hjt logia viisaammille tarkastukseen

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:53, on 6.3.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Files-Secure\secure.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=74&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Media Player - {E01D62BE-3C96-4165-A54F-1A51CD75D6F9} - C:\Windows\wmpdxm.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9012 bytes

siinähän niitä olis

 

ei erikoista

 

miten tollasen files secure ohjelman voi poistaa? vae ei oo erikoista se on kyllä hyvä juttu

 

Missä se on ja mille se kuuluu

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ComboFix 08-03-05.3 - Tomi Malinen 2008-03-06 17:40:32.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1868 [GMT 2:00]
Running from: C:\Users\Tomi Malinen\Desktop\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\jusched.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-06 to 2008-03-06 )))))))))))))))))
.

2008-03-06 17:02 . 2008-03-06 17:38 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-06 17:02 . 2008-03-06 17:38 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-03-06 17:02 . 2008-03-06 17:02 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-06 16:38 . 2008-03-06 16:38 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-03-06 07:10 . 2008-03-06 07:10 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-03-05 19:00 . 2008-03-05 19:00 220,160 --a------ C:\Windows\wmpdxm.dll
2008-03-05 19:00 . 2008-03-05 19:00 54 --a------ C:\amp.bat
2008-03-02 19:17 . 2008-03-02 19:17 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Music
2008-03-02 19:16 . 2008-03-02 19:16 <KANSIO> d-------- C:\Users\Tomi Malinen\AppData\Roaming\Nokia
2008-03-02 19:16 . 2008-03-02 19:16 <KANSIO> d-------- C:\Users\All Users\PC Suite
2008-03-02 19:16 . 2008-03-02 19:16 <KANSIO> d-------- C:\ProgramData\PC Suite
2008-03-02 19:15 . 2008-03-02 19:16 <KANSIO> d-------- C:\Users\Tomi Malinen\AppData\Roaming\PC Suite
2008-03-02 19:15 . 2008-03-02 19:15 <KANSIO> d-------- C:\Program Files\DIFX
2008-03-02 19:15 . 2008-03-02 19:15 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2008-03-02 19:15 . 2008-03-02 19:15 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-03-02 19:14 . 2008-03-02 19:14 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2008-03-02 19:13 . 2008-03-02 19:13 <KANSIO> d-------- C:\Users\All Users\Installations
2008-03-02 19:13 . 2008-03-02 19:13 <KANSIO> d-------- C:\ProgramData\Installations
2008-03-02 19:13 . 2008-03-02 19:15 <KANSIO> d-------- C:\Program Files\Nokia
2008-02-29 12:42 . 2008-02-29 12:42 <KANSIO> d-------- C:\Users\All Users\GRETECH
2008-02-29 12:42 . 2008-02-29 12:42 <KANSIO> d-------- C:\ProgramData\GRETECH
2008-02-29 12:41 . 2008-02-29 12:41 <KANSIO> d-------- C:\Users\Tomi Malinen\AppData\Roaming\GRETECH
2008-02-29 12:41 . 2008-02-29 12:41 <KANSIO> d-------- C:\Program Files\GRETECH
2008-02-28 14:54 . 2008-02-28 14:54 <KANSIO> d-------- C:\Users\Tomi Malinen\AppData\Roaming\Roxio
2008-02-22 21:47 . 2008-02-23 00:53 <KANSIO> d-------- C:\Users\Tomi Malinen\AppData\Roaming\mIRC
2008-02-22 21:47 . 2008-02-22 21:47 <KANSIO> d-------- C:\Program Files\mIRC
2008-02-22 08:45 . 2008-03-06 07:11 <KANSIO> d-------- C:\Users\All Users\Lavasoft
2008-02-22 08:45 . 2008-03-06 07:11 <KANSIO> d-------- C:\ProgramData\Lavasoft
2008-02-21 11:07 . 1998-07-30 12:51 305,152 --a------ C:\Windows\IsUninst.exe
2008-02-20 22:03 . 2008-03-03 16:45 <KANSIO> d-------- C:\Program Files\ProPilkki2
2008-02-18 12:00 . 2008-02-18 12:00 <KANSIO> d-------- C:\Users\All Users\OrbNetworks
2008-02-18 12:00 . 2008-02-18 12:00 <KANSIO> d-------- C:\ProgramData\OrbNetworks
2008-02-18 12:00 . 2008-02-18 12:00 <KANSIO> d-------- C:\Program Files\Winamp Remote
2008-02-18 11:56 . 2008-02-25 22:18 <KANSIO> d-------- C:\Users\Tomi Malinen\AppData\Roaming\Winamp
2008-02-18 11:56 . 2008-02-18 12:01 <KANSIO> d-------- C:\Program Files\Winamp
2008-02-16 12:04 . 2008-01-10 07:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-14 17:08 . 2008-02-14 17:09 <KANSIO> d-------- C:\Users\Tomi Malinen\.onnet
2008-02-14 03:05 . 2008-02-14 03:05 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-14 03:05 . 2008-02-14 03:05 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-14 03:03 . 2008-02-14 03:03 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 03:02 . 2008-02-14 03:02 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-13 16:34 . 2008-02-13 16:34 <KANSIO> dr-h----- C:\Users\Tomi Malinen\AppData\Roaming\SecuROM
2008-02-13 16:10 . 2008-02-13 16:10 <KANSIO> d-------- C:\Program Files\Electronic Arts
2008-02-13 16:09 . 2008-02-13 16:09 <KANSIO> d-------- C:\Windows\System32\AGEIA
2008-02-13 16:09 . 2008-02-13 16:09 <KANSIO> d-------- C:\Program Files\AGEIA Technologies
2008-02-13 16:08 . 2008-03-06 07:08 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-12 21:27 . 2008-02-12 21:27 <KANSIO> d-------- C:\Program Files\Play+Smile
2008-02-12 21:27 . 2005-04-14 16:33 3,638 --ah----- C:\Windows\ps.ico
2008-02-12 14:16 . 2008-02-12 14:16 <KANSIO> d-------- C:\Users\Tomi Malinen\AppData\Roaming\DAEMON Tools
2008-02-12 14:13 . 2008-02-12 14:13 716,272 --a------ C:\Windows\System32\drivers\sptd.sys
2008-02-11 23:53 . 2008-01-12 18:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-02-11 23:53 . 2008-01-15 09:54 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-02-11 23:53 . 2008-01-15 05:28 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-02-11 18:40 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-02-11 18:38 . 2008-02-11 18:37 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-02-11 18:37 . 2008-02-11 18:37 22,328 --a------ C:\Users\Tomi Malinen\AppData\Roaming\PnkBstrK.sys
2008-02-11 18:36 . 2008-02-11 18:36 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2008-02-11 18:36 . 2008-02-11 18:36 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-02-11 18:36 . 2008-02-11 18:36 319 --a------ C:\Windows\game.ini
2008-02-11 18:19 . 2008-02-11 18:19 <KANSIO> d-------- C:\Program Files\Activision
2008-02-10 14:27 . 2008-02-10 14:27 <KANSIO> d-------- C:\Users\Tomi Malinen\AppData\Roaming\PeerNetworking
2008-02-10 14:24 . 2008-02-10 14:24 <KANSIO> d-------- C:\Windows\vbSkinner
2008-02-10 14:24 . 2008-02-10 14:29 <KANSIO> d-------- C:\Program Files\PortTrigger
2008-02-09 21:51 . 2008-02-19 12:03 <KANSIO> d-------- C:\Users\Tomi Malinen\AppData\Roaming\uTorrent
2008-02-09 21:51 . 2008-02-09 21:51 <KANSIO> d-------- C:\Program Files\uTorrent
2008-02-09 20:44 . 2008-02-09 20:44 0 --a------ C:\Windows\nsreg.dat
2008-02-09 20:34 . 2008-02-09 20:34 <KANSIO> d-------- C:\Windows\PCHEALTH
2008-02-09 20:31 . 2008-02-09 20:31 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-09 20:03 . 2008-02-09 20:34 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-09 20:02 . 2008-02-09 20:26 <KANSIO> d-------- C:\Users\All Users\WLInstaller
2008-02-09 20:02 . 2008-02-09 20:26 <KANSIO> d-------- C:\ProgramData\WLInstaller
2008-02-09 20:02 . 2008-02-09 20:34 <KANSIO> d-------- C:\Program Files\Windows Live
2008-02-09 18:39 . 2008-02-09 18:39 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-02-09 18:39 . 2008-02-09 18:39 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-02-09 18:39 . 2008-02-09 18:39 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-02-09 18:39 . 2008-02-09 18:39 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-02-09 18:39 . 2008-02-09 18:39 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-02-09 18:38 . 2008-02-09 18:38 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-02-09 18:38 . 2008-02-09 18:38 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-02-09 18:38 . 2008-02-09 18:38 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-02-09 18:38 . 2008-02-09 18:38 2,048 --a------ C:\Windows\System32\asferror.dll
2008-02-09 18:36 . 2008-02-09 18:36 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-02-09 18:36 . 2008-02-09 18:36 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-02-09 18:36 . 2008-02-09 18:36 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-02-09 18:36 . 2008-02-09 18:36 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-02-09 18:36 . 2008-02-09 18:36 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-02-09 18:35 . 2008-02-09 18:35 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-02-09 18:35 . 2008-02-09 18:35 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-02-09 18:35 . 2008-02-09 18:35 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-02-09 18:35 . 2008-02-09 18:35 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-02-09 18:35 . 2008-02-09 18:35 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-02-09 18:35 . 2008-02-09 18:35 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-02-09 18:35 . 2008-02-09 18:35 2,048 --a------ C:\Windows\System32\tzres.dll
2008-02-09 18:34 . 2008-02-09 18:34 750,080 --a------ C:\Windows\System32\qmgr.dll
2008-02-09 18:25 . 2008-02-09 18:25 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-02-09 18:25 . 2008-02-09 18:25 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-02-09 18:25 . 2008-02-09 18:25 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-02-09 18:25 . 2008-02-09 18:25 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-02-09 18:25 . 2008-02-09 18:25 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-02-09 18:25 . 2008-02-09 18:25 53,080 --a------ C:\Windows\System32\wuauclt.exe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 17:00 --------- d-----w C:\ProgramData\Symantec
2008-02-28 12:54 --------- d-----w C:\ProgramData\Sonic
2008-02-22 06:49 9,344 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2008-02-22 06:49 8,320 ----a-w C:\Windows\system32\drivers\AWRTRD.sys
2008-02-14 01:03 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 01:01 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 01:01 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 01:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 01:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 15:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-12 15:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-11 21:52 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-11 21:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-10 10:24 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-02-10 10:24 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-02-10 10:24 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-02-10 10:24 --------- d-----w C:\Program Files\Symantec
2008-02-09 18:24 174 --sha-w C:\Program Files\desktop.ini
2008-02-09 18:21 --------- d-----w C:\Program Files\Google
2008-02-09 18:20 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-09 18:20 --------- d-----w C:\Program Files\Windows Mail
2008-02-09 18:20 --------- d-----w C:\Program Files\Windows Calendar
2008-02-09 16:37 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-02-09 13:02 1,823 --sha-r C:\Windows\system32\drivers\103C_HP_CPC_GU664AA-UUW a6231.sc_YC_0Pavi_QCZH750_E74FIv3PrA2_49_INARRA2_SASUSTek Computer INC._V2.00_B5.13_T071029_WUH0_L40B_M3071_J500_7AMD_8Athlon 64 X2 Dual Core_92.6_#080209_N10DE03EF_Z_G10DE0421.MRK
2008-02-09 12:58 --------- d-sh--w C:\ProgramData\Työpöytä
2008-02-09 12:58 --------- d-sh--w C:\ProgramData\Tiedostot
2008-02-09 12:58 --------- d-sh--w C:\ProgramData\Suosikit
2008-02-09 12:58 --------- d-sh--w C:\ProgramData\Mallit
2008-02-09 12:58 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
2007-12-14 09:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E01D62BE-3C96-4165-A54F-1A51CD75D6F9}]
2008-03-05 19:00 220160 --a------ C:\Windows\wmpdxm.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-09 18:36 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-20 02:45 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 15:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 15:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 15:15 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 13:06 4669440 C:\Windows\RtHDVCpl.exe]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 02:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 16:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1638085D-6402-4C18-BB11-2FCB34E0153D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"TCP Query User{4F6CCBB0-CAD3-4384-9791-D506B3602EB5}C:\program files\utorrent\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
"UDP Query User{50400934-3061-4AD2-B434-3395E853DA76}C:\program files\utorrent\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
"{D0602178-0ED1-4E64-B8A4-95DD90B0763D}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{2169DA79-ABBF-43D4-B1D7-1B1F95558EFD}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{D37B0A9D-55A9-4AC4-A4BF-A001014F71BC}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{1D85C60C-B798-4D56-9E2E-B51BB7CBD24F}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{CA51BEBB-AFCD-4787-8E15-EB9E1ABE7959}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{067501CA-78F5-4276-8474-00DD7147CE63}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{17A03D31-13D5-48AA-86C7-5CE0409E71FD}"= UDP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{E4C0E117-5DC2-4CB7-8EB7-54ED6E081557}"= TCP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{F7B5180E-7A06-43C5-B77A-3A2768EB5C01}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{B870E898-3973-4BD3-A707-1EC1DF898B3F}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{67029AD6-F6A0-48B4-B465-AD2A020C91D8}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{F3863D0B-B8F7-4A82-92C8-B8645CAC1614}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{613364D3-1FAF-4AF8-9DD7-163D9416277F}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{0AD6795C-A704-4BA3-9CFF-69D0D2843EF8}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{5AB43795-D94A-4A63-8465-CCDFFD6DD6B6}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{15D49CF4-EFD8-4755-A71A-38F007C40784}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080305.002\IDSvix86.sys [2008-02-13 18:18]
R2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 12:53]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-06-11 11:49]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-04-20 19:21]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]

*Newly Created Service* - COMHOST
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-04 05:12:37 C:\Windows\Tasks\Norton Internet Security - Suorita täyd. järj.tarkistus - Tomi Malinen.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 17:41:53
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-06 17:42:26
ComboFix-quarantined-files.txt 2008-03-06 15:42:24
.
2008-02-29 07:52:54 --- E O F ---

 

• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta postiisi

 

Ad-Aware 2007
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.0 - Suomi
AGEIA PhysX v7.07.09
AppCore
a-squared Free 3.1
AV
Call of Duty(R) 4 - Modern Warfare(TM)
ccCommon
GOM Player
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hardware Diagnostic Tools
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.01
HP Picasso Media Center Add-In
HP Update
Java(TM) SE Runtime Environment 6 Update 1
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Medal of Honor Airborne
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIRC
Mozilla Firefox (2.0.0.12)
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
muvee autoProducer 6.0
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
PC Connectivity Solution
Pro Pilkki 2
Python 2.5
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
SPBBC 32bit
Spybot - Search & Destroy
Sydney 2000 Demo
Tehostettu multimedianäppäimistöratkaisu
Texas Hold'em Poker 3D - Deluxe Edition 1.0
Winamp
Winamp Remote
Windows Live installer
Windows Live Messenger
Windows Liven kirjautumisavustaja
Windows Media Player Firefox Plugin
Windowsin ohjainpaketti - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windowsin ohjainpaketti - Nokia Modem (02/15/2007 3.1)
Windowsin ohjainpaketti - Nokia Modem (02/15/2007 3.1)
Windowsin ohjainpaketti - Nokia Modem (05/24/2007 6.84.0.1)
WinRAR archiver

 

poista ohjuspanelista

Files Secure

Poista tuo kansio
C:\Program Files\Files-Secure