Kone reistailee kaikilta osin !!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57:36, on 20.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Käyttäjä\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\skanneri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Google Update] "C:\Users\Käyttäjä\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Elisa Avustaja] "C:\Program Files\Elisa\Avustaja\Elisa.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [Elisa Avustaja] "C:\Program Files\Elisa\Avustaja\Elisa.exe" (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.102 85.255.112.122
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.102 85.255.112.122
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Google Update Service (gupdate1c8d4624749ab1d) (gupdate1c8d4624749ab1d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Windows Management Service - Unknown owner - C:\Windows\system32\dmslt.exe (file missing)

--
End of file - 9461 bytes

 

Toimenpiteet Vistassa suoritetaan Järjestelmänvalvojana
(tarkista älä oleta)

***********************************************************

1. Lataa combofix.exe työpöydällesi mistä tahansa alla olevasta linkistä:
Linkki 1
Linkki 2
Linkki 3

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

-------------------------------------------------------

Kun käynnistät HijackThis =(HJT) ohjelman tee se hiiren oikealla napilla
ja valitset Suorita Järjestelmänvalvojana
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis (HJT):ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.102 85.255.112.122
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.102 85.255.112.122
O23 - Service: Windows Management Service - Unknown owner - C:\Windows\system32\dmslt.exe (file missing)

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*
*

 

ComboFix 08-10-21.03 - Käyttäjä 2008-10-22 15:36:37.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1035.18.1986 [GMT 3:00]
Sijainti: C:\ComboFix.exe
* Uusi palautuspiste luotu
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\defender uppdate.exe

.
((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Windows Management Service


((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-22 to 2008-10-22 )))))))))))))))))
.

2008-10-22 15:31 . 2008-10-22 15:31 2,993,886 -ra------ C:\ComboFix.exe
2008-10-20 20:55 . 2008-10-20 20:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-20 20:55 . 2008-10-20 20:55 <DIR> d-------- C:\Hjackthis
2008-10-20 20:09 . 2008-10-20 20:09 <DIR> d-------- C:\Windows\Google Earth Pro 4.2
2008-10-20 20:09 . 2008-10-20 20:10 <DIR> d-------- C:\Program Files\Google Earth Pro 4.2
2008-10-20 19:24 . 2008-10-20 19:25 <DIR> d-------- C:\Daemon tools lite V.4.30.1
2008-10-20 19:22 . 2008-10-20 19:28 <DIR> d-------- C:\Google earth pro
2008-10-20 17:26 . 2008-10-20 17:27 70,656 --a------ C:\Windows\ScUnin.exe
2008-10-20 17:26 . 2008-10-20 17:28 30,564 --a------ C:\Windows\scunin.dat
2008-10-20 17:26 . 2008-10-20 17:27 967 --a------ C:\Windows\ScUnin.pif
2008-10-20 17:11 . 2008-10-21 15:19 <DIR> d-------- C:\New starcraft
2008-10-19 14:19 . 2008-10-19 14:19 <DIR> d-------- C:\Program Files\Elisa(0)
2008-10-17 12:55 . 2008-10-17 12:55 <DIR> d-------- C:\Windows\System32\RTCOM
2008-10-17 12:55 . 2007-11-14 15:18 553 --a------ C:\Windows\USetup.iss
2008-10-17 12:53 . 2008-10-17 12:53 0 --a------ C:\Vista_R207.zip
2008-10-16 17:02 . 2008-10-16 17:02 406,034 --a------ C:\NVMixer2Eng.zip
2008-10-16 16:53 . 2008-10-17 10:59 <DIR> d-------- C:\Users\Käyttäjä\{df4e883c-4251-4b4d-9025-4ad179358285}
2008-10-16 16:53 . 2008-10-17 10:59 <DIR> d-------- C:\Users\Käyttäjä\{df4e883c-4251-4b4d-9025-4ad179358285}
2008-10-16 16:53 . 2008-10-16 16:53 <DIR> d-------- C:\Program Files\Realtek
2008-10-16 16:52 . 2008-08-25 16:17 528,384 --a------ C:\Windows\RtlExUpd.dll
2008-10-16 16:28 . 2008-10-17 12:54 <DIR> d--h----- C:\Program Files\Temp
2008-10-16 16:25 . 2008-10-16 16:27 26,492,745 --a------ C:\Vista_R205.exe
2008-10-16 16:16 . 2008-10-16 16:19 <DIR> d-------- C:\3D soundback
2008-10-16 16:15 . 2008-10-16 16:15 <DIR> d-------- C:\Program Files\SpectralDesign
2008-10-16 16:14 . 2008-10-16 16:15 <DIR> d-------- C:\Program Files\Syncrosoft
2008-10-16 16:14 . 2003-06-13 15:59 548,864 --a------ C:\Windows\System32\SYNSOACC.dll
2008-10-16 16:14 . 1999-11-30 23:40 401,462 --a------ C:\Windows\System32\temp.004
2008-10-16 16:14 . 2003-05-26 13:29 120,468 --a------ C:\Windows\System32\SYNSOACC-Hilfe.chm
2008-10-16 16:14 . 2003-05-26 13:29 114,279 --a------ C:\Windows\System32\SYNSOACC-Help.chm
2008-10-16 16:14 . 2002-11-25 06:36 45,056 --a------ C:\Windows\System32\Synsopos.exe
2008-10-16 16:14 . 2001-04-09 03:03 17,784 --a------ C:\Windows\System32\drivers\NSynas32.sys
2008-10-16 16:14 . 2002-11-25 03:46 16,896 --a------ C:\Windows\System32\drivers\SynasUSB.sys
2008-10-16 16:13 . 2008-10-16 16:13 <DIR> d-------- C:\Steinberg
2008-10-16 16:11 . 2008-10-16 16:13 5,018,931 --a------ C:\Surround_Edition_Installer.exe
2008-10-16 15:22 . 2008-10-16 15:28 86,855,272 --a------ C:\178.24_geforce_winvista_32bit_english_whql.exe
2008-10-16 15:21 . 2008-10-16 16:13 6,382,059 --a------ C:\3DSoundBack_Beta0.1.zip
2008-10-16 15:11 . 2008-10-16 15:11 <DIR> d-------- C:\Windows\System32\djpclib
2008-10-16 15:11 . 2008-10-16 15:11 <DIR> d-------- C:\Program Files\DJ Music Mixer
2008-10-16 15:11 . 2008-10-16 15:11 275,541 --a------ C:\Windows\DJ Music Mixer Uninstaller.exe
2008-10-16 15:08 . 2008-10-16 15:10 16,379,754 --a------ C:\DJMusicSetup.exe
2008-10-16 14:47 . 2008-10-16 15:16 90,749,456 --a------ C:\178.13_geforce_winxp_32bit_english_whql.exe
2008-10-16 14:42 . 2008-10-16 14:47 56,826,856 --a------ C:\setpoint460.exe
2008-10-15 21:49 . 2008-10-15 21:49 <DIR> d-------- C:\Users\Käyttäjä\AppData\Roaming\DivX
2008-10-15 21:25 . 2008-10-15 21:25 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-10-15 21:24 . 2008-10-15 21:25 <DIR> d-------- C:\Program Files\DivX
2008-10-15 21:19 . 2008-10-15 21:22 20,698,272 --a------ C:\DivXInstaller.exe
2008-10-15 21:15 . 2008-10-15 21:15 691,160 --a------ C:\installer-35477-849fi-DivX-Player.exe
2008-10-15 19:33 . 2008-10-15 19:33 <DIR> d-------- C:\Users\Käyttäjä\dwhelper
2008-10-15 19:33 . 2008-10-15 19:33 <DIR> d-------- C:\Users\Käyttäjä\dwhelper
2008-10-15 13:42 . 2008-10-02 04:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 13:42 . 2008-10-02 06:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-15 13:17 . 2008-09-18 05:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 13:16 . 2008-09-18 08:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 13:16 . 2008-09-18 08:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 13:16 . 2008-08-27 04:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-15 12:35 . 2008-10-15 12:35 <DIR> d-------- C:\Windows\System32\Adobe
2008-10-15 12:33 . 2008-10-15 21:25 4,584,376 --a------ C:\Shockwave_Installer_Slim.exe
2008-10-12 16:34 . 2008-10-21 21:02 <DIR> d-------- C:\Program Files\uTorrent
2008-10-12 15:54 . 2008-10-18 16:52 <DIR> d-------- C:\tk4
2008-10-09 00:00 . 2008-10-18 03:03 50,772 --a------ C:\error.htm
2008-10-09 00:00 . 2008-10-18 02:42 225 --a------ C:\infect.htm
2008-10-05 11:26 . 2008-10-05 11:26 <DIR> d-------- C:\Program Files\B2BPOKER
2008-10-05 11:26 . 2008-10-05 11:26 5,326,239 --a------ C:\pokerihuonesetup.exe
2008-10-04 14:36 . 2008-10-17 15:50 <DIR> d-------- C:\ninan kuvia muistikortilta
2008-10-03 21:17 . 2008-10-03 21:17 <DIR> d-------- C:\Users\Käyttäjä\usernotes
2008-10-03 21:17 . 2008-10-03 21:17 <DIR> d-------- C:\Users\Käyttäjä\usernotes
2008-10-03 20:49 . 2008-10-04 22:43 <DIR> d-------- C:\Pokerihuone
2008-10-01 19:52 . 2008-10-02 16:22 <DIR> d-------- C:\Karin kuvat
2008-09-30 18:32 . 2008-09-30 18:32 <DIR> d-------- C:\kuvii työpöydältä

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 12:55 6,815,744 --sha-w C:\Users\Käyttäjä\NTUSER.DAT
2008-10-22 12:54 6,815,744 --sha-w C:\Users\Käyttäjä\NTUSER.DAT
2008-10-22 12:54 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\uTorrent
2008-10-22 12:46 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-22 12:33 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\foobar2000
2008-10-20 16:12 --------- d-----w C:\ProgramData\Elisa
2008-10-20 13:58 --------- d-----w C:\Program Files\Elisa
2008-10-18 16:21 1,851,544 ----a-w C:\install_flash_player.exe
2008-10-18 08:45 9,639,304 ----a-w C:\mpas-fe.exe
2008-10-17 09:54 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-10-17 09:53 0 ----a-w C:\Vista_R207.zip
2008-10-16 13:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-16 13:31 --------- d-----w C:\ProgramData\NVIDIA
2008-10-16 13:27 26,492,745 ----a-w C:\Vista_R205.exe
2008-10-16 00:08 --------- d-----w C:\Program Files\Windows Mail
2008-10-15 18:49 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\DivX
2008-10-15 09:37 318,904 ----a-w C:\wmpfirefoxplugin.exe
2008-10-12 14:08 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-10-12 14:08 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-10-07 12:12 --------- d-----w C:\Program Files\Common Files\Steam
2008-10-06 13:51 --------- d-----w C:\Program Files\SpeedFan
2008-10-05 08:15 --------- d-----w C:\Program Files\Elisa Tietoturvapalvelu
2008-09-24 14:58 862,240 ----a-w C:\Windows\System32\RtkPgExt.dll
2008-09-24 14:58 44,064 ----a-w C:\Windows\System32\RtkCoInst.dll
2008-09-24 14:58 285,216 ----a-w C:\Windows\System32\RtkApoApi.dll
2008-09-24 14:58 2,345,504 ----a-w C:\Windows\System32\RtkAPO.dll
2008-09-24 14:31 2,171,672 ----a-w C:\Windows\system32\drivers\RTKVHDA.sys
2008-09-19 19:37 --------- d-----w C:\Program Files\Google
2008-09-16 18:27 453,152 ----a-w C:\Windows\System32\NVUNINST.EXE
2008-09-16 17:43 --------- d-----w C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-16 17:43 --------- d-----w C:\Program Files\iTunes
2008-09-16 17:42 --------- d-----w C:\ProgramData\Apple Computer
2008-09-16 17:42 --------- d-----w C:\Program Files\QuickTime
2008-09-16 17:42 --------- d-----w C:\Program Files\iPod
2008-09-16 17:41 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-16 17:33 --------- d-----w C:\Program Files\Bonjour
2008-09-16 00:14 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-09-16 00:11 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-09-14 11:02 --------- d-----w C:\Program Files\MSN Messenger
2008-09-14 11:00 --------- d-----w C:\Program Files\Windows Live
2008-09-14 10:54 --------- d-----w C:\ProgramData\WLInstaller
2008-09-14 09:59 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-09-10 14:41 47,104 ----a-w C:\Windows\System32\ctppld.dll
2008-09-10 14:39 497,152 ----a-w C:\Windows\System32\CTAPO32.dll
2008-09-08 13:56 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Skype
2008-09-02 15:45 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-08-29 07:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-29 06:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-08-28 16:37 7,730,856 ----a-w C:\Google_Earth_CZXD.exe
2008-08-24 10:51 --------- d-----w C:\ProgramData\Chat Republic Games
2008-08-23 21:45 --------- d-----w C:\Program Files\PowerStrip
2008-08-23 12:26 --------- d-----w C:\Program Files\Firefox
2008-08-23 11:09 --------- d-----w C:\Program Files\Java
2008-08-22 13:37 --------- d-----w C:\ProgramData\Media Center Programs
2008-08-20 15:15 3,499,729 ----a-w C:\ffdshow_rev610_20061201_clsid.exe
2008-08-12 17:26 43,265,912 ----a-w C:\5.05.54.00_ntune_winxp_international.exe
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-26 07:15 669,184 ----a-w C:\Windows\System32\pbsvc.exe
2008-07-26 07:15 22,328 ----a-w C:\Users\Käyttäjä\AppData\Roaming\PnkBstrK.sys
2008-07-22 17:01 6,200,516 ----a-w C:\Windows\System32\Dodge_Ch.scr
2008-07-22 17:01 235,165 ----a-w C:\Windows\System32\uninstall Dodge_Ch.exe
2008-06-14 20:10 174 --sha-w C:\Program Files\desktop.ini
2008-05-13 17:41 2,402,320 ----a-w C:\Program Files\WLinstaller.exe
2008-03-13 17:16 32 ----a-w C:\Users\All Users\ezsid.dat
2008-03-13 17:16 32 ----a-w C:\ProgramData\ezsid.dat
2008-01-29 16:06 33,413,672 ----a-w C:\Users\Public\169.25_forceware_winvista_32bit_english_whql.exe
2008-03-15 22:09 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-15 22:09 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-15 22:09 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 10:33 125952]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]
"Google Update"="C:\Users\Käyttäjä\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-08-30 09:59 133104]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-29 23:02 171448]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-10-12 16:34 270128]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 10:33 202240]
"Elisa Avustaja"="C:\Program Files\Elisa\Avustaja\Elisa.exe" [2008-09-30 14:34 189768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"F-Secure Manager"="C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" [2008-02-13 13:38 184800]
"F-Secure TNB"="C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" [2008-02-13 13:38 741800]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 02:12 488984]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-26 22:47 185896]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 20:12 111936]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-10-07 13:33 13584928]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-10-07 13:33 92704]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-09-24 17:58 6335008]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\Windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]
"Elisa Avustaja"="C:\Program Files\Elisa\Avustaja\Elisa.exe" [2008-09-30 14:34 189768]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Elisa Tietoturvapalvelu.lnk - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe [2008-01-29 19:37:57 16423]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-08-11 12:08:33 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-576351719-3032603914-811449481-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A3BD23A8-EACF-480C-8ED8-FFC7BF931C67}"= UDP:C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe:Elisa Tietoturvapalvelu
"{4B8B7CAF-F591-48FF-8EF9-0B0C66E93BC8}"= TCP:C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe:Elisa Tietoturvapalvelu
"{7EC23524-2F16-497F-91C6-8C13FF61F4A2}"= UDP:C:\Program Files\utorrent\utorrent.exe:µTorrent
"{1534B843-002E-435D-850E-F6661172FFCE}"= TCP:C:\Program Files\utorrent\utorrent.exe:µTorrent
"{FEC959EF-1271-4A9D-9064-9C81940B3EC1}"= %ProgramFiles%\Elisa\Avustaja\Elisa.exe:Elisa Avustaja
"{BBF8A5B8-E740-4260-A1B9-F760AA4E2CD1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4C8451B6-EF02-43B6-AA21-265856C8C3EA}"= UDP:C:\Program Files\utorrent\utorrent.exe:µTorrent
"{69A78E8C-FDD4-4743-A140-6B3D091C01A9}"= TCP:C:\Program Files\utorrent\utorrent.exe:µTorrent
"{B7A09E53-2D99-484E-8655-3B19B260347C}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{CA3B3832-D96F-4C6A-AAB9-6022A557DC6C}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{9DFC7B80-FA91-4CA5-B509-1551A4F946B9}"= UDP:C:\Utorrent 1.6\utorrent.exe:µTorrent
"{B5A2F07C-F00E-48D3-8C45-589EA9E3728C}"= TCP:C:\Utorrent 1.6\utorrent.exe:µTorrent
"{3E99CF07-BB09-45F1-B497-85549C5B3C39}"= UDP:C:\Utorrent\utorrent.exe:µTorrent
"{93BD4758-FD06-490F-B59F-6D15A9450874}"= TCP:C:\Utorrent\utorrent.exe:µTorrent
"{A5BE0122-D1D1-4ADD-9B2E-82FB096117C6}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{62BBEC77-EE7F-4589-8959-C3ED91008568}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{D4DF6FF9-B0B3-47C1-84AF-689BE605E243}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{B0855656-57EA-4681-9ECF-356461F154A2}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{D01A7F9E-3223-4346-A9D0-0D1D8365563F}"= UDP:C:\Program Files\uTorrent\utorrent-1.8-beta-10198.upx.exe:µTorrent (TCP-In)
"{2071447A-F2C5-487B-BA7C-6CA17F038F53}"= TCP:C:\Program Files\uTorrent\utorrent-1.8-beta-10198.upx.exe:µTorrent (UDP-In)
"{34390F88-44DF-49C6-BF3A-D2EAC8C02BAF}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{2B3B551C-A3B4-4F36-A2A0-FC66DC5B6E16}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{6D428EFE-6B12-4CF5-A927-814AA6447C80}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B846075A-B8D3-4A4C-B196-BE9D97F49FF0}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{3180007E-838F-4A2C-B213-8909D93EC21B}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{1DF905D3-EF7B-4F8B-AE8C-31C0BBF1D570}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{38524547-03B3-4C99-966F-E74C98FEAF36}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{A13B11B3-9D52-48F9-84F1-F384C7ECBF0B}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{71BA9EA6-23A6-4815-8953-EDB5A32C33A3}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{8841389E-0E2A-4E11-BA01-BF43FB36A459}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{885FEC92-DFC8-4C76-916F-8B42A8765D45}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{2C581321-D74B-492B-B755-25FE70300181}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{B6BEC1FF-E2F5-4113-8C1F-B1FF28E9C05F}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{E4BBFA61-B665-45E7-B24D-EA4BE9F76358}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{F3BC6467-D46E-42F0-AF95-40DE9EB9F079}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{248A767E-4CD0-48A2-AC14-D694B9A526BA}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F0524AC5-11B0-4B89-A351-B2A00E8412ED}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9667C88A-8747-4CF6-9D8F-AD6FF23E3887}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{CD1BE9C0-9886-45FF-ACF7-2C1D6BCE5AB1}"= UDP:C:\Program Files\uTorrent\utorrent-1.6-beta-build-467.exe:µTorrent
"{3738C061-CB7A-4454-9B02-A9E96F4B938F}"= TCP:C:\Program Files\uTorrent\utorrent-1.6-beta-build-467.exe:µTorrent
"{49056BA3-2D6D-4013-A2D3-CAA37EC24423}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{389A8B4D-0857-43C2-8096-54F9BA3A2B9A}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Elisa Tietoturvapalvelu\HIPS\fshs.sys [2008-02-13 13:38 49768]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2008-02-13 13:38 36616]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2008-02-13 13:38 68680]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsvista.sys [2008-02-13 13:38 14760]
R2 PStrip;PStrip;C:\Windows\system32\drivers\pstrip.sys [2007-07-15 05:37 27992]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsgk.sys [2008-02-13 13:38 63912]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2008-01-25 18:04 216064]
R3 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [2007-03-09 15:29 15360]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51 298496]
S2 gupdate1c8d4624749ab1d;Google Update Service (gupdate1c8d4624749ab1d);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-30 09:59 133104]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-10-07 15:10 87288]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSfilter.sys [2008-02-13 13:38 41640]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSrec.sys [2008-02-13 13:38 27048]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd1577cd-cb47-11dc-82d0-806e6f6e6963}]
\shell\AutoRun\command - E:\D-Link.exe
.
'Ajoitetut tehtävät'-kansion sisältö

2008-10-22 C:\Windows\Tasks\GoogleUpdateTaskMachine.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-30 09:59]

2008-10-21 C:\Windows\Tasks\GoogleUpdateTaskUser.job
- C:\Users\K []

2008-10-22 C:\Windows\Tasks\RtlVistaStart.job
- C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe [2007-03-13 12:16]

2008-10-22 C:\Windows\Tasks\Scheduled scanning task.job
- C:\PROGRA~1\ELISAT~1\ANTI-V~1\fsav.exe [2008-02-13 13:38]

2008-10-22 C:\Windows\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Täydentävä tarkistus -------
.
FireFox -: Profile - C:\Users\Käyttäjä\AppData\Roaming\Mozilla\Firefox\Profiles\nrjfkdb1.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.mtv3.fi
FF -: plugin - C:\Program Files\Google\Google Earth Plugin\npgeplugin.dll
FF -: plugin - C:\Program Files\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Users\Käyttäjä\AppData\Local\Google\Update\1.2.131.25\npGoogleOneClick6.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-22 15:46:46
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...


C:\Users\Käyttäjä\AppData\Local\Microsoft\Portable Devices\wpdlog04.sqm 472 bytes

tarkistus on valmis
piilotetut tiedostot: 1

**************************************************************************
.
------------------------ Muut prosessit ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Windows\System32\PnkBstrA.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsus.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\System32\taskmgr.exe
.
**************************************************************************
.
Valmistumisajankohta: 2008-10-22 15:58:56 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2008-10-22 12:58:31

Ennen ajoa: 247 552 770 048 bytes free
Ajon jälkeen: 250,015,457,280 bytes free

360 --- E O F --- 2008-10-22 12:11:32

 

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.102 85.255.112.122
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.102 85.255.112.122
O23 - Service: Windows Management Service - Unknown owner - C:\Windows\system32\dmslt.exe (file missing)




Noita 3 ei löytyny joten poistanko noi jokka löyty vai miten jatketaan ?

 

Poista ne mitkä on jäljellä.
D:

 

Ei varmaankaan oikein onnistunut ton hjack:n käyttö kun edelleen ei pelaa. Kone menee ihan juntturiin muutaman päivän välein ja esim. task managerinkin käynnistämiseen menee 5 minuuttia. Olinsin kiitollinen jos apua vielä löytyisi. Ainakun kone menee juntturiin ajan ton tietokoneen palauttamisen ja sitten taas toimii pari päivää...

 

Katsotaan josko jotain löytyis !!!

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt

* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.
.

 

Malwarebytes' Anti-Malware 1.30
Tietokantaversio: 1316
Windows 6.0.6001 Service Pack 1

2008-10-25 12:18:35
mbam-log-2008-10-25 (12-18-35).txt

Tarkistustyyppi: Täysi tarkistus (C:\|F:\|)
Tarkistetut kohteet: 328586
Kulunut aika: 1 hour(s), 41 minute(s), 28 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 1

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
F:\unzipped\WINDOWS\system32\DFRGSRV.0XE (Spyware.OnlineGames) -> Quarantined and deleted successfully.

 

Tossa uus hijackthis loki


ComboFix 08-10-24.02 - Käyttäjä 2008-10-25 12:49:51.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1035.18.1652 [GMT 3:00]
Sijainti: C:\ComboFix.exe
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\defender uppdate.exe

.
((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Windows Management Service


((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-25 to 2008-10-25 )))))))))))))))))
.

Tiedostoja ei ole luotu tällä aikavälillä

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-25 09:55 6,815,744 --sha-w C:\Users\Käyttäjä\NTUSER.DAT
2008-10-25 09:55 6,815,744 --sha-w C:\Users\Käyttäjä\NTUSER.DAT
2008-10-25 09:47 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\uTorrent
2008-10-25 09:46 318,976 ----a-w C:\Windows\System32\CF11281.exe
2008-10-25 09:45 2,995,773 ----a-r C:\ComboFix.exe
2008-10-24 20:38 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Malwarebytes
2008-10-24 20:37 --------- d-----w C:\ProgramData\Malwarebytes
2008-10-24 20:37 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-24 20:36 2,372,472 ----a-w C:\mbam-setup.exe
2008-10-24 17:05 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
2008-10-24 17:05 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
2008-10-24 17:05 --------- d-----w C:\ProgramData\Codemasters
2008-10-24 16:23 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\foobar2000
2008-10-24 15:44 --------- d-----w C:\Program Files\OpenAL
2008-10-24 14:38 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-10-22 16:51 270,128 ----a-w C:\utorrent.exe
2008-10-22 16:51 --------- d-----w C:\Program Files\uTorrent
2008-10-22 13:10 38,496 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-10-22 13:10 15,504 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-10-22 12:46 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-20 17:55 --------- d-----w C:\Program Files\Trend Micro
2008-10-20 17:10 --------- d-----w C:\Program Files\Google Earth Pro 4.2
2008-10-20 16:12 --------- d-----w C:\ProgramData\Elisa
2008-10-20 14:27 70,656 ----a-w C:\Windows\ScUnin.exe
2008-10-20 13:58 --------- d-----w C:\Program Files\Elisa
2008-10-19 11:19 --------- d-----w C:\Program Files\Elisa(0)
2008-10-18 16:21 1,851,544 ----a-w C:\install_flash_player.exe
2008-10-18 08:45 9,639,304 ----a-w C:\mpas-fe.exe
2008-10-17 09:54 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-10-17 09:54 --------- d--h--w C:\Program Files\Temp
2008-10-17 09:53 0 ----a-w C:\Vista_R207.zip
2008-10-16 14:02 406,034 ----a-w C:\NVMixer2Eng.zip
2008-10-16 13:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-16 13:53 --------- d-----w C:\Program Files\Realtek
2008-10-16 13:31 --------- d-----w C:\ProgramData\NVIDIA
2008-10-16 13:27 26,492,745 ----a-w C:\Vista_R205.exe
2008-10-16 13:15 --------- d-----w C:\Program Files\Syncrosoft
2008-10-16 13:15 --------- d-----w C:\Program Files\SpectralDesign
2008-10-16 13:13 6,382,059 ----a-w C:\3DSoundBack_Beta0.1.zip
2008-10-16 13:13 5,018,931 ----a-w C:\Surround_Edition_Installer.exe
2008-10-16 12:28 86,855,272 ----a-w C:\178.24_geforce_winvista_32bit_english_whql.exe
2008-10-16 12:16 90,749,456 ----a-w C:\178.13_geforce_winxp_32bit_english_whql.exe
2008-10-16 12:11 275,541 ----a-w C:\Windows\DJ Music Mixer Uninstaller.exe
2008-10-16 12:11 --------- d-----w C:\Program Files\DJ Music Mixer
2008-10-16 12:10 16,379,754 ----a-w C:\DJMusicSetup.exe
2008-10-16 11:47 56,826,856 ----a-w C:\setpoint460.exe
2008-10-16 00:08 --------- d-----w C:\Program Files\Windows Mail
2008-10-15 18:49 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\DivX
2008-10-15 18:25 4,584,376 ----a-w C:\Shockwave_Installer_Slim.exe
2008-10-15 18:25 --------- d-----w C:\Program Files\DivX
2008-10-15 18:25 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-10-15 18:22 20,698,272 ----a-w C:\DivXInstaller.exe
2008-10-15 18:15 691,160 ----a-w C:\installer-35477-849fi-DivX-Player.exe
2008-10-15 09:37 318,904 ----a-w C:\wmpfirefoxplugin.exe
2008-10-12 14:08 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-10-12 14:08 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-10-07 12:12 --------- d-----w C:\Program Files\Common Files\Steam
2008-10-06 13:51 --------- d-----w C:\Program Files\SpeedFan
2008-10-05 08:26 5,326,239 ----a-w C:\pokerihuonesetup.exe
2008-10-05 08:26 --------- d-----w C:\Program Files\B2BPOKER
2008-10-05 08:15 --------- d-----w C:\Program Files\Elisa Tietoturvapalvelu
2008-10-02 03:49 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-09-24 14:58 862,240 ----a-w C:\Windows\System32\RtkPgExt.dll
2008-09-24 14:58 44,064 ----a-w C:\Windows\System32\RtkCoInst.dll
2008-09-24 14:58 285,216 ----a-w C:\Windows\System32\RtkApoApi.dll
2008-09-24 14:58 2,345,504 ----a-w C:\Windows\System32\RtkAPO.dll
2008-09-24 14:31 2,171,672 ----a-w C:\Windows\system32\drivers\RTKVHDA.sys
2008-09-19 19:37 --------- d-----w C:\Program Files\Google
2008-09-18 05:09 3,601,464 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w C:\Windows\System32\win32k.sys
2008-09-16 18:27 453,152 ----a-w C:\Windows\System32\NVUNINST.EXE
2008-09-16 17:43 --------- d-----w C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-16 17:43 --------- d-----w C:\Program Files\iTunes
2008-09-16 17:42 --------- d-----w C:\ProgramData\Apple Computer
2008-09-16 17:42 --------- d-----w C:\Program Files\QuickTime
2008-09-16 17:42 --------- d-----w C:\Program Files\iPod
2008-09-16 17:41 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-16 17:33 --------- d-----w C:\Program Files\Bonjour
2008-09-16 00:14 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-09-16 00:11 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-09-14 11:02 --------- d-----w C:\Program Files\MSN Messenger
2008-09-14 11:00 --------- d-----w C:\Program Files\Windows Live
2008-03-15 22:09 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-15 22:09 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-15 22:09 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-22_15.56.51.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-25 00:15:52 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-25 00:15:52 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-22 12:46:35 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-25 00:16:34 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-25 00:16:34 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-10-22 12:46:35 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-25 09:55:43 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-10-22 12:03:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-25 09:12:33 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-22 12:03:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-25 09:12:33 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-22 12:03:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-25 09:12:33 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-22 12:36:19 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-10-25 09:49:40 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-10-25 09:49:40 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
+ 2008-05-30 11:11:46 1,491,992 ----a-w C:\Windows\System32\D3DCompiler_38.dll
+ 2008-07-12 05:18:52 1,493,528 ----a-w C:\Windows\System32\D3DCompiler_39.dll
+ 2008-05-30 11:11:46 467,984 ----a-w C:\Windows\System32\d3dx10_38.dll
+ 2008-07-12 05:18:52 467,984 ----a-w C:\Windows\System32\d3dx10_39.dll
+ 2008-05-30 11:11:46 3,850,760 ----a-w C:\Windows\System32\D3DX9_38.dll
+ 2008-07-12 05:18:52 3,851,784 ----a-w C:\Windows\System32\D3DX9_39.dll
- 2008-01-19 07:35:35 466,944 ----a-w C:\Windows\System32\netapi32.dll
+ 2008-10-16 04:47:33 466,944 ----a-w C:\Windows\System32\netapi32.dll
- 2008-10-16 09:54:42 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2008-10-25 00:14:14 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
- 2008-10-21 12:21:47 9,802 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-576351719-3032603914-811449481-1000_UserData.bin
+ 2008-10-25 00:17:45 9,978 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-576351719-3032603914-811449481-1000_UserData.bin
- 2008-10-21 12:21:47 79,226 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-25 00:17:45 79,860 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-21 12:21:44 33,368 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-25 00:17:43 34,170 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-30 11:17:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_4.dll
+ 2008-05-30 11:18:52 238,088 ----a-w C:\Windows\System32\xactengine3_1.dll
+ 2008-07-31 07:41:54 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll
+ 2008-05-30 11:17:30 65,032 ----a-w C:\Windows\System32\XAPOFX1_0.dll
+ 2008-07-31 07:41:52 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll
+ 2008-05-30 11:19:18 507,400 ----a-w C:\Windows\System32\XAudio2_1.dll
+ 2008-07-31 07:40:32 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll
- 2008-10-16 00:08:47 39,626,927 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-10-24 14:54:33 39,705,209 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-10-16 04:40:36 425,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6000.16764_none_8b10fff30496576a\netapi32.dll
+ 2008-10-16 04:22:27 425,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6000.20937_none_8bbe0f461d98ec8d\netapi32.dll
+ 2008-10-16 04:47:33 466,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.18157_none_8d050f6301b2186f\netapi32.dll
+ 2008-10-16 04:38:26 466,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.22288_none_8d6f3cb41ae72563\netapi32.dll
.
-- Snapshot nollattu tähän hetkeen --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"Google Update"="C:\Users\Käyttäjä\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-08-30 133104]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-29 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Elisa Avustaja"="C:\Program Files\Elisa\Avustaja\Elisa.exe" [2008-09-30 189768]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-10-22 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" [2008-02-13 184800]
"F-Secure TNB"="C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" [2008-02-13 741800]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-10-07 13584928]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-10-07 92704]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-09-24 6335008]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\Windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]
"Elisa Avustaja"="C:\Program Files\Elisa\Avustaja\Elisa.exe" [2008-09-30 189768]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Elisa Tietoturvapalvelu.lnk - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe [2008-01-29 16423]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-08-11 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-576351719-3032603914-811449481-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A3BD23A8-EACF-480C-8ED8-FFC7BF931C67}"= UDP:C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe:Elisa Tietoturvapalvelu
"{4B8B7CAF-F591-48FF-8EF9-0B0C66E93BC8}"= TCP:C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe:Elisa Tietoturvapalvelu
"{7EC23524-2F16-497F-91C6-8C13FF61F4A2}"= UDP:C:\Program Files\utorrent\utorrent.exe:µTorrent
"{1534B843-002E-435D-850E-F6661172FFCE}"= TCP:C:\Program Files\utorrent\utorrent.exe:µTorrent
"{FEC959EF-1271-4A9D-9064-9C81940B3EC1}"= %ProgramFiles%\Elisa\Avustaja\Elisa.exe:Elisa Avustaja
"{BBF8A5B8-E740-4260-A1B9-F760AA4E2CD1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4C8451B6-EF02-43B6-AA21-265856C8C3EA}"= UDP:C:\Program Files\utorrent\utorrent.exe:µTorrent
"{69A78E8C-FDD4-4743-A140-6B3D091C01A9}"= TCP:C:\Program Files\utorrent\utorrent.exe:µTorrent
"{B7A09E53-2D99-484E-8655-3B19B260347C}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{CA3B3832-D96F-4C6A-AAB9-6022A557DC6C}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{9DFC7B80-FA91-4CA5-B509-1551A4F946B9}"= UDP:C:\Utorrent 1.6\utorrent.exe:µTorrent
"{B5A2F07C-F00E-48D3-8C45-589EA9E3728C}"= TCP:C:\Utorrent 1.6\utorrent.exe:µTorrent
"{3E99CF07-BB09-45F1-B497-85549C5B3C39}"= UDP:C:\Utorrent\utorrent.exe:µTorrent
"{93BD4758-FD06-490F-B59F-6D15A9450874}"= TCP:C:\Utorrent\utorrent.exe:µTorrent
"{A5BE0122-D1D1-4ADD-9B2E-82FB096117C6}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{62BBEC77-EE7F-4589-8959-C3ED91008568}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{D4DF6FF9-B0B3-47C1-84AF-689BE605E243}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{B0855656-57EA-4681-9ECF-356461F154A2}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{D01A7F9E-3223-4346-A9D0-0D1D8365563F}"= UDP:C:\Program Files\uTorrent\utorrent-1.8-beta-10198.upx.exe:µTorrent (TCP-In)
"{2071447A-F2C5-487B-BA7C-6CA17F038F53}"= TCP:C:\Program Files\uTorrent\utorrent-1.8-beta-10198.upx.exe:µTorrent (UDP-In)
"{34390F88-44DF-49C6-BF3A-D2EAC8C02BAF}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{2B3B551C-A3B4-4F36-A2A0-FC66DC5B6E16}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{6D428EFE-6B12-4CF5-A927-814AA6447C80}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B846075A-B8D3-4A4C-B196-BE9D97F49FF0}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{3180007E-838F-4A2C-B213-8909D93EC21B}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{1DF905D3-EF7B-4F8B-AE8C-31C0BBF1D570}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{38524547-03B3-4C99-966F-E74C98FEAF36}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{A13B11B3-9D52-48F9-84F1-F384C7ECBF0B}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{71BA9EA6-23A6-4815-8953-EDB5A32C33A3}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{8841389E-0E2A-4E11-BA01-BF43FB36A459}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{885FEC92-DFC8-4C76-916F-8B42A8765D45}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{2C581321-D74B-492B-B755-25FE70300181}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{B6BEC1FF-E2F5-4113-8C1F-B1FF28E9C05F}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{E4BBFA61-B665-45E7-B24D-EA4BE9F76358}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{F3BC6467-D46E-42F0-AF95-40DE9EB9F079}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{248A767E-4CD0-48A2-AC14-D694B9A526BA}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F0524AC5-11B0-4B89-A351-B2A00E8412ED}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9667C88A-8747-4CF6-9D8F-AD6FF23E3887}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{CD1BE9C0-9886-45FF-ACF7-2C1D6BCE5AB1}"= UDP:C:\Program Files\uTorrent\utorrent-1.6-beta-build-467.exe:µTorrent
"{3738C061-CB7A-4454-9B02-A9E96F4B938F}"= TCP:C:\Program Files\uTorrent\utorrent-1.6-beta-build-467.exe:µTorrent
"{4F039A72-FCFC-442A-8BC7-22A1B389C0BD}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{5BF6E858-B651-4311-BBCF-52FA10CEA6E6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Elisa Tietoturvapalvelu\HIPS\fshs.sys [2008-02-13 49768]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2008-02-13 36616]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2008-02-13 68680]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsvista.sys [2008-02-13 14760]
R2 PStrip;PStrip;C:\Windows\system32\drivers\pstrip.sys [2007-07-15 27992]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsgk.sys [2008-02-13 63912]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2008-01-25 216064]
R3 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [2007-03-09 15360]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S2 gupdate1c8d4624749ab1d;Google Update Service (gupdate1c8d4624749ab1d);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-30 133104]
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;C:\Windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe [ ]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-10-07 87288]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSfilter.sys [2008-02-13 41640]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSrec.sys [2008-02-13 27048]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd1577cd-cb47-11dc-82d0-806e6f6e6963}]
\shell\AutoRun\command - E:\D-Link.exe
.
'Ajoitetut tehtävät'-kansion sisältö

2008-10-25 C:\Windows\Tasks\GoogleUpdateTaskMachine.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-30 09:59]

2008-10-25 C:\Windows\Tasks\GoogleUpdateTaskUser.job
- C:\Users\K []

2008-10-25 C:\Windows\Tasks\RtlVistaStart.job
- C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe [2007-03-13 12:16]

2008-10-25 C:\Windows\Tasks\Scheduled scanning task.job
- C:\PROGRA~1\ELISAT~1\ANTI-V~1\fsav.exe [2008-02-13 13:38]

2008-10-25 C:\Windows\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Täydentävä tarkistus -------
.
FireFox -: Profile - C:\Users\Käyttäjä\AppData\Roaming\Mozilla\Firefox\Profiles\nrjfkdb1.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.mtv3.fi
FF -: plugin - C:\Program Files\Google\Google Earth Plugin\npgeplugin.dll
FF -: plugin - C:\Program Files\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Users\Käyttäjä\AppData\Local\Google\Update\1.2.131.25\npGoogleOneClick6.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 12:56:01
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2008-10-25 12:58:13
ComboFix-quarantined-files.txt 2008-10-25 09:58:08

Ennen ajoa: The system cannot find message text for message number 0x2379 in the message file for Application.
Ajon jälkeen: 228,192,530,432 bytes free

318 --- E O F --- 2008-10-25 00:07:58

 

Aina täältä löytyy pöpöjä !!!
Joka kerta kun suoritat järjestelmän palautuksen
palautuu poistetut virukset takaisin
.

 

Mutta muuten tietokone ei toimi ellei palauta järjestelmää, ei vaikka käynnistäis koneen uudestaan.

 

Siinätapauksessa minä en voi mitään.
.

 

Varmaan tarvii käydä näyttään konetta jossain korjaamolla, ellei tää toimi nyt, nimittäin muutamaan päivään ei oo tullut mitään ongelmia.


Kiitti silti auttamisesta !