\ComboFix.txt) raportti
.

 

Tässä logia. Kiitoksia paljon jo tässä vaiheessa.

ComboFix 10-01-04.01 - J N 06.01.2010 18:37:01.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.2046.1188 [GMT 2:00]
Sijainti: c:\documents and settings\JN\Työpöytä\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\documents and settings\JN\Työpöytä\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JN\Omat tiedostot\ZbThumbnail.info
c:\windows\system32\E95THK16.EXE
c:\windows\system32\encapi32.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-12-06 to 2010-01-06 )))))))))))))))))
.

2010-01-06 14:25 . 2009-12-29 18:01 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-01-06 07:57 . 2009-12-29 09:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100105.053\NAVENG.SYS
2010-01-06 07:57 . 2009-12-29 09:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100105.053\NAVENG32.DLL
2010-01-06 07:57 . 2009-12-29 09:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100105.053\NAVEX32A.DLL
2010-01-06 07:57 . 2009-12-29 09:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100105.053\NAVEX15.SYS
2010-01-06 07:57 . 2009-12-29 09:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100105.053\EECTRL.SYS
2010-01-06 07:57 . 2009-12-29 09:00 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100105.053\CCERASER.DLL
2010-01-06 07:57 . 2009-12-29 09:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100105.053\ECMSVR32.DLL
2010-01-06 07:57 . 2009-12-29 09:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100105.053\ERASER.SYS
2010-01-05 18:43 . 2010-01-05 18:43 388096 ----a-r- c:\documents and settings\JN\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-05 18:43 . 2010-01-05 18:43 -------- d-----w- c:\program files\TrendMicro
2010-01-05 14:18 . 2010-01-05 14:18 -------- d-----w- c:\program files\iPod
2010-01-05 14:18 . 2010-01-05 14:19 -------- d-----w- c:\program files\iTunes
2010-01-05 14:14 . 2010-01-05 14:14 -------- d-----w- c:\program files\QuickTime
2010-01-05 14:11 . 2010-01-05 14:11 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2010-01-05 11:39 . 2010-01-05 11:39 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-01-05 11:26 . 2010-01-05 11:26 -------- d-----w- c:\program files\NetLimiter 2 Pro
2010-01-05 11:15 . 2010-01-05 11:15 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-01-05 11:15 . 2010-01-05 11:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\Windows Search
2010-01-05 10:54 . 2010-01-05 10:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-01-05 07:40 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSvix86.sys
2010-01-05 07:40 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSXpx86.sys
2010-01-05 07:40 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\Scxpx86.dll
2010-01-05 07:40 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSxpx86.dll
2010-01-05 07:40 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSviA64.sys
2010-01-04 22:31 . 2010-01-04 22:42 -------- d-----w- c:\documents and settings\JN\Application Data\Bioshock
2010-01-04 08:42 . 2010-01-05 11:15 -------- d-----r- c:\documents and settings\LocalService\Suosikit
2010-01-04 08:38 . 2010-01-04 08:38 -------- d-----w- c:\documents and settings\JN\Application Data\Locktime
2010-01-04 08:37 . 2010-01-04 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Locktime
2009-12-29 22:40 . 2009-12-29 22:40 -------- d-----w- c:\documents and settings\LocalService\Työpöytä
2009-12-29 22:29 . 2010-01-01 09:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-29 18:05 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSvix86.sys
2009-12-29 18:05 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSXpx86.sys
2009-12-29 18:05 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\Scxpx86.dll
2009-12-29 18:05 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSxpx86.dll
2009-12-29 18:05 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSviA64.sys
2009-12-29 18:01 . 2009-12-29 18:01 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-12-29 18:01 . 2009-12-29 18:01 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-12-29 18:01 . 2009-12-29 18:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-29 18:01 . 2009-12-29 18:01 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-29 18:01 . 2009-12-29 18:01 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-29 18:01 . 2009-12-29 18:01 -------- d-----w- c:\program files\Symantec
2009-12-29 18:01 . 2009-12-29 18:01 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-12-29 18:01 . 2009-12-29 18:01 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-12-29 18:01 . 2009-12-29 18:01 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-12-29 17:55 . 2009-12-29 17:55 -------- d-----w- c:\program files\NortonInstaller
2009-12-26 23:06 . 2009-12-26 23:06 61440 ----a-r- c:\documents and settings\JN\Application Data\Microsoft\Installer\{A7D02240-1B6D-46A3-B745-A0C6491C9803}\NewShortcut1.E8BD1F6A_63E9_4BC3_8DF5_1E24A65D44C8.exe
2009-12-26 23:06 . 2009-12-26 23:06 61440 ----a-r- c:\documents and settings\JN\Application Data\Microsoft\Installer\{A7D02240-1B6D-46A3-B745-A0C6491C9803}\NewShortcut1.3CDD8B51_DC3A_47B9_BD7C_A1A75A9D4024.exe
2009-12-26 23:06 . 2009-12-26 23:06 22486 ----a-r- c:\documents and settings\JN\Application Data\Microsoft\Installer\{A7D02240-1B6D-46A3-B745-A0C6491C9803}\ARPPRODUCTICON.exe
2009-12-26 17:51 . 2008-05-29 05:03 37176 ----a-w- c:\documents and settings\JN\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-26 13:19 . 2009-12-26 13:19 -------- d-----w- c:\program files\Evening Help Guide
2009-12-26 00:38 . 2009-12-26 00:38 -------- d-----w- c:\program files\Adobe Media Player
2009-12-26 00:34 . 2009-12-26 00:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-17 15:16 . 2009-12-17 15:16 61789728 ----a-w- c:\documents and settings\JN\Application Data\Nokia\Ovi Suite\Software Updater\Nokia_Ovi_Suite_webupgrade_ALL.exe
2009-12-11 21:41 . 2009-12-11 21:41 -------- d-----w- c:\documents and settings\JN\Application Data\HDRsoft
2009-12-11 21:35 . 2009-12-11 21:35 -------- d-----w- c:\program files\PhotomatixPro3
2009-12-09 07:27 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 19:51 . 2009-06-29 17:39 -------- d-----w- c:\program files\HyperLobbyPro3
2010-01-05 14:18 . 2009-07-01 18:32 -------- d-----w- c:\program files\Common Files\Apple
2010-01-04 22:32 . 2009-06-27 05:56 -------- d-----w- c:\program files\Steam
2010-01-04 09:08 . 2008-08-14 05:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2010-01-01 09:18 . 2009-06-27 16:51 -------- d-----w- c:\documents and settings\JN\Application Data\Canon
2009-12-29 18:25 . 2009-06-26 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-12-29 18:01 . 2009-12-29 18:01 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-29 18:01 . 2009-12-29 18:01 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-29 18:00 . 2009-06-26 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-29 13:51 . 2009-06-26 21:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-26 23:06 . 2009-06-26 19:00 -------- d-----w- c:\program files\Common Files\Logitech
2009-12-26 23:06 . 2009-06-26 19:00 -------- d-----w- c:\program files\Logitech
2009-12-26 15:58 . 2009-06-28 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-26 00:48 . 2009-06-26 16:39 43632 ----a-w- c:\documents and settings\JN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-20 23:29 . 2009-06-29 17:29 -------- d-----w- c:\program files\Google
2009-12-20 20:02 . 2009-06-26 19:27 -------- d-----w- c:\program files\Opera
2009-12-20 09:47 . 2009-10-04 10:22 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-12-19 08:56 . 2009-06-26 21:10 -------- d-----w- c:\program files\IZArc
2009-12-17 14:09 . 2009-10-22 09:04 -------- d-----w- c:\program files\LEGO Company
2009-12-15 07:36 . 2001-10-09 12:00 95770 ----a-w- c:\windows\system32\perfc00B.dat
2009-12-15 07:36 . 2001-10-09 12:00 440056 ----a-w- c:\windows\system32\perfh00B.dat
2009-12-14 12:54 . 2009-06-26 17:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-12 21:16 . 2009-06-29 17:00 -------- d-----w- c:\program files\Ubisoft
2009-12-03 17:33 . 2009-07-19 13:40 1 ----a-w- c:\documents and settings\JNn\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-03 13:26 . 2009-06-26 21:47 -------- d-----w- c:\program files\EMDB
2009-11-27 13:12 . 2009-06-26 21:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-25 17:37 . 2009-11-25 17:37 -------- d-----w- c:\program files\MSECache
2009-11-22 14:28 . 2009-06-28 13:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-21 15:58 . 2001-10-09 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 16:49 . 2009-11-17 16:49 -------- d-----w- c:\documents and settings\JN\Application Data\RawTherapee
2009-11-17 16:49 . 2009-11-17 16:49 -------- d-----w- c:\program files\Raw Therapee
2009-11-12 14:29 . 2009-11-12 14:29 -------- d-----w- c:\program files\AGEIA Technologies
2009-11-12 14:29 . 2009-07-03 13:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-11 15:34 . 2009-11-11 14:24 -------- d-----w- c:\documents and settings\JN\Application Data\nHancer
2009-11-11 14:25 . 2009-11-11 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2009-11-11 14:25 . 2009-11-11 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\nHancer
2009-11-10 18:58 . 2009-11-10 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-11-10 18:57 . 2009-11-10 18:57 -------- d-----w- c:\program files\NVIDIA Corporation
2009-11-10 18:54 . 2009-11-10 18:54 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-05 03:08 . 2009-11-05 03:08 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-04 18:06 . 2009-11-04 18:06 152576 ----a-w- c:\documents and settings\JN\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 07:43 . 2001-10-09 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-10-22 09:12 . 2009-10-22 09:12 245760 ------w- c:\windows\Setup1.exe
2009-10-22 09:12 . 2009-10-22 09:12 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-10-21 06:23 . 2009-10-21 06:23 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{F189FCA9-6147-49EE-A995-BE611281EE6E}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2009-10-21 06:23 . 2009-10-21 06:23 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{F189FCA9-6147-49EE-A995-BE611281EE6E}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2009-10-21 06:23 . 2009-10-21 06:23 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{F189FCA9-6147-49EE-A995-BE611281EE6E}\Installer\CommonCustomActions\WMF11Runx86.exe
2009-10-21 06:23 . 2009-10-21 06:23 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{F189FCA9-6147-49EE-A995-BE611281EE6E}\Installer\CommonCustomActions\WMF11Runx64.exe
2009-10-21 06:23 . 2009-10-21 06:23 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{F189FCA9-6147-49EE-A995-BE611281EE6E}\Installer\CommonCustomActions\pcswpc.exe
2009-10-21 05:40 . 2009-06-26 16:35 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:40 . 2009-06-26 16:35 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 20:22 . 2009-10-21 06:23 92597600 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{F189FCA9-6147-49EE-A995-BE611281EE6E}\Nokia_Ovi_Suite_webinstaller.exe
2009-10-20 16:20 . 2009-06-26 16:35 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-19 08:19 . 2009-10-19 08:19 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2009-10-16 21:58 . 2009-10-10 13:08 664464 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-13 10:34 . 2001-10-09 12:00 270848 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2001-10-09 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2001-10-09 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 02:17 . 2009-06-27 12:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2004-10-01 12:00 . 2009-06-26 20:07 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"CalibrizeResume"="c:\program files\Calibrize\CalibrizeResume.exe" [2007-11-26 413696]
"CGFLoader"="c:\program files\Calibrize\CalibrizeLoader.exe" [2007-11-26 1961984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"D066UUtility"="c:\windows\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2006-07-19 549376]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-01-04 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\brothers in arms earned in blood\\System\\EiB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\brothers in arms hells highway\\Binaries\\biahh.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\brothers in arms road to hill 30\\System\\bia.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.086\SymEFA.sys [29.12.2009 20:01 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.086\BHDrvx86.sys [29.12.2009 20:01 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.086\cchpx86.sys [29.12.2009 20:01 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSXpx86.sys [5.1.2010 9:40 329592]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 13:03 82200]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [19.8.2009 3:10 1705280]
R2 N360;Norton 360;c:\program files\Norton 360\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [29.12.2009 20:01 115560]
R2 SaiDOutput;Saitek DirectOutput;c:\program files\Saitek\DirectOutput\DirectOutputService.exe [4.4.2008 10:34 147456]
R3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\drivers\chdrvr01.sys [2.7.2009 13:53 219072]
R3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\drivers\chdrvr02.sys [2.7.2009 13:53 5120]
R3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\drivers\chdrvr03.sys [2.7.2009 13:53 8704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29.12.2009 11:00 102448]
R3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [2.7.2009 15:04 36384]
R3 SaiH0762;SaiH0762;c:\windows\system32\drivers\SaiH0762.sys [4.4.2008 16:12 136832]
S2 gupdate1c9f8df199be594;Google Update Service (gupdate1c9f8df199be594);c:\program files\Google\Update\GoogleUpdate.exe [29.6.2009 19:29 133104]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe [28.10.2009 22:49 99176]
.
'Ajoitetut tehtävät'-kansion sisältö

2009-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
2010-01-06 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-07-25 13:55]
2010-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 17:29]
2010-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 17:29]
2009-06-26 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56]
2010-01-06 c:\windows\Tasks\User_Feed_Synchronization-{5B8C3C07-A6BF-4DC1-8FAC-30FF4DF42ED8}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.plaza.fi/
uInternet Connection Wizard,ShellNext = hxxp://tw.msi.com.tw/autobios/VerChk/LSeries.asp?MSIOCXVersion=3.79&WorkFunction=LMonitor
uInternet Settings,ProxyOverride = *.local
IE: Vie Microsoft E&xceliin - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\JN\Application Data\Mozilla\Firefox\Profiles\juu3m3kd.default\
FF - prefs.js: browser.startup.homepage - hxxp://plaza.fi/
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - POISTETUT JÄMÄRIVIT - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-directx32v - C:\WINDOWS:directx32v.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 18:41
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

c:\windows\system32\svchost.exe [1512] 0x885BF468
C:\WINDOWS:directx32v.exe [5240] 0x87D20DA0
tarkistaa piilotettuja käynnistysarvoja ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
directx32v = C:\WINDOWS:directx32v.exe????????????????????????????

tarkistaa piilotettuja tiedostoja ...


C:\WINDOWS:directx32v.exe 638976 bytes executable

tarkistus on valmis
piilotetut tiedostot: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Norton 360\Engine\3.0.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,0d,a5,96,e2,cb,2e,44,93,f8,e8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,0d,a5,96,e2,cb,2e,44,93,f8,e8,\

[HKEY_USERS\S-1-5-21-329068152-1482476501-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7c,50,a4,c8,62,26,2d,4b,76,10,05,a9,a5,92,f4,b7,08,6d,f4,b7,44,90,02,
cb,98,ed,39,d5,c9,3f,77,e4,09,1f,2a,e5,62,6a,1d,ef,0a,88,47,fc,8a,dd,cd,d0,\
"??"=hex:b5,5e,67,b3,49,08,72,ad,41,a9,3a,9c,e3,bb,58,83

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¹mÓw*]
"AB79C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="8CE7D09734694B7F7DF69BF6592E65EB317B9D7F60C46E69E75E9EC8BC280867D86E4813775458148CE2205CF4952EFCF86A4D04F8DD6BBEFECF368B86364A40282DE3CC0B326A063EABBDE15E7FB48B305A927F0CFB88B3440DEBED6DE4BE499F4EBC151F10798B1766560B32B1C5CB56E932C0C1BC069E555B0B35CACCBC981AE342BED79D949B4C8C1C5B8395C338A09A469F3CE4BC1A83E8B028E82AB009A5E0B6205031DAF14CFB965AD73AA48C76D2B9F40E591884D3C24F90885B1BB9069F32181442021034F52297A8D1F44BF5DD4E1EBB27170001DDAB3D5EE40F8FAF5B9D0424EED4B9591F6E9F64B05038EEE9197D43FACCF0F71161FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452FEBC9E127BECC74C8EDD5E5BE2F6E667EC337486C9633EF7EA08942288E9FE7DC9B8BC9BD4259089C5D5DFBE6EEB3DDEA0781FD1F6F76EF84250AA0423DE4C257302A83078D373E79F51326D1ABFB237B01ADAEB28A3E184F325CE28AF4C42908C3E786EA658721BFE234123FD0AECD3C53FD6EB3B70A1A5F8B8071C2BD91154014B2BF39F15845BE0F8A5B33A094D2E0D0162FB519B163FCFB17E7C595F4BD33E7EE67664208732C4F31C0933B0971936EE76DACF928F83F82B847E3FEBE949389FF1BD3F453B7FADA8862111297736F689AB5ADFFC3F7E7BB50C69273E46C3656AB8263782C4F524A0680D3FCCF87D86C840DFED31BB0AE052AB97A04EA024BF0F4B209F0A2B1B33D8ECF1EEAB0EBBA29495E7AC3E7FD6B5791FF77BC51D9F4631DCB009C2DA4A6AC15E8713098B108CCB31FE0F62E86C0C95438FCF00C1C0FAE9C6EECA47A6335D41AF1DE45D2B6D07403FC7CF92BA22F9069DF376907B65654403070165C0D7A42FF393E0D30A9C5BB80B776B779AA3191DD2518D3D183F104032BA0B21C08FDB5965DFC5CBA939D66E07DA236E93F28623AFE579FCCCD20953985D8AAFA5832181DF0B97D8EFB3CA8FCA4E7C079364E4D12107DD7FAFFB63E31FD6687BCE3598DAE5B221C1A54F0ABE8DC44007ECA0D9D8BB992526BBE7364E4FA34EA4FE74EA109B886B82F9A3EE91AF447C64D7A58D5B369AFE0652971CE3DAD42CFBE06AC33D4851C7CB7B1C55913167014FEB422E706A985CE83560B2E6940D3488008F52F35BE54B7FA0F89DBDB9DCE325291DED2258B7F3CB0C6E9D10F5865F84CC35493964B3CDB544CD2C8791657DFB72AD03EF212E3EDFE2BC030C198CE75F1B7CE185983DE93AA103EAD42858EB9B8DC1A5CD0F47FC8C289F8DF93FFE4C3BA4DC57C55116018CDB54C5808E208F0124F915A10A622E6931BAECEDCB53D0EE84A0E75C0AE837DFF7CF2DD77ABA0E5CC5C911C7A1739BC5B20852F0C411FB"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Valmistumisajankohta: 2010-01-06 18:43:05
ComboFix-quarantined-files.txt 2010-01-06 16:43

Ennen ajoa: 43 015 340 032 tavua vapaana
Ajon jälkeen: 43 095 961 600 tavua vapaana

WindowsXP-KB310994-SP2-Home-BootDisk-FIN.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 90701214D0607510EA4184FD93E5CD37

 

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)



Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Lähetä => (C:\ComboFix.txt) raportti
.

 

ComboFix 10-01-04.01 - J N 06.01.2010 23:22:42.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.2046.1074 [GMT 2:00]
Sijainti: c:\documents and settings\J N\Työpöytä\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\documents and settings\J N\Työpöytä\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
ADS - WINDOWS: deleted 638976 bytes in 1 streams.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-12-06 to 2010-01-06 )))))))))))))))))
.

2010-01-06 18:06 . 2009-12-29 09:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100106.002\NAVENG.SYS
2010-01-06 18:06 . 2009-12-29 09:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100106.002\NAVENG32.DLL
2010-01-06 18:06 . 2009-12-29 09:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100106.002\NAVEX32A.DLL
2010-01-06 18:06 . 2009-12-29 09:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100106.002\NAVEX15.SYS
2010-01-06 18:05 . 2009-12-29 09:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100106.002\EECTRL.SYS
2010-01-06 18:05 . 2009-12-29 09:00 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100106.002\CCERASER.DLL
2010-01-06 18:05 . 2009-12-29 09:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100106.002\ECMSVR32.DLL
2010-01-06 18:05 . 2009-12-29 09:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100106.002\ERASER.SYS
2010-01-06 16:56 . 2009-12-29 18:01 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-01-05 18:43 . 2010-01-05 18:43 388096 ----a-r- c:\documents and settings\J N\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-05 18:43 . 2010-01-05 18:43 -------- d-----w- c:\program files\TrendMicro
2010-01-05 14:18 . 2010-01-05 14:18 -------- d-----w- c:\program files\iPod
2010-01-05 14:18 . 2010-01-05 14:19 -------- d-----w- c:\program files\iTunes
2010-01-05 14:14 . 2010-01-05 14:14 -------- d-----w- c:\program files\QuickTime
2010-01-05 14:11 . 2010-01-05 14:11 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2010-01-05 11:39 . 2010-01-05 11:39 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-01-05 11:26 . 2010-01-05 11:26 -------- d-----w- c:\program files\NetLimiter 2 Pro
2010-01-05 11:15 . 2010-01-05 11:15 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-01-05 11:15 . 2010-01-05 11:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\Windows Search
2010-01-05 10:54 . 2010-01-05 10:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-01-05 07:40 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSvix86.sys
2010-01-05 07:40 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSXpx86.sys
2010-01-05 07:40 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\Scxpx86.dll
2010-01-05 07:40 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSxpx86.dll
2010-01-05 07:40 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSviA64.sys
2010-01-04 22:31 . 2010-01-04 22:42 -------- d-----w- c:\documents and settings\J N\Application Data\Bioshock
2010-01-04 08:42 . 2010-01-05 11:15 -------- d-----r- c:\documents and settings\LocalService\Suosikit
2010-01-04 08:38 . 2010-01-04 08:38 -------- d-----w- c:\documents and settings\JN\Application Data\Locktime
2010-01-04 08:37 . 2010-01-04 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Locktime
2009-12-29 22:40 . 2009-12-29 22:40 -------- d-----w- c:\documents and settings\LocalService\Työpöytä
2009-12-29 22:29 . 2010-01-01 09:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-29 18:05 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSvix86.sys
2009-12-29 18:05 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSXpx86.sys
2009-12-29 18:05 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\Scxpx86.dll
2009-12-29 18:05 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSxpx86.dll
2009-12-29 18:05 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSviA64.sys
2009-12-29 18:01 . 2009-12-29 18:01 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-12-29 18:01 . 2009-12-29 18:01 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-12-29 18:01 . 2009-12-29 18:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-29 18:01 . 2009-12-29 18:01 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-29 18:01 . 2009-12-29 18:01 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-29 18:01 . 2009-12-29 18:01 -------- d-----w- c:\program files\Symantec
2009-12-29 18:01 . 2009-12-29 18:01 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-12-29 18:01 . 2009-12-29 18:01 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-12-29 18:01 . 2009-12-29 18:01 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-12-29 17:55 . 2009-12-29 17:55 -------- d-----w- c:\program files\NortonInstaller
2009-12-26 23:06 . 2009-12-26 23:06 61440 ----a-r- c:\documents and settings\J N\Application Data\Microsoft\Installer\{A7D02240-1B6D-46A3-B745-A0C6491C9803}\NewShortcut1.E8BD1F6A_63E9_4BC3_8DF5_1E24A65D44C8.exe
2009-12-26 23:06 . 2009-12-26 23:06 61440 ----a-r- c:\documents and settings\J N\Application Data\Microsoft\Installer\{A7D02240-1B6D-46A3-B745-A0C6491C9803}\NewShortcut1.3CDD8B51_DC3A_47B9_BD7C_A1A75A9D4024.exe
2009-12-26 23:06 . 2009-12-26 23:06 22486 ----a-r- c:\documents and settings\J Nn\Application Data\Microsoft\Installer\{A7D02240-1B6D-46A3-B745-A0C6491C9803}\ARPPRODUCTICON.exe
2009-12-26 17:51 . 2008-05-29 05:03 37176 ----a-w- c:\documents and settings\J N\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-26 13:19 . 2009-12-26 13:19 -------- d-----w- c:\program files\Evening Help Guide
2009-12-26 00:38 . 2009-12-26 00:38 -------- d-----w- c:\program files\Adobe Media Player
2009-12-26 00:34 . 2009-12-26 00:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-17 15:16 . 2009-12-17 15:16 61789728 ----a-w- c:\documents and settings\J N\Application Data\Nokia\Ovi Suite\Software Updater\Nokia_Ovi_Suite_webupgrade_ALL.exe
2009-12-11 21:41 . 2009-12-11 21:41 -------- d-----w- c:\documents and settings\J N\Application Data\HDRsoft
2009-12-11 21:35 . 2009-12-11 21:35 -------- d-----w- c:\program files\PhotomatixPro3
2009-12-09 07:27 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 19:51 . 2009-06-29 17:39 -------- d-----w- c:\program files\HyperLobbyPro3
2010-01-05 14:18 . 2009-07-01 18:32 -------- d-----w- c:\program files\Common Files\Apple
2010-01-04 22:32 . 2009-06-27 05:56 -------- d-----w- c:\program files\Steam
2010-01-04 09:08 . 2008-08-14 05:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2010-01-01 09:18 . 2009-06-27 16:51 -------- d-----w- c:\documents and settings\J N\Application Data\Canon
2009-12-29 18:25 . 2009-06-26 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-12-29 18:01 . 2009-12-29 18:01 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-29 18:01 . 2009-12-29 18:01 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-29 18:00 . 2009-06-26 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-29 13:51 . 2009-06-26 21:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-26 23:06 . 2009-06-26 19:00 -------- d-----w- c:\program files\Common Files\Logitech
2009-12-26 23:06 . 2009-06-26 19:00 -------- d-----w- c:\program files\Logitech
2009-12-26 15:58 . 2009-06-28 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-26 00:48 . 2009-06-26 16:39 43632 ----a-w- c:\documents and settings\J N\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-20 23:29 . 2009-06-29 17:29 -------- d-----w- c:\program files\Google
2009-12-20 20:02 . 2009-06-26 19:27 -------- d-----w- c:\program files\Opera
2009-12-20 09:47 . 2009-10-04 10:22 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-12-19 08:56 . 2009-06-26 21:10 -------- d-----w- c:\program files\IZArc
2009-12-17 14:09 . 2009-10-22 09:04 -------- d-----w- c:\program files\LEGO Company
2009-12-15 07:36 . 2001-10-09 12:00 95770 ----a-w- c:\windows\system32\perfc00B.dat
2009-12-15 07:36 . 2001-10-09 12:00 440056 ----a-w- c:\windows\system32\perfh00B.dat
2009-12-14 12:54 . 2009-06-26 17:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-12 21:16 . 2009-06-29 17:00 -------- d-----w- c:\program files\Ubisoft
2009-12-03 17:33 . 2009-07-19 13:40 1 ----a-w- c:\documents and settings\J N\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-03 13:26 . 2009-06-26 21:47 -------- d-----w- c:\program files\EMDB
2009-11-27 13:12 . 2009-06-26 21:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-25 17:37 . 2009-11-25 17:37 -------- d-----w- c:\program files\MSECache
2009-11-22 14:28 . 2009-06-28 13:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-21 15:58 . 2001-10-09 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 16:49 . 2009-11-17 16:49 -------- d-----w- c:\documents and settings\J N\Application Data\RawTherapee
2009-11-17 16:49 . 2009-11-17 16:49 -------- d-----w- c:\program files\Raw Therapee
2009-11-12 14:29 . 2009-11-12 14:29 -------- d-----w- c:\program files\AGEIA Technologies
2009-11-12 14:29 . 2009-07-03 13:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-11 15:34 . 2009-11-11 14:24 -------- d-----w- c:\documents and settings\J N\Application Data\nHancer
2009-11-11 14:25 . 2009-11-11 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2009-11-11 14:25 . 2009-11-11 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\nHancer
2009-11-10 18:58 . 2009-11-10 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-11-10 18:57 . 2009-11-10 18:57 -------- d-----w- c:\program files\NVIDIA Corporation
2009-11-10 18:54 . 2009-11-10 18:54 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-05 03:08 . 2009-11-05 03:08 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-04 18:06 . 2009-11-04 18:06 152576 ----a-w- c:\documents and settings\J N\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 07:43 . 2001-10-09 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-10-22 09:12 . 2009-10-22 09:12 245760 ------w- c:\windows\Setup1.exe
2009-10-22 09:12 . 2009-10-22 09:12 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-10-21 06:23 . 2009-10-21 06:23 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{F189FCA9-6147-49EE-A995-BE611281EE6E}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2009-10-21 06:23 . 2009-10-21 06:23 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{F189FCA9-6147-49EE-A995-BE611281EE6E}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2009-10-21 06:23 . 2009-10-21 06:23 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{F189FCA9-6147-49EE-A995-BE611281EE6E}\Installer\CommonCustomActions\WMF11Runx86.exe
2009-10-21 06:23 . 2009-10-21 06:23 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{F189FCA9-6147-49EE-A995-BE611281EE6E}\Installer\CommonCustomActions\WMF11Runx64.exe
2009-10-21 06:23 . 2009-10-21 06:23 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{F189FCA9-6147-49EE-A995-BE611281EE6E}\Installer\CommonCustomActions\pcswpc.exe
2009-10-21 05:40 . 2009-06-26 16:35 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:40 . 2009-06-26 16:35 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 20:22 . 2009-10-21 06:23 92597600 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{F189FCA9-6147-49EE-A995-BE611281EE6E}\Nokia_Ovi_Suite_webinstaller.exe
2009-10-20 16:20 . 2009-06-26 16:35 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-19 08:19 . 2009-10-19 08:19 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2009-10-16 21:58 . 2009-10-10 13:08 664464 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-13 10:34 . 2001-10-09 12:00 270848 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2001-10-09 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2001-10-09 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 02:17 . 2009-06-27 12:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2004-10-01 12:00 . 2009-06-26 20:07 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-01-06_16.41.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-05 07:28 . 2010-01-06 16:56 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-05 07:28 . 2010-01-06 14:26 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-06 16:56 . 2010-01-06 16:56 16384 c:\windows\Temp\Perflib_Perfdata_5c8.dat
+ 2010-01-06 16:56 . 2010-01-06 16:56 16384 c:\windows\Temp\Perflib_Perfdata_2c8.dat
+ 2010-01-06 16:56 . 2010-01-06 16:56 16384 c:\windows\Temp\Perflib_Perfdata_280.dat
- 2010-01-05 07:28 . 2010-01-06 14:26 49152 c:\windows\Temp\History\History.IE5\index.dat
+ 2010-01-05 07:28 . 2010-01-06 16:56 49152 c:\windows\Temp\History\History.IE5\index.dat
+ 2010-01-05 07:28 . 2010-01-06 16:56 32768 c:\windows\Temp\Cookies\index.dat
- 2010-01-05 07:28 . 2010-01-06 14:26 32768 c:\windows\Temp\Cookies\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"CalibrizeResume"="c:\program files\Calibrize\CalibrizeResume.exe" [2007-11-26 413696]
"CGFLoader"="c:\program files\Calibrize\CalibrizeLoader.exe" [2007-11-26 1961984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"D066UUtility"="c:\windows\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2006-07-19 549376]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-01-04 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\brothers in arms earned in blood\\System\\EiB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\brothers in arms hells highway\\Binaries\\biahh.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\brothers in arms road to hill 30\\System\\bia.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.086\SymEFA.sys [29.12.2009 20:01 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.086\BHDrvx86.sys [29.12.2009 20:01 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.086\cchpx86.sys [29.12.2009 20:01 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSXpx86.sys [5.1.2010 9:40 329592]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 13:03 82200]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [19.8.2009 3:10 1705280]
R2 N360;Norton 360;c:\program files\Norton 360\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [29.12.2009 20:01 115560]
R2 SaiDOutput;Saitek DirectOutput;c:\program files\Saitek\DirectOutput\DirectOutputService.exe [4.4.2008 10:34 147456]
R3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\drivers\chdrvr01.sys [2.7.2009 13:53 219072]
R3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\drivers\chdrvr02.sys [2.7.2009 13:53 5120]
R3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\drivers\chdrvr03.sys [2.7.2009 13:53 8704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29.12.2009 11:00 102448]
R3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [2.7.2009 15:04 36384]
R3 SaiH0762;SaiH0762;c:\windows\system32\drivers\SaiH0762.sys [4.4.2008 16:12 136832]
S2 gupdate1c9f8df199be594;Google Update Service (gupdate1c9f8df199be594);c:\program files\Google\Update\GoogleUpdate.exe [29.6.2009 19:29 133104]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe [28.10.2009 22:49 99176]
.
'Ajoitetut tehtävät'-kansion sisältö

2009-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
2010-01-06 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-07-25 13:55]
2010-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 17:29]
2010-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 17:29]
2009-06-26 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56]
2010-01-06 c:\windows\Tasks\User_Feed_Synchronization-{5B8C3C07-A6BF-4DC1-8FAC-30FF4DF42ED8}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.plaza.fi/
uInternet Connection Wizard,ShellNext = hxxp://tw.msi.com.tw/autobios/VerChk/LSeries.asp?MSIOCXVersion=3.79&WorkFunction=LMonitor
uInternet Settings,ProxyOverride = *.local
IE: Vie Microsoft E&xceliin - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\J N\Application Data\Mozilla\Firefox\Profiles\juu3m3kd.default\
FF - prefs.js: browser.startup.homepage - hxxp://plaza.fi/
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Norton 360\Engine\3.0.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,0d,a5,96,e2,cb,2e,44,93,f8,e8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,0d,a5,96,e2,cb,2e,44,93,f8,e8,\
[HKEY_USERS\S-1-5-21-329068152-1482476501-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7c,50,a4,c8,62,26,2d,4b,76,10,05,a9,a5,92,f4,b7,08,6d,f4,b7,44,90,02,
cb,98,ed,39,d5,c9,3f,77,e4,09,1f,2a,e5,62,6a,1d,ef,0a,88,47,fc,8a,dd,cd,d0,\
"??"=hex:b5,5e,67,b3,49,08,72,ad,41,a9,3a,9c,e3,bb,58,83
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¹mÓw*]
"AB79C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="8CE7D09734694B7F7DF69BF6592E65EB317B9D7F60C46E69
E75E9EC8BC280867D86E4813775458148CE2205CF4952EFCF86A4D04F8DD6BBEFECF368B86364A40282
DE3CC0B326A063EABBDE15E7FB48B305A927F0CFB88B3440DEBED6DE4BE499F4EBC151F10798B176656
0B32B1C5CB56E932C0C1BC069E555B0B35CACCBC981AE342BED79D949B4C8C1C5B8395C338A09A469F3
CE4BC1A83E8B028E82AB009A5E0B6205031DAF14CFB965AD73AA48C76D2B9F40E591884D3C24F90885B
1BB9069F32181442021034F52297A8D1F44BF5DD4E1EBB27170001DDAB3D5EE40F8FAF5B9D0424EED4B9
591F6E9F64B05038EEE9197D43FACCF0F71161FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC
74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452
FEBC9E127BECC74C8EDD5E5BE2F6E667EC337486C9633EF7EA08942288E9FE7DC9B8BC9BD4259089C5D
5DFBE6EEB3DDEA0781FD1F6F76EF84250AA0423DE4C257302A83078D373E79F51326D1ABFB237B01ADA
EB28A3E184F325CE28AF4C42908C3E786EA658721BFE234123FD0AECD3C53FD6EB3B70A1A5F8B8071C2
BD91154014B2BF39F15845BE0F8A5B33A094D2E0D0162FB519B163FCFB17E7C595F4BD33E7EE6766420
8732C4F31C0933B0971936EE76DACF928F83F82B847E3FEBE949389FF1BD3F453B7FADA886211129773
6F689AB5ADFFC3F7E7BB50C69273E46C3656AB8263782C4F524A0680D3FCCF87D86C840DFED31BB0AE0
52AB97A04EA024BF0F4B209F0A2B1B33D8ECF1EEAB0EBBA29495E7AC3E7FD6B5791FF77BC51D9F4631DC
B009C2DA4A6AC15E8713098B108CCB31FE0F62E86C0C95438FCF00C1C0FAE9C6EECA47A6335D41AF1DE
45D2B6D07403FC7CF92BA22F9069DF376907B65654403070165C0D7A42FF393E0D30A9C5BB80B776B77
9AA3191DD2518D3D183F104032BA0B21C08FDB5965DFC5CBA939D66E07DA236E93F28623AFE579FCCCD
20953985D8AAFA5832181DF0B97D8EFB3CA8FCA4E7C079364E4D12107DD7FAFFB63E31FD6687BCE3598
DAE5B221C1A54F0ABE8DC44007ECA0D9D8BB992526BBE7364E4FA34EA4FE74EA109B886B82F9A3EE91A
F447C64D7A58D5B369AFE0652971CE3DAD42CFBE06AC33D4851C7CB7B1C55913167014FEB422E706A98
5CE83560B2E6940D3488008F52F35BE54B7FA0F89DBDB9DCE325291DED2258B7F3CB0C6E9D10F5865F8
4CC35493964B3CDB544CD2C8791657DFB72AD03EF212E3EDFE2BC030C198CE75F1B7CE185983DE93AA1
03EAD42858EB9B8DC1A5CD0F47FC8C289F8DF93FFE4C3BA4DC57C55116018CDB54C5808E208F0124F91
5A10A622E6931BAECEDCB53D0EE84A0E75C0AE837DFF7CF2DD77ABA0E5CC5C911C7A1739BC5B20852F0
C411FB"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(700)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Valmistumisajankohta: 2010-01-06 23:27:54
ComboFix-quarantined-files.txt 2010-01-06 21:27
ComboFix2.txt 2010-01-06 16:43

Ennen ajoa: 50 539 204 608 tavua vapaana
Ajon jälkeen: 50 503 262 208 tavua vapaana

- - End Of File - - D968DD3AFA12D96E3083BF7738A88EAB

 

Moi !!!
Eilen illalla Saksassa varmistui => directx32v.exe
Bot madoksi.

----------------------------------------------------------------------------

Tupla-klikkaa SystemLook.exe ajaaksesi sen.

Kopioi(CTRL+C) alla olevasta laatikosta kaikki teksti, tekstialueeseen.

Code:

:regfind
directx32.exe
directx32
directx32v

:file 
C:\WINDOWS\directx32v.exe 

:filefind 
directx32.exe
directx32.*

:dir
C:\WINDOWS\system32\drivers\etc /s

Klikkaa nappulaa Look aloittaaksesi skannauksen.

Kun skannaus on valmis avautuu muistio joka sisältää lokitiedot
Klikkaa lokia hiiren oikealla painikkeella ja valitse "Valitse kaikki"
Kopio ja liitä se seuraavaan viestiisi.
(Loki löytyy myös työpöydältäsi nimellä SystemLook.txt)


.

 

Moi. Tässähän tätä...

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 13:43 on 07/01/2010 by J N (Administrator - Elevation successful)

========== regfind ==========

Searching for "directx32.exe"
No data found.

Searching for "directx32"
No data found.

Searching for "directx32v"
No data found.

========== file ==========

C:\WINDOWS\directx32v.exe - Unable to find/read file.

========== filefind ==========

Searching for "directx32.exe"
No files found.

Searching for "directx32.*"
No files found.

========== dir ==========

C:\WINDOWS\system32\drivers\etc - Parameters: "/s"

---Files---
HOSTS --a--- 626367 bytes [12:00 09/10/2001] [14:07 04/01/2010]
hosts.ics --a--- 375 bytes [16:04 01/01/2010] [16:05 01/01/2010]
lmhosts.sam --a--- 3705 bytes [12:00 09/10/2001] [12:00 09/10/2001]
networks --a--- 416 bytes [12:00 09/10/2001] [12:00 09/10/2001]
protocol --a--- 829 bytes [12:00 09/10/2001] [12:00 09/10/2001]
services --a--- 7151 bytes [12:00 09/10/2001] [12:00 09/10/2001]

No folders found.

-=End Of File=-

 

Sen ei pitäisi olla enään käynnissä ???
Kuis on !!!

------------------------------------------------------------------------------

Selvitä mitkä prosessit kuormittavat suoritinta eniten:
Ohjeet => TÄÄLLÄ

Kerro lisäksi Suorituskyky vlilehdeltä lukemat =>

Suoritinkäyttö %
PF Usage Mt


.

 

Suoritinkäyttö on nyt tosi alhainen, yhden ja viiden välillä menee!!! Muisti tällä hetkellä 932/3939.

Ei näy tehtävienhallinnan listalla enää ollenkaan. Suoritin myös "regedit" ja ei etsintä löytänyt sitä, eilen vielä oli. Samoin on hävinnyt pois Net Limiter ohjelman listalta. Ainoastaan Norttonin nettiä käyttävien ohjelmien listalla se kummittelee. Estin siltä jo aiemmin pääsyn nettiin Norttonilla kuin myös Net Limiterillä.

En tiedä onko merkitystä mutta tuo mato halusi kovasti lähettää dataaa 195.28.12.168 nimiseen paikkaan.

Ainoastaan yhden pikkuohjelman eilen poistin. Mutta eihän sillä ole merkitystä kai.

Voisiko tuosta päätellä että mato on liiskattu?

 

Lukemat on hyvät !!!

195.28.12.168 (DE) Germany Budenheim Rheinland-Pfalz

Kyselin Baabilta ja Shabalta asiaa.
Tällä se olis varmaan löytynyt.

Skannaa piilotetut datavirrat

Avaa HiJackThis

Klikkaa "Configure" valintaa oikealla alhaalla

Klikkaa "Misc Tools"

Klikkaa valintaa "Open ADS Spy.."

Klikkaa "Scan"

Klikkaa valintaa "Save Log..."

Kopioi ja liitä lokisi muistiosta postiisi
jos siellä jotain on (tuskin)
.

 

HiJack This ei löytänyt yhtään mitään mitä logiksi tallentaa.

Mutta ADS Spy löysi jotain.

C:\Documents and Settings\All Users\Application Data\TEMP : 1493A0EF (193 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : DD4DD9B9 (189 bytes)
C:\RECYCLER\S-1-5-21-329068152-1482476501-839522115-1004\Dc6.URL : favicon (1406 bytes)
C:\WINDOWS\Prefetch\WINDOWS : DIRECTX32V.EXE-37E26783.pf (58834 bytes)

 

Virukset ovat siirtymässä näihin
piilotettuihin datavirtoihi (paha paha paha)

-----------------------------------------------------------

Mene samaan paikkaan ADSspy.exe ja Scan.
Ruxit kaikki neljä.
Painat "Remove Selected" tms.

Käynnistä kone uudelleen.

Scanni samassa paikassa.

Toivottavasti on poissa ???
.

 

Ei tulleet takaisin enää. Joskohan se olisi siinä.

Kiitokset suuret jälleen.

 

Nyt on homma OK !!!
ja hyvällä omallatunnolla nukkumaan.

.