HJT loki,, katsoisiko joku.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:01, on 2.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fi_fi&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ig?hl=fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fi_fi&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fi_fi&c=83&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Työkalurivi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O3 - Toolbar: Lexmark Työkalurivi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL-työkalurivi Haku - C:\ProgramData\AOL\ieToolbar\resources\fi-FI\local\search.html
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Lähetä kuva &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Lähetä sivu &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\STacSV.exe

--
End of file - 13545 bytes

 

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

 

Kone jumittaa totaalisesti heti kun laitan tuon ohjelman tarkistamaan....

 

No no sano

tuokin pois

BearShare MediaBar

Viskaa tuo kansio pois

C:\Program Files\BearShare Applications

==============

scannaa hjt:llä merkkaa paina Fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

===============

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

Älä asenna palautus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

================

Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

 

ComboFix 09-03-02.01 - Eetu 2009-03-02 22:14:40.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.3069.1842 [GMT 2:00]
Sijainti: c:\users\Eetu\Desktop\ComboFix.exe
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\videosoft
c:\programdata\Microsoft\Windows\Start Menu\Programs\videosoft\Uninstall.lnk
C:\resycled
c:\users\Eetu\AppData\Roaming\inst.exe
D:\resycled

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-02-02 to 2009-03-02 )))))))))))))))))
.

2009-03-02 19:51 . 2009-03-02 19:51 <KANSIO> d-------- c:\users\Eetu\AppData\Roaming\Malwarebytes
2009-03-02 19:51 . 2009-03-02 19:51 <KANSIO> d-------- c:\users\All Users\Malwarebytes
2009-03-02 19:51 . 2009-03-02 19:51 <KANSIO> d-------- c:\programdata\Malwarebytes
2009-03-02 19:51 . 2009-03-02 19:51 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-02 19:51 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-02 19:51 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-02 18:47 . 2009-03-02 18:47 <KANSIO> d-------- c:\users\All Users\Avira
2009-03-02 18:47 . 2009-03-02 18:47 <KANSIO> d-------- c:\programdata\Avira
2009-03-02 18:47 . 2009-03-02 18:47 <KANSIO> d-------- c:\program files\Avira
2009-03-02 18:12 . 2009-03-02 18:12 <KANSIO> d-------- c:\program files\Trend Micro
2009-02-23 22:49 . 2009-02-23 22:49 319 --a------ c:\windows\game.ini
2009-02-23 22:13 . 2009-02-23 22:13 <KANSIO> d-------- c:\program files\PowerISO
2009-02-23 20:57 . 2009-02-23 20:57 <KANSIO> d-------- c:\program files\DVDFab 5
2009-02-23 20:57 . 2009-02-23 20:57 <KANSIO> d-------- c:\program files\DC++
2009-02-22 13:16 . 2009-02-22 13:16 <KANSIO> d-------- c:\program files\PhotoFiltre
2009-02-22 12:34 . 2009-02-22 12:34 45 ---h----- c:\windows\dos05271.dat
2009-02-18 16:50 . 2009-02-18 16:50 <KANSIO> d-------- c:\program files\Ubisoft
2009-02-18 16:38 . 2009-02-18 16:38 <KANSIO> d-------- c:\users\Eetu\AppData\Roaming\InstallShield
2009-02-15 20:17 . 2008-12-05 06:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 20:17 . 2008-12-05 06:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 20:16 . 2008-12-05 06:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 20:16 . 2008-12-05 06:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 20:16 . 2008-12-05 06:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-13 13:44 . 2009-02-13 13:44 <KANSIO> d-------- c:\program files\Netlog 24
2009-02-13 13:44 . 2009-02-13 13:44 159,744 --a------ c:\windows\System32\Netlog24Uninstaller.exe
2009-02-11 17:08 . 2009-01-15 05:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 17:08 . 2009-01-15 08:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-07 22:09 . 2009-02-07 22:09 <KANSIO> d-------- c:\users\Eetu\AppData\Roaming\GTek
2009-02-04 20:18 . 2009-02-04 20:18 <KANSIO> d-------- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 19:25 --------- d-----w c:\users\Eetu\AppData\Roaming\LimeWire
2009-02-28 15:46 --------- d-----w c:\users\Eetu\AppData\Roaming\uTorrent
2009-02-28 13:18 --------- d-----w c:\users\Eetu\AppData\Roaming\U3
2009-02-25 15:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-23 18:57 47,360 ----a-w c:\users\Eetu\AppData\Roaming\pcouffin.sys
2009-02-23 18:57 --------- d-----w c:\users\Eetu\AppData\Roaming\Vso
2009-02-20 18:06 --------- d-----w c:\programdata\CyberLink
2009-02-20 08:53 --------- d-----w c:\users\Eetu\AppData\Roaming\Skype
2009-02-20 06:00 --------- d-----w c:\users\Eetu\AppData\Roaming\skypePM
2009-02-19 19:37 --------- d-----w c:\programdata\TrackMania
2009-02-16 09:29 --------- d-----w c:\users\Eetu\AppData\Roaming\dvdcss
2009-02-15 10:47 --------- d-----w c:\programdata\Lx_cats
2009-02-14 06:39 --------- d-----w c:\programdata\PC Suite
2009-02-13 15:37 --------- d-----w c:\program files\Hewlett-Packard
2009-02-12 01:00 --------- d-----w c:\program files\Windows Mail
2009-02-11 16:34 70,984 ----a-w c:\users\Eetu\AppData\Roaming\GDIPFONTCACHEV1.DAT
2009-02-10 18:17 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-05 16:34 --------- d-----w c:\users\Eetu\AppData\Roaming\Nokia
2009-02-05 16:16 --------- d-----w c:\users\Eetu\AppData\Roaming\PC Suite
2009-01-31 19:35 --------- d-----w c:\program files\IKEA HomePlanner
2009-01-31 19:34 --------- d-----w c:\program files\Common Files\Adobe
2009-01-31 19:06 --------- d-----w c:\programdata\FLEXnet
2009-01-31 18:54 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-30 15:24 14,600 ----a-w c:\windows\Help\OEM\scripts\HC_InstallHPHC.exe
2009-01-26 01:01 --------- d-----w c:\program files\Windows Live
2009-01-24 14:49 --------- d-----w c:\programdata\Yahoo!
2009-01-24 14:46 --------- d-----w c:\users\Eetu\AppData\Roaming\Yahoo!
2009-01-24 14:46 --------- d-----w c:\programdata\Yahoo! Companion
2009-01-24 14:46 --------- d-----w c:\program files\Yahoo!
2009-01-24 11:19 --------- d-----w c:\programdata\ThumbnailCache4R
2009-01-23 20:00 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-01-23 19:54 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-01-23 19:53 --------- d-----w c:\programdata\WLInstaller
2009-01-17 10:11 --------- d-----w c:\users\Eetu\AppData\Roaming\Lexmark Productivity Studio
2009-01-16 12:42 --------- d-----w c:\programdata\Nokia
2009-01-16 12:41 --------- d-----w c:\program files\Nokia
2009-01-16 12:41 --------- d-----w c:\program files\Common Files\Nokia
2009-01-16 12:40 --------- d-----w c:\programdata\Installations
2009-01-11 22:05 --------- d-----w c:\users\Eetu\AppData\Roaming\Apple Computer
2009-01-11 22:04 --------- d-----w c:\programdata\Apple Computer
2009-01-11 22:00 --------- d-----w c:\program files\Common Files\Apple
2009-01-08 17:37 --------- d-----w c:\users\Eetu\AppData\Roaming\FaxCtr
2009-01-07 18:53 --------- d-----w c:\program files\EA GAMES
2009-01-07 16:31 --------- d-----w c:\program files\Lexmark Toolbar
2009-01-07 16:24 --------- d-----w c:\program files\Lexmark 3600-4600 Series
2009-01-07 15:04 --------- d-----w c:\program files\Lexmark Fax Solutions
2009-01-07 15:03 --------- d-----w c:\programdata\FaxCtr
2009-01-07 15:03 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2009-01-05 20:35 --------- d-----w c:\program files\Alwil Software
2009-01-05 18:56 --------- d--h--r c:\users\Eetu\AppData\Roaming\SecuROM
2009-01-04 15:46 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-01-04 15:46 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-01-04 15:44 --------- d-----w c:\program files\Common Files\PCSuite
2009-01-04 15:43 --------- d-----w c:\program files\DIFX
2009-01-04 15:42 --------- d-----w c:\program files\PC Connectivity Solution
2009-01-02 20:24 --------- d-----w c:\programdata\WinZip
2009-01-02 19:07 --------- d-----w c:\program files\RADVideo
2008-12-12 09:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-12-12 09:11 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-12-04 19:41 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-10-19 15:42 32 ----a-w c:\users\All Users\ezsid.dat
2008-10-19 15:42 32 ----a-w c:\programdata\ezsid.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 16:05 398776 --a------ c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-08 4363504]
"Netlog 24"="c:\program files\Netlog 24\Notifier\Netlog24Notifier.exe" [2009-02-13 1380352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-15 442433]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-15 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-10-18 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 16040]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-20 320168]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-17 727592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{513DF4C0-4564-4131-82EE-9D5118096707}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{92E492C6-0C11-46F8-B3E6-8499BD94B2E5}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{56F1E115-2B53-4AF8-A420-FF54139E4A80}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{9D6DC55F-2E11-43DF-980A-2D02CD05BD35}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{5146885F-8F36-4C79-8455-65F02F4EB91B}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{F64310BD-0DE7-4F42-ACFA-D832854AF0BE}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{EAE95B8D-A19D-4DD4-887E-BDDF1E943DBE}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{D5687789-931D-4E97-AF23-02AD8D68586D}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{AD9113F7-BE9C-42EE-A789-9815CF3D1BEE}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{5E326388-9125-462B-951C-08408241654B}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{A98D3275-8DB9-4DAB-8EF9-74C8E2632821}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{266A4E4E-8352-41E9-97D9-05556851F40A}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{F3903AA8-06EB-4334-9B13-A4CBD6E14A36}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{E21FFD27-BD56-4D3E-B25D-F46C3A5D429B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{C8C965E8-235F-49E2-82E6-DABB673E6847}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{0FD1DB3B-ED8C-4226-B96F-1299A718B1D9}c:\\users\\eetu\\desktop\\tmnationsforever\\tmforever.exe"= UDP:c:\users\eetu\desktop\tmnationsforever\tmforever.exe:tmforever.exe
"UDP Query User{54C58140-89E3-42BF-95AC-3BF1400718D5}c:\\users\\eetu\\desktop\\tmnationsforever\\tmforever.exe"= TCP:c:\users\eetu\desktop\tmnationsforever\tmforever.exe:tmforever.exe
"TCP Query User{87BE7144-E1AE-46A8-AB09-57F45CBEC622}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8047EE6F-3EB6-4D08-B4FB-9AD21B886D65}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{D5A75A82-6F82-4BD1-9909-BC6FBEE92548}"= UDP:c:\windows\System32\lxdxcoms.exe:Lexmark Communications System
"{2B23A2EC-6573-4BAB-9116-18A7D1C64F24}"= TCP:c:\windows\System32\lxdxcoms.exe:Lexmark Communications System
"{C3A13B28-B21E-41C7-8B8F-79BF2B2C5A6C}"= UDP:c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor
"{AD9C3B06-CFD0-46BA-98F7-59302568411C}"= TCP:c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor
"{B9219E76-97E8-4F79-BAE5-D78FD92C7287}"= UDP:c:\program files\Lexmark 3600-4600 Series\frun.exe:Lexmark Productivity Studio
"{7B245669-AC03-40A6-B914-F822D6E8901F}"= TCP:c:\program files\Lexmark 3600-4600 Series\frun.exe:Lexmark Productivity Studio
"{D54A85D5-4BAD-4319-BBBA-60D8591C3425}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{0CA5F645-8B53-4E3C-BFE2-7810CC0C66CB}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{CC0F50AC-3616-449D-A793-E4EF11FE24D5}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{64C76131-E89B-4A3A-92CB-1274A4577B4F}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{C333DB4E-E7E8-45CE-B263-33D999FC501D}"= UDP:c:\program files\Lexmark 3600-4600 Series\lxdxmon.exerinter Device Monitor
"{D1D6CC28-54B1-454D-833E-876ED5EE659E}"= TCP:c:\program files\Lexmark 3600-4600 Series\lxdxmon.exerinter Device Monitor
"{BE932082-8E46-46AF-A96B-FEF6B2A59F6C}"= UDP:c:\users\Eetu\AppData\Local\Temp\lxdx\wireless\lxdxwpss.exe:
"{E14C2E12-E01E-492D-BE85-D3D1A2D0F2C5}"= TCP:c:\users\Eetu\AppData\Local\Temp\lxdx\wireless\lxdxwpss.exe:
"{D04C1778-DEBC-4A5A-B71A-81A99D25D1C0}"= UDP:c:\windows\System32\lxdxcfg.exerinter Communication System
"{6A88C519-F835-4BC1-B325-C1E5EF1C714D}"= TCP:c:\windows\System32\lxdxcfg.exerinter Communication System
"{923FE619-1312-4AF9-AAA2-8498503D87D0}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxpswx.exerinter Status Window Interface
"{4B35EEEF-B2B3-47FC-9916-FFD200A5BEF8}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxpswx.exerinter Status Window Interface
"{9A3C371F-5C90-424A-A8D1-CD909D274EFD}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable
"{A12445AD-E220-45D8-A4AB-8FD925690983}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable
"{F0EF31E4-B01A-4A69-956B-F0361A94ACFD}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxjswx.exe:Job Status Window Interface
"{6497F7F5-3D4D-4AB0-A4AF-E7ED261C60A1}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxjswx.exe:Job Status Window Interface
"{311F46E2-8BA1-4D75-AE04-64E40939C4C7}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{087ABF0E-A8A4-454C-8515-DAEAAAAAC437}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{69253116-0C55-4766-893A-45357C02BEFA}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{C86C0186-E526-45F3-A966-65053A93F402}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{91B402B4-E757-4E5A-9985-9E7834FB8599}c:\\program files\\lexmark 3600-4600 series\\autoprnt.exe"= UDP:c:\program files\lexmark 3600-4600 series\autoprnt.exe:Auto Print Application
"UDP Query User{64B8AB2B-B3A2-4A18-973A-1FF690619063}c:\\program files\\lexmark 3600-4600 series\\autoprnt.exe"= TCP:c:\program files\lexmark 3600-4600 series\autoprnt.exe:Auto Print Application
"TCP Query User{71D49B48-DFCD-4538-BD87-48FB98484D17}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{B7DDF430-C88F-4C65-AD9E-CD3D81D629C6}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{24E66A30-4C4A-4856-80BA-69F4703C667D}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{659F7285-21AF-498D-BC83-B1E4FC216AEB}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"{6DFEE318-7E55-48EF-93CE-2AD05B9AD524}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{322DB773-AD55-4B76-AE8A-BC76834D0E47}c:\\program files\\lexmark 3600-4600 series\\lxdxlscn.exe"= UDP:c:\program files\lexmark 3600-4600 series\lxdxlscn.exe:lxdxlscn
"UDP Query User{047D6D93-D1B4-4FA6-B670-5D693359C9C8}c:\\program files\\lexmark 3600-4600 series\\lxdxlscn.exe"= TCP:c:\program files\lexmark 3600-4600 series\lxdxlscn.exe:lxdxlscn
"{763E248C-C2A6-478F-9708-8A9EBC25CFF9}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3ECA2D9E-CCBF-4300-9903-81E53E431DA6}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{C118AD9D-3BC5-49DC-8B88-6280EFC1ACC9}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{6B9D03ED-79D9-4D88-A89E-1E26B52A03D3}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{BEBB2192-D94B-43E9-A428-2FD3A2A8B8B9}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{F35486DA-4F66-402F-901F-7E856415D76B}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{DD9FF2BE-F758-49ED-BC99-96F3B9945E99}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{45E23805-4BA1-41E5-A94B-1C1084915213}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{4E750881-B348-4280-A275-63D1036DDF5C}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{B3EC3501-90CC-49BB-BAA4-04040E889855}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{83857F82-B8CC-4B65-B07F-95B58931EECB}c:\\program files\\lexmark 3600-4600 series\\lxdxmon.exe"= UDP:c:\program files\lexmark 3600-4600 series\lxdxmon.exerinter Device Monitor
"UDP Query User{9200B05E-0B83-4B6A-B5A0-DFBEA9030350}c:\\program files\\lexmark 3600-4600 series\\lxdxmon.exe"= TCP:c:\program files\lexmark 3600-4600 series\lxdxmon.exerinter Device Monitor
"{0C0B1A88-C36D-46C1-BB84-A9246ECE2CD9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F178285B-E732-4467-8A47-E008D074107D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{581C8B7C-4C1D-43D0-A650-9814CCE69356}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= UDP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone
"UDP Query User{B55C4C95-C39B-4B11-A2A8-95EB5C1687C8}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= TCP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone
"TCP Query User{AA7433A9-EE59-42A9-8206-3E79BF996002}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"= UDP:c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exerinter Status Window Interface
"UDP Query User{597D13E7-977F-4805-A632-A7C2931CB80D}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"= TCP:c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exerinter Status Window Interface

R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2008-06-26 16:13:19 61424]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\AEstSrv.exe [2008-07-29 73728]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [2008-03-19 19456]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdxserv.exe [2009-01-07 98984]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-06-26 341328]
R3 AVerAF15;HP DVB-T TV Tuner;c:\windows\System32\drivers\AVerAF15.sys [2008-07-29 280192]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-06-26 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-01-24 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-05-21 86672]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2009-03-02 38496]
S3 WSDPrintDevice;WSD-tulostustuki UMB:n kautta;c:\windows\System32\drivers\WSDPrint.sys [2008-01-21 16896]

--- Muut muistissa olevat ajurit/palvelut ---

*NewlyCreated* - SSMDRV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - g:\setup\rsrc\Autorun.exe
\shell\dinstall\command - g:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20d4533f-c2df-11dd-9e11-002186720d1b}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2761e440-db50-11dd-9e5a-002186720d1b}]
\shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51d6d721-beec-11dd-a6fd-002186720d1b}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a42e54f-d044-11dd-a193-002186720d1b}]
\shell\AutoRun\command - G:\AutoRun.exe
.
- - - - POISTETUT JÄMÄRIVIT - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/ig?hl=fi
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fi_fi&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &AOL-työkalurivi Haku - c:\programdata\AOL\ieToolbar\resources\fi-FI\local\search.html
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Lähetä kuva &Bluetooth-laitteeseen... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Lähetä sivu &Bluetooth-laitteeseen... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 22:17:53
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2009-03-02 22:20:58
ComboFix-quarantined-files.txt 2009-03-02 20:20:54

Ennen ajoa: 135 973 658 624 tavua vapaana
Ajon jälkeen: 137,646,383,104 tavua vapaana

295

 

scannaa uusi hjt:n loki oot näämä vaihellut juttuja siellä

 

en kyl oo muutellu mitään... mut täs tä uus hjt loki....




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:01, on 2.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fi_fi&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ig?hl=fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fi_fi&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fi_fi&c=83&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Työkalurivi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O3 - Toolbar: Lexmark Työkalurivi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL-työkalurivi Haku - C:\ProgramData\AOL\ieToolbar\resources\fi-FI\local\search.html
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Lähetä kuva &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Lähetä sivu &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\STacSV.exe

--
End of file - 13545 bytes

 

Nyt tuon alla olevan lainauksen sisällön Kopioit / liität Tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio

Tallenna nimellä

Kohde: Työpöytä

Tiedostonnimi: CFScript.txt

Tallennusmuoto: Kaikki tiedostot

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Laita tuleva loki tänne.

Sammutat ja käynnistät koneen

 

ComboFix 09-03-02.01 - Eetu 2009-03-02 23:13:37.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.3069.1771 [GMT 2:00]
Sijainti: c:\users\Eetu\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\users\Eetu\Desktop\CFScript.txt
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Avira
c:\program files\Avira\AntiVir PersonalEdition Classic\about.htm
c:\program files\Avira\AntiVir PersonalEdition Classic\aebb.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\aecore.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\aeemu.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\aegen.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\aehelp.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\aeheur.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\aeoffice.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\aepack.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\aerdl.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\aescn.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\aescript.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\aeset.dat
c:\program files\Avira\AntiVir PersonalEdition Classic\aevdf.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\alldiscs.avp
c:\program files\Avira\AntiVir PersonalEdition Classic\alldrives.avp
c:\program files\Avira\AntiVir PersonalEdition Classic\antivir.oem
c:\program files\Avira\AntiVir PersonalEdition Classic\antivir0.vdf
c:\program files\Avira\AntiVir PersonalEdition Classic\antivir1.vdf
c:\program files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf
c:\program files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf
c:\program files\Avira\AntiVir PersonalEdition Classic\avadmin.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avarkt.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avconfig.cpl
c:\program files\Avira\AntiVir PersonalEdition Classic\avconfig.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\avconfig.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avconfig.xml
c:\program files\Avira\AntiVir PersonalEdition Classic\avconfig64.cpl
c:\program files\Avira\AntiVir PersonalEdition Classic\avevtlog.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\avgio.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\avgio.sys
c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avinet.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\avipbb.inf
c:\program files\Avira\AntiVir PersonalEdition Classic\avipc.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\avnotify.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\avnotify.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avpref.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\avreg.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\avrep.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\avscan.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\avscan.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avwin.chm
c:\program files\Avira\AntiVir PersonalEdition Classic\avwinll.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\build.dat
c:\program files\Avira\AntiVir PersonalEdition Classic\ccev.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\ccevrc.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\ccgen.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\ccgenrc.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\ccgrdrc.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\ccguard.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\cclib.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\cclic.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\cclicrc.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\ccmainrc.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\ccmsg.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\ccplg.xml
c:\program files\Avira\AntiVir PersonalEdition Classic\ccprofil.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\ccquamgr.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\ccquarc.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\ccreporc.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\ccreport.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\ccscanrc.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\ccsched.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\ccscherc.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\cctpc.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\ccupdate.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\ccupdrc.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\common_msg.avr
c:\program files\Avira\AntiVir PersonalEdition Classic\eula.txt
c:\program files\Avira\AntiVir PersonalEdition Classic\fact.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\factrc.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aebb.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aecore.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aeemu.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aegen.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aehelp.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aeheur.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aeoffice.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aepack.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aerdl.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aescn.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aescript.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aeset.dat
c:\program files\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aevdf.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\FAILSAFE\antivir0.vdf
c:\program files\Avira\AntiVir PersonalEdition Classic\FAILSAFE\antivir1.vdf
c:\program files\Avira\AntiVir PersonalEdition Classic\FAILSAFE\antivir2.vdf
c:\program files\Avira\AntiVir PersonalEdition Classic\FAILSAFE\antivir3.vdf
c:\program files\Avira\AntiVir PersonalEdition Classic\filelist.ini
c:\program files\Avira\AntiVir PersonalEdition Classic\guardevt.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\guardgui.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\guardmsg.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\hbedv.key
c:\program files\Avira\AntiVir PersonalEdition Classic\licmgr.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\licmgr.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\luke.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\lukeres.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\mfc71u.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\mgrs.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\msgclient.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\msvcp71.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\msvcr71.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\mydocs.avp
c:\program files\Avira\AntiVir PersonalEdition Classic\netnt.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\prefix_msg.avr
c:\program files\Avira\AntiVir PersonalEdition Classic\preupd.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\process.avp
c:\program files\Avira\AntiVir PersonalEdition Classic\prodinfo.dat
c:\program files\Avira\AntiVir PersonalEdition Classic\product.ini
c:\program files\Avira\AntiVir PersonalEdition Classic\rchelp.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\rcimage.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\rctext.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\readme.txt
c:\program files\Avira\AntiVir PersonalEdition Classic\rmdiscs.avp
c:\program files\Avira\AntiVir PersonalEdition Classic\scewxml.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\schedr.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\setup.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\setup.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
c:\program files\Avira\AntiVir PersonalEdition Classic\shlext.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\smtplib.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\ssmdrv.inf
c:\program files\Avira\AntiVir PersonalEdition Classic\sweb.zip
c:\program files\Avira\AntiVir PersonalEdition Classic\sysdir.avp
c:\program files\Avira\AntiVir PersonalEdition Classic\sysscan.avp
c:\program files\Avira\AntiVir PersonalEdition Classic\unacev2.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\update.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\update_msg.avr
c:\program files\Avira\AntiVir PersonalEdition Classic\updgui.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\updguirc.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\updlib.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\updlibrc.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\weblink.url
c:\program files\Avira\AntiVir PersonalEdition Classic\wksstats.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\wsctool.exe
c:\program files\BearShare Applications
c:\program files\BearShare Applications\BearShare MediaBar\basis.xml
c:\program files\BearShare Applications\BearShare MediaBar\bearshare.bmp
c:\program files\BearShare Applications\BearShare MediaBar\bearshare_icons.bmp
c:\program files\BearShare Applications\BearShare MediaBar\bearshare_logo.bmp
c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
c:\program files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
c:\program files\BearShare Applications\BearShare MediaBar\beforeNavigate.js
c:\program files\BearShare Applications\BearShare MediaBar\button_arrow.bmp
c:\program files\BearShare Applications\BearShare MediaBar\button_arrow_clk.bmp
c:\program files\BearShare Applications\BearShare MediaBar\button_arrow_hl.bmp
c:\program files\BearShare Applications\BearShare MediaBar\mailsites.html
c:\program files\BearShare Applications\BearShare MediaBar\myemail.bmp
c:\program files\BearShare Applications\BearShare MediaBar\myemail_hl.bmp
c:\program files\BearShare Applications\BearShare MediaBar\mysites.bmp
c:\program files\BearShare Applications\BearShare MediaBar\mysites_hl.bmp
c:\program files\BearShare Applications\BearShare MediaBar\resizer.bmp
c:\program files\BearShare Applications\BearShare MediaBar\search.bmp
c:\program files\BearShare Applications\BearShare MediaBar\search_clk.bmp
c:\program files\BearShare Applications\BearShare MediaBar\search_hl.bmp
c:\program files\BearShare Applications\BearShare MediaBar\search_images.bmp
c:\program files\BearShare Applications\BearShare MediaBar\search_maps.bmp
c:\program files\BearShare Applications\BearShare MediaBar\search_news.bmp
c:\program files\BearShare Applications\BearShare MediaBar\search_videos.bmp
c:\program files\BearShare Applications\BearShare MediaBar\showSettings.js
c:\program files\BearShare Applications\BearShare MediaBar\storesearchcriteria.js
c:\program files\BearShare Applications\BearShare MediaBar\topsites.html
c:\program files\BearShare Applications\BearShare MediaBar\Uninstall.exe
c:\program files\BearShare Applications\BearShare MediaBar\web.bmp
c:\program files\BearShare Applications\BearShare MediaBar\version.txt
c:\program files\BearShare Applications\BearShare\lic_helper.dll
c:\program files\BearShare Applications\BearShare\ResourcesLOC.dll
c:\program files\BearShare Applications\BearShare\UninstallSurvey.exe
c:\programdata\Avira
c:\programdata\Avira\AntiVir PersonalEdition Classic\addr_file.html
c:\programdata\Avira\AntiVir PersonalEdition Classic\AVWIN.INI
c:\programdata\Avira\AntiVir PersonalEdition Classic\EVENTDB\avevtdb.dbe
c:\programdata\Avira\AntiVir PersonalEdition Classic\IDX\classic-nt-en.info
c:\programdata\Avira\AntiVir PersonalEdition Classic\IDX\master.idx
c:\programdata\Avira\AntiVir PersonalEdition Classic\JOBS\produpd.avj
c:\programdata\Avira\AntiVir PersonalEdition Classic\JOBS\scanjob.avj
c:\programdata\Avira\AntiVir PersonalEdition Classic\JOBS\startupd.avj
c:\programdata\Avira\AntiVir PersonalEdition Classic\JOBS\updjob.avj
c:\programdata\Avira\AntiVir PersonalEdition Classic\LOGFILES\avguard.log
c:\programdata\Avira\AntiVir PersonalEdition Classic\LOGFILES\AVSCAN-20090302-185421-9AE1C60F.LOG
c:\programdata\Avira\AntiVir PersonalEdition Classic\LOGFILES\AVSCAN-20090302-214035-204AB1E5.LOG
c:\programdata\Avira\AntiVir PersonalEdition Classic\LOGFILES\sched.log
c:\programdata\Avira\AntiVir PersonalEdition Classic\LOGFILES\setup.log
c:\programdata\Avira\AntiVir PersonalEdition Classic\LOGFILES\Upd-2009-03-02-18-48-41.log
c:\programdata\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
c:\programdata\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
c:\programdata\Avira\AntiVir PersonalEdition Classic\REPORTS\08b8beec.avl
c:\programdata\Avira\AntiVir PersonalEdition Classic\REPORTS\2e4b3677.avl
c:\programdata\Avira\AntiVir PersonalEdition Classic\REPORTS\2e754a13.avl
c:\programdata\Avira\AntiVir PersonalEdition Classic\update.conf
c:\users\All Users\Avira\AntiVir PersonalEdition Classic\addr_file.html
c:\users\All Users\Avira\AntiVir PersonalEdition Classic\AVWIN.INI
c:\users\All Users\Avira\AntiVir PersonalEdition Classic\EVENTDB\avevtdb.dbe
c:\users\All Users\Avira\AntiVir PersonalEdition Classic\IDX\classic-nt-en.info
c:\users\All Users\Avira\AntiVir PersonalEdition Classic\IDX\master.idx
c:\users\All Users\Avira\AntiVir PersonalEdition Classic\JOBS\produpd.avj
c:\users\All Users\Avira\AntiVir PersonalEdition Classic\JOBS\scanjob.avj
c:\users\All Users\Avira\AntiVir PersonalEdition Classic\JOBS\startupd.avj
c:\users\All Users\Avira\AntiVir PersonalEdition Classic\JOBS\updjob.avj
c:\users\All Users\Avira\AntiVir PersonalEdition Classic\LOGFILES\avguard.log
c:\users\All Users\Avira\AntiVir PersonalEdition Classic\LOGFILES\AVSCAN-20090302-185421-9AE1C60F.LOG
c:\users\All Users\Avira\AntiVir PersonalEdition Classic\LOGFILES\AVSCAN-20090302-214035-204AB1E5.LOG
c:\users\All Users\Avira\AntiVir PersonalEdition Classic\LOGFILES\sched.log
c:\users\All Users\Avira\AntiVir PersonalEdition Classic\LOGFILES\setup.log
c:\users\All Users\Avira\AntiVir PersonalEdition Classic\LOGFILES\Upd-2009-03-02-18-48-41.log
c:\users\All Users\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
c:\users\All Users\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
c:\users\All Users\Avira\AntiVir PersonalEdition Classic\REPORTS\08b8beec.avl
c:\users\All Users\Avira\AntiVir PersonalEdition Classic\REPORTS\2e4b3677.avl
c:\users\All Users\Avira\AntiVir PersonalEdition Classic\REPORTS\2e754a13.avl
c:\users\All Users\Avira\AntiVir PersonalEdition Classic\update.conf

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-02-02 to 2009-03-02 )))))))))))))))))
.

2009-03-02 19:51 . 2009-03-02 19:51 <KANSIO> d-------- c:\users\Eetu\AppData\Roaming\Malwarebytes
2009-03-02 19:51 . 2009-03-02 19:51 <KANSIO> d-------- c:\users\All Users\Malwarebytes
2009-03-02 19:51 . 2009-03-02 19:51 <KANSIO> d-------- c:\programdata\Malwarebytes
2009-03-02 19:51 . 2009-03-02 19:51 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-02 19:51 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-02 19:51 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-02 18:12 . 2009-03-02 18:12 <KANSIO> d-------- c:\program files\Trend Micro
2009-02-23 22:49 . 2009-02-23 22:49 319 --a------ c:\windows\game.ini
2009-02-23 22:13 . 2009-02-23 22:13 <KANSIO> d-------- c:\program files\PowerISO
2009-02-23 20:57 . 2009-02-23 20:57 <KANSIO> d-------- c:\program files\DVDFab 5
2009-02-23 20:57 . 2009-02-23 20:57 <KANSIO> d-------- c:\program files\DC++
2009-02-22 13:16 . 2009-02-22 13:16 <KANSIO> d-------- c:\program files\PhotoFiltre
2009-02-22 12:34 . 2009-02-22 12:34 45 ---h----- c:\windows\dos05271.dat
2009-02-18 16:50 . 2009-02-18 16:50 <KANSIO> d-------- c:\program files\Ubisoft
2009-02-18 16:38 . 2009-02-18 16:38 <KANSIO> d-------- c:\users\Eetu\AppData\Roaming\InstallShield
2009-02-15 20:17 . 2008-12-05 06:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 20:17 . 2008-12-05 06:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 20:16 . 2008-12-05 06:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 20:16 . 2008-12-05 06:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 20:16 . 2008-12-05 06:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-13 13:44 . 2009-02-13 13:44 <KANSIO> d-------- c:\program files\Netlog 24
2009-02-13 13:44 . 2009-02-13 13:44 159,744 --a------ c:\windows\System32\Netlog24Uninstaller.exe
2009-02-11 17:08 . 2009-01-15 05:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 17:08 . 2009-01-15 08:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-07 22:09 . 2009-02-07 22:09 <KANSIO> d-------- c:\users\Eetu\AppData\Roaming\GTek
2009-02-04 20:18 . 2009-02-04 20:18 <KANSIO> d-------- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 19:25 --------- d-----w c:\users\Eetu\AppData\Roaming\LimeWire
2009-02-28 15:46 --------- d-----w c:\users\Eetu\AppData\Roaming\uTorrent
2009-02-28 13:18 --------- d-----w c:\users\Eetu\AppData\Roaming\U3
2009-02-25 15:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-23 18:57 47,360 ----a-w c:\users\Eetu\AppData\Roaming\pcouffin.sys
2009-02-23 18:57 --------- d-----w c:\users\Eetu\AppData\Roaming\Vso
2009-02-20 18:06 --------- d-----w c:\programdata\CyberLink
2009-02-20 08:53 --------- d-----w c:\users\Eetu\AppData\Roaming\Skype
2009-02-20 06:00 --------- d-----w c:\users\Eetu\AppData\Roaming\skypePM
2009-02-19 19:37 --------- d-----w c:\programdata\TrackMania
2009-02-16 09:29 --------- d-----w c:\users\Eetu\AppData\Roaming\dvdcss
2009-02-15 10:47 --------- d-----w c:\programdata\Lx_cats
2009-02-14 06:39 --------- d-----w c:\programdata\PC Suite
2009-02-13 15:37 --------- d-----w c:\program files\Hewlett-Packard
2009-02-12 01:00 --------- d-----w c:\program files\Windows Mail
2009-02-11 16:34 70,984 ----a-w c:\users\Eetu\AppData\Roaming\GDIPFONTCACHEV1.DAT
2009-02-10 18:17 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-05 16:34 --------- d-----w c:\users\Eetu\AppData\Roaming\Nokia
2009-02-05 16:16 --------- d-----w c:\users\Eetu\AppData\Roaming\PC Suite
2009-01-31 19:35 --------- d-----w c:\program files\IKEA HomePlanner
2009-01-31 19:34 --------- d-----w c:\program files\Common Files\Adobe
2009-01-31 19:06 --------- d-----w c:\programdata\FLEXnet
2009-01-31 18:54 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-30 15:24 14,600 ----a-w c:\windows\Help\OEM\scripts\HC_InstallHPHC.exe
2009-01-26 01:01 --------- d-----w c:\program files\Windows Live
2009-01-24 14:49 --------- d-----w c:\programdata\Yahoo!
2009-01-24 14:46 --------- d-----w c:\users\Eetu\AppData\Roaming\Yahoo!
2009-01-24 14:46 --------- d-----w c:\programdata\Yahoo! Companion
2009-01-24 14:46 --------- d-----w c:\program files\Yahoo!
2009-01-24 11:19 --------- d-----w c:\programdata\ThumbnailCache4R
2009-01-23 20:00 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-01-23 19:54 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-01-23 19:53 --------- d-----w c:\programdata\WLInstaller
2009-01-17 10:11 --------- d-----w c:\users\Eetu\AppData\Roaming\Lexmark Productivity Studio
2009-01-16 12:42 --------- d-----w c:\programdata\Nokia
2009-01-16 12:41 --------- d-----w c:\program files\Nokia
2009-01-16 12:41 --------- d-----w c:\program files\Common Files\Nokia
2009-01-16 12:40 --------- d-----w c:\programdata\Installations
2009-01-11 22:05 --------- d-----w c:\users\Eetu\AppData\Roaming\Apple Computer
2009-01-11 22:04 --------- d-----w c:\programdata\Apple Computer
2009-01-11 22:00 --------- d-----w c:\program files\Common Files\Apple
2009-01-08 17:37 --------- d-----w c:\users\Eetu\AppData\Roaming\FaxCtr
2009-01-07 18:53 --------- d-----w c:\program files\EA GAMES
2009-01-07 16:31 --------- d-----w c:\program files\Lexmark Toolbar
2009-01-07 16:24 --------- d-----w c:\program files\Lexmark 3600-4600 Series
2009-01-07 15:04 --------- d-----w c:\program files\Lexmark Fax Solutions
2009-01-07 15:03 --------- d-----w c:\programdata\FaxCtr
2009-01-07 15:03 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2009-01-05 20:35 --------- d-----w c:\program files\Alwil Software
2009-01-05 18:56 --------- d--h--r c:\users\Eetu\AppData\Roaming\SecuROM
2009-01-04 15:46 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-01-04 15:46 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-01-04 15:44 --------- d-----w c:\program files\Common Files\PCSuite
2009-01-04 15:43 --------- d-----w c:\program files\DIFX
2009-01-04 15:42 --------- d-----w c:\program files\PC Connectivity Solution
2009-01-02 20:24 --------- d-----w c:\programdata\WinZip
2009-01-02 19:07 --------- d-----w c:\program files\RADVideo
2008-12-12 09:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-12-12 09:11 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-12-04 19:41 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-10-19 15:42 32 ----a-w c:\users\All Users\ezsid.dat
2008-10-19 15:42 32 ----a-w c:\programdata\ezsid.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-03-02_22.19.13,07 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-01 23:24:57 2,484 ----a-w c:\windows\bthservsdp.dat
+ 2009-03-02 21:16:16 2,484 ----a-w c:\windows\bthservsdp.dat
- 2009-03-02 18:42:04 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-02 21:17:44 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-02 21:17:44 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-02 20:17:56 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-02 21:17:44 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-02 21:17:44 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-03-01 10:53:29 3,038 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-03-02 21:16:17 3,038 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-08 4363504]
"Netlog 24"="c:\program files\Netlog 24\Notifier\Netlog24Notifier.exe" [2009-02-13 1380352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-15 442433]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-15 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-10-18 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 16040]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-20 320168]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-17 727592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{513DF4C0-4564-4131-82EE-9D5118096707}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{92E492C6-0C11-46F8-B3E6-8499BD94B2E5}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{56F1E115-2B53-4AF8-A420-FF54139E4A80}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{9D6DC55F-2E11-43DF-980A-2D02CD05BD35}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{5146885F-8F36-4C79-8455-65F02F4EB91B}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{F64310BD-0DE7-4F42-ACFA-D832854AF0BE}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{EAE95B8D-A19D-4DD4-887E-BDDF1E943DBE}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{D5687789-931D-4E97-AF23-02AD8D68586D}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{AD9113F7-BE9C-42EE-A789-9815CF3D1BEE}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{5E326388-9125-462B-951C-08408241654B}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{A98D3275-8DB9-4DAB-8EF9-74C8E2632821}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{266A4E4E-8352-41E9-97D9-05556851F40A}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{F3903AA8-06EB-4334-9B13-A4CBD6E14A36}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{E21FFD27-BD56-4D3E-B25D-F46C3A5D429B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{C8C965E8-235F-49E2-82E6-DABB673E6847}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{0FD1DB3B-ED8C-4226-B96F-1299A718B1D9}c:\\users\\eetu\\desktop\\tmnationsforever\\tmforever.exe"= UDP:c:\users\eetu\desktop\tmnationsforever\tmforever.exe:tmforever.exe
"UDP Query User{54C58140-89E3-42BF-95AC-3BF1400718D5}c:\\users\\eetu\\desktop\\tmnationsforever\\tmforever.exe"= TCP:c:\users\eetu\desktop\tmnationsforever\tmforever.exe:tmforever.exe
"TCP Query User{87BE7144-E1AE-46A8-AB09-57F45CBEC622}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8047EE6F-3EB6-4D08-B4FB-9AD21B886D65}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{D5A75A82-6F82-4BD1-9909-BC6FBEE92548}"= UDP:c:\windows\System32\lxdxcoms.exe:Lexmark Communications System
"{2B23A2EC-6573-4BAB-9116-18A7D1C64F24}"= TCP:c:\windows\System32\lxdxcoms.exe:Lexmark Communications System
"{C3A13B28-B21E-41C7-8B8F-79BF2B2C5A6C}"= UDP:c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor
"{AD9C3B06-CFD0-46BA-98F7-59302568411C}"= TCP:c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor
"{B9219E76-97E8-4F79-BAE5-D78FD92C7287}"= UDP:c:\program files\Lexmark 3600-4600 Series\frun.exe:Lexmark Productivity Studio
"{7B245669-AC03-40A6-B914-F822D6E8901F}"= TCP:c:\program files\Lexmark 3600-4600 Series\frun.exe:Lexmark Productivity Studio
"{D54A85D5-4BAD-4319-BBBA-60D8591C3425}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{0CA5F645-8B53-4E3C-BFE2-7810CC0C66CB}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{CC0F50AC-3616-449D-A793-E4EF11FE24D5}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{64C76131-E89B-4A3A-92CB-1274A4577B4F}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{C333DB4E-E7E8-45CE-B263-33D999FC501D}"= UDP:c:\program files\Lexmark 3600-4600 Series\lxdxmon.exerinter Device Monitor
"{D1D6CC28-54B1-454D-833E-876ED5EE659E}"= TCP:c:\program files\Lexmark 3600-4600 Series\lxdxmon.exerinter Device Monitor
"{BE932082-8E46-46AF-A96B-FEF6B2A59F6C}"= UDP:c:\users\Eetu\AppData\Local\Temp\lxdx\wireless\lxdxwpss.exe:
"{E14C2E12-E01E-492D-BE85-D3D1A2D0F2C5}"= TCP:c:\users\Eetu\AppData\Local\Temp\lxdx\wireless\lxdxwpss.exe:
"{D04C1778-DEBC-4A5A-B71A-81A99D25D1C0}"= UDP:c:\windows\System32\lxdxcfg.exerinter Communication System
"{6A88C519-F835-4BC1-B325-C1E5EF1C714D}"= TCP:c:\windows\System32\lxdxcfg.exerinter Communication System
"{923FE619-1312-4AF9-AAA2-8498503D87D0}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxpswx.exerinter Status Window Interface
"{4B35EEEF-B2B3-47FC-9916-FFD200A5BEF8}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxpswx.exerinter Status Window Interface
"{9A3C371F-5C90-424A-A8D1-CD909D274EFD}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable
"{A12445AD-E220-45D8-A4AB-8FD925690983}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable
"{F0EF31E4-B01A-4A69-956B-F0361A94ACFD}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxjswx.exe:Job Status Window Interface
"{6497F7F5-3D4D-4AB0-A4AF-E7ED261C60A1}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxjswx.exe:Job Status Window Interface
"{311F46E2-8BA1-4D75-AE04-64E40939C4C7}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{087ABF0E-A8A4-454C-8515-DAEAAAAAC437}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{69253116-0C55-4766-893A-45357C02BEFA}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{C86C0186-E526-45F3-A966-65053A93F402}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{91B402B4-E757-4E5A-9985-9E7834FB8599}c:\\program files\\lexmark 3600-4600 series\\autoprnt.exe"= UDP:c:\program files\lexmark 3600-4600 series\autoprnt.exe:Auto Print Application
"UDP Query User{64B8AB2B-B3A2-4A18-973A-1FF690619063}c:\\program files\\lexmark 3600-4600 series\\autoprnt.exe"= TCP:c:\program files\lexmark 3600-4600 series\autoprnt.exe:Auto Print Application
"TCP Query User{71D49B48-DFCD-4538-BD87-48FB98484D17}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{B7DDF430-C88F-4C65-AD9E-CD3D81D629C6}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{24E66A30-4C4A-4856-80BA-69F4703C667D}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{659F7285-21AF-498D-BC83-B1E4FC216AEB}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"{6DFEE318-7E55-48EF-93CE-2AD05B9AD524}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{322DB773-AD55-4B76-AE8A-BC76834D0E47}c:\\program files\\lexmark 3600-4600 series\\lxdxlscn.exe"= UDP:c:\program files\lexmark 3600-4600 series\lxdxlscn.exe:lxdxlscn
"UDP Query User{047D6D93-D1B4-4FA6-B670-5D693359C9C8}c:\\program files\\lexmark 3600-4600 series\\lxdxlscn.exe"= TCP:c:\program files\lexmark 3600-4600 series\lxdxlscn.exe:lxdxlscn
"{763E248C-C2A6-478F-9708-8A9EBC25CFF9}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3ECA2D9E-CCBF-4300-9903-81E53E431DA6}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{C118AD9D-3BC5-49DC-8B88-6280EFC1ACC9}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{6B9D03ED-79D9-4D88-A89E-1E26B52A03D3}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{BEBB2192-D94B-43E9-A428-2FD3A2A8B8B9}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{F35486DA-4F66-402F-901F-7E856415D76B}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{DD9FF2BE-F758-49ED-BC99-96F3B9945E99}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{45E23805-4BA1-41E5-A94B-1C1084915213}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{4E750881-B348-4280-A275-63D1036DDF5C}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{B3EC3501-90CC-49BB-BAA4-04040E889855}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{83857F82-B8CC-4B65-B07F-95B58931EECB}c:\\program files\\lexmark 3600-4600 series\\lxdxmon.exe"= UDP:c:\program files\lexmark 3600-4600 series\lxdxmon.exerinter Device Monitor
"UDP Query User{9200B05E-0B83-4B6A-B5A0-DFBEA9030350}c:\\program files\\lexmark 3600-4600 series\\lxdxmon.exe"= TCP:c:\program files\lexmark 3600-4600 series\lxdxmon.exerinter Device Monitor
"{0C0B1A88-C36D-46C1-BB84-A9246ECE2CD9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F178285B-E732-4467-8A47-E008D074107D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{581C8B7C-4C1D-43D0-A650-9814CCE69356}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= UDP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone
"UDP Query User{B55C4C95-C39B-4B11-A2A8-95EB5C1687C8}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= TCP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone
"TCP Query User{AA7433A9-EE59-42A9-8206-3E79BF996002}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"= UDP:c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exerinter Status Window Interface
"UDP Query User{597D13E7-977F-4805-A632-A7C2931CB80D}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"= TCP:c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exerinter Status Window Interface

R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2008-06-26 16:13:19 61424]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\AEstSrv.exe [2008-07-29 73728]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [2008-03-19 19456]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdxserv.exe [2009-01-07 98984]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-06-26 341328]
R3 AVerAF15;HP DVB-T TV Tuner;c:\windows\System32\drivers\AVerAF15.sys [2008-07-29 280192]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-06-26 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-01-24 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-05-21 86672]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2009-03-02 38496]
S3 WSDPrintDevice;WSD-tulostustuki UMB:n kautta;c:\windows\System32\drivers\WSDPrint.sys [2008-01-21 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - g:\setup\rsrc\Autorun.exe
\shell\dinstall\command - g:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20d4533f-c2df-11dd-9e11-002186720d1b}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2761e440-db50-11dd-9e5a-002186720d1b}]
\shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51d6d721-beec-11dd-a6fd-002186720d1b}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a42e54f-d044-11dd-a193-002186720d1b}]
\shell\AutoRun\command - G:\AutoRun.exe
.
- - - - POISTETUT JÄMÄRIVIT - - - -

BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
HKLM-Run-avgnt - c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe


.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/ig?hl=fi
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fi_fi&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &AOL-työkalurivi Haku - c:\programdata\AOL\ieToolbar\resources\fi-FI\local\search.html
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Lähetä kuva &Bluetooth-laitteeseen... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Lähetä sivu &Bluetooth-laitteeseen... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 23:17:49
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'Explorer.EXE'(284)
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fin.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Muut prosessit ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\stacsv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\lxdxcoms.exe
c:\program files\Common Files\microsoft shared\VS7Debug\mdm.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Lexmark 3600-4600 Series\lxdxmsdmon.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\windows\ehome\ehsched.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Valmistumisajankohta: 2009-03-02 23:24:57 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2009-03-02 21:24:46
ComboFix2.txt 2009-03-02 20:21:00

Ennen ajoa: 136 077 410 304 tavua vapaana
Ajon jälkeen: 136,246,427,648 tavua vapaana

557 --- E O F --- 2009-03-02 20:29:21

 

Huhuu?

 

JKirjoita suorita luukkuu

ComboFix /u

Klikkaa ok

==========

Malwarebytes' Anti-Malware jokos tuo menis lävitse

 

Miten saan suoritaluukun?

 

Käynnistä suorita

 

Juu sain tehtyä tuon ja ´poisti sen combofixin, nyt myös toi maleware meni läpi:


Malwarebytes' Anti-Malware 1.34
Tietokantaversio: 1814
Windows 6.0.6001 Service Pack 1

5.3.2009 6:17:23
mbam-log-2009-03-05 (06-17-23).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 303955
Kulunut aika: 5 hour(s), 58 minute(s), 42 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

 

Mikäs on koneen toiminta

 

Huono, ei toimi vieläkään, miettisin et jos ei ole mitään sontaa koneella niin eikö sitte menee takuun piikkiin, kone ei edes puolta vuotta vanha? ...

 

scannaa uusi hjt:n loki
Milläs meinaat takuuseen pistää.