Kone tökkii HjT Loki

Kone tökkii enemmän tai vähemmän,ohjelmien avautuminen tuntuu kestävän välillä ikuisuuksia.Uudelleen käynnistys tuntuu kestävän ikuisuuksia,varsinkin se vaihe kun Windows sulkeutuu.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:32, on 24.5.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\eScan\VISTA\avpmapp.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\PROGRA~1\eScan\consctl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\eScan\Vista\eScanMon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\Mikko\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\Mikko\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thepiratebay.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://results.limewire.com/securit...=4.17.3+Pro&jv=1.6.0_05&os=Windows+XP&osv=5.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\utorrent\utorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://plugin.driveragent.com/files/driveragent.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by119fd.bay119.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eScan Monitor Service - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\VISTA\avpmapp.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6314 bytes

 

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

 

HjT lokissa ei siis ollut mitään fixattavaa?
tässä mbam loki.Laitan heti perään SDFix lokin kun sellanenkin löytyy.
Malwarebytes' Anti-Malware 1.12
Tietokantaversio: 788

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|G:\|)
Tarkistetut kohteet: 164878
Kulunut aika: 1 hour(s), 19 minute(s), 39 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)
-------------------------------------------------------------------
catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 12:43:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:74,0e,8d,fc,2e,e4,0e,9f,d5,6d,fc,73,36,74,0a,de,ae,dd,08,dd,89,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a6,f1,d9,6c,2f,53,89,8e,12,b2,c1,c5,36,c2,be,63,48,..
"khjeh"=hex:e2,ad,03,97,61,98,b5,b5,9d,72,51,7c,a1,f1,01,01,17,a8,ef,1e,ea,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:74,c9,87,f5,aa,0c,be,9f,59,4a,9e,6e,7e,d0,70,f9,53,98,bd,ad,54,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:67,85,88,2c,b8,94,21,a5,39,c2,86,07,d1,16,2d,4e,85,86,8b,20,7c,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a6,f1,d9,6c,2f,53,89,8e,12,b2,c1,c5,36,c2,be,63,48,..
"khjeh"=hex:e2,ad,03,97,61,98,b5,b5,9d,72,51,7c,a1,f1,01,01,17,a8,ef,1e,ea,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b7,fd,27,8a,54,d2,1a,99,74,80,b4,84,f2,fb,63,c3,f0,87,a8,32,c0,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:67,85,88,2c,b8,94,21,a5,39,c2,86,07,d1,16,2d,4e,85,86,8b,20,7c,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a6,f1,d9,6c,2f,53,89,8e,12,b2,c1,c5,36,c2,be,63,48,..
"khjeh"=hex:e2,ad,03,97,61,98,b5,b5,9d,72,51,7c,a1,f1,01,01,17,a8,ef,1e,ea,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b7,fd,27,8a,54,d2,1a,99,74,80,b4,84,f2,fb,63,c3,f0,87,a8,32,c0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:67,85,88,2c,b8,94,21,a5,39,c2,86,07,d1,16,2d,4e,85,86,8b,20,7c,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a6,f1,d9,6c,2f,53,89,8e,12,b2,c1,c5,36,c2,be,63,48,..
"khjeh"=hex:e2,ad,03,97,61,98,b5,b5,9d,72,51,7c,a1,f1,01,01,17,a8,ef,1e,ea,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b7,fd,27,8a,54,d2,1a,99,74,80,b4,84,f2,fb,63,c3,f0,87,a8,32,c0,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

 

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Molemmat linkit antoivat saman virheilm.:You cannot rename ComboFix
as Combofix1.Please use another name,preferbaly made up of alphanumeric characters.
johtui varmaan siitä kun mulla oli ComboFix ohj. jo koneella?
poistin sen ja hain sen muualta,tässä loki.
ComboFix 08-05-25.5 - Mikko 2008-05-27 0:21:11.10 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.527 [GMT 3:00]
Running from: C:\Documents and Settings\Mikko\Työpöytä\Downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\msvrc20.dll
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-26 to 2008-05-26 )))))))))))))))))
.

2008-05-27 00:22 . 2008-05-27 00:22 22 --a------ C:\WINDOWS\REGBK02.ZIP
2008-05-26 11:46 . 2008-05-26 00:31 267,592 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2008-05-26 00:33 . 2008-05-26 00:33 <KANSIO> d-------- C:\Documents and Settings\Mikko\Incomplete
2008-05-26 00:32 . 2008-05-26 00:39 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\FrostWire
2008-05-26 00:31 . 2008-05-26 00:32 <KANSIO> d-------- C:\Program Files\FrostWire
2008-05-25 23:53 . 2008-05-25 23:53 <KANSIO> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-05-25 22:39 . 2008-05-25 22:46 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\eboostr
2008-05-24 21:08 . 2008-05-24 21:08 <KANSIO> d-------- C:\Program Files\IObit
2008-05-24 15:13 . 2008-05-25 21:20 <KANSIO> d-------- C:\Kaspersky
2008-05-24 13:54 . 2008-05-27 00:22 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-24 13:54 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-24 13:54 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-24 09:24 . 2008-05-24 09:24 <KANSIO> d-------- C:\fsaua.data
2008-05-21 22:40 . 2008-05-21 22:40 <KANSIO> d-------- C:\Program Files\URUSoft
2008-05-19 10:59 . 2008-05-19 10:59 <KANSIO> d-------- C:\Documents and Settings\Jõrjestelmõnvalvoja
2008-05-19 10:08 . 2008-05-26 12:45 <KANSIO> d-------- C:\SDFix
2008-05-18 23:48 . 2008-05-18 23:48 6,309,305 --a------ C:\WINDOWS\REGBK01.ZIP
2008-05-18 12:48 . 2008-05-18 12:48 <KANSIO> d-------- C:\WINDOWS\system32\fi
2008-05-18 12:48 . 2008-05-18 12:48 <KANSIO> d-------- C:\WINDOWS\system32\bits
2008-05-18 12:48 . 2008-05-18 12:48 <KANSIO> d-------- C:\WINDOWS\l2schemas
2008-05-18 12:46 . 2008-05-18 12:48 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
2008-05-18 12:42 . 2008-05-18 12:42 <KANSIO> d-------- C:\WINDOWS\EHome
2008-05-18 12:36 . 2004-09-14 16:06 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-18 12:35 . 2004-08-03 22:29 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2008-05-18 12:35 . 2004-08-03 22:29 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2008-05-18 12:35 . 2004-08-03 22:29 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2008-05-18 12:35 . 2004-08-03 22:29 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2008-05-18 12:35 . 2004-08-03 22:29 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2008-05-18 12:35 . 2004-08-03 22:29 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2008-05-18 12:16 . 2008-05-26 12:31 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot2
2008-05-18 00:15 . 2008-05-18 00:15 <KANSIO> d-------- C:\WINDOWS\MsTemp
2008-05-18 00:15 . 2008-05-18 00:15 <KANSIO> d-------- C:\WINDOWS\IN
2008-05-15 21:32 . 2008-05-18 10:43 <KANSIO> d-------- C:\WINDOWS\system32\oldcatroot2
2008-05-15 21:26 . 2008-05-15 21:33 <KANSIO> d-------- C:\WINDOWS\Sdold
2008-05-15 20:33 . 2008-05-15 20:33 <KANSIO> d-------- C:\Program Files\Sun
2008-05-15 20:32 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-15 20:26 . 2008-05-15 20:32 <KANSIO> d-------- C:\Program Files\Java
2008-05-15 20:24 . 2008-05-15 20:24 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-05-14 23:34 . 2008-05-14 23:34 <KANSIO> d-------- C:\VundoFix Backups
2008-05-14 23:23 . 2008-05-14 23:23 106 --a------ C:\delete.bat
2008-05-14 20:32 . 2008-05-14 20:32 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-10 23:55 . 2008-05-10 23:55 33,792 --------- C:\WINDOWS\system32\drivers\escanmxx.sys
2008-05-10 23:55 . 2008-05-10 23:55 18,840 --a------ C:\WINDOWS\WSSPORD.DAT
2008-05-09 22:34 . 2008-05-09 22:34 <KANSIO> d-a------ C:\WINDOWS\zts2.exe
2008-05-09 22:34 . 2008-05-09 22:34 <KANSIO> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-05-09 22:34 . 2008-05-09 22:34 <KANSIO> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-05-09 22:34 . 2008-05-09 22:34 <KANSIO> d-a------ C:\WINDOWS\rundll16.exe
2008-05-09 22:34 . 2008-05-09 22:34 <KANSIO> d-a------ C:\WINDOWS\rundl132.dll
2008-05-09 22:34 . 2008-05-09 22:34 <KANSIO> d-a------ C:\WINDOWS\logo1_.exe
2008-05-09 22:34 . 2008-05-09 22:35 6,275,296 --a------ C:\WINDOWS\REGBK00.ZIP
2008-05-09 22:05 . 2008-05-26 11:06 111,595,040 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-09 22:05 . 2008-05-25 12:35 1,474,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-09 22:05 . 2008-05-09 22:05 20 --a------ C:\WINDOWS\WIN.PRO
2008-05-09 22:04 . 2008-05-09 22:04 32 --a------ C:\WINDOWS\escan.dbf
2008-05-09 22:02 . 2008-05-09 22:02 <KANSIO> d-------- C:\PUB
2008-05-09 22:00 . 2008-05-09 22:00 <KANSIO> d-------- C:\Program Files\Common Files\MicroWorld
2008-05-09 22:00 . 2008-05-09 22:00 <KANSIO> d-------- C:\Documents and Settings\remoteservice\Työpöytä
2008-05-09 22:00 . 2008-05-09 22:00 <KANSIO> d-------- C:\Documents and Settings\remoteservice\Tiedostot
2008-05-09 22:00 . 2008-05-09 22:00 <KANSIO> d-------- C:\Documents and Settings\remoteservice\Suosikit
2008-05-09 22:00 . 2008-05-09 22:00 <KANSIO> d-------- C:\Documents and Settings\remoteservice\Mallit
2008-05-09 22:00 . 2008-05-09 22:00 <KANSIO> d-------- C:\Documents and Settings\remoteservice\Käynnistä-valikko
2008-05-09 22:00 . 2008-05-09 22:00 <KANSIO> d-------- C:\Documents and Settings\remoteservice
2008-05-09 22:00 . 2008-05-09 22:00 <KANSIO> d-------- C:\Documents and Settings\LocalService\Tiedostot
2008-05-09 22:00 . 2008-05-09 22:00 <KANSIO> d-------- C:\Documents and Settings\LocalService\Suosikit
2008-05-09 22:00 . 2008-05-09 22:00 <KANSIO> d-------- C:\Documents and Settings\LocalService\Mallit
2008-05-09 22:00 . 2008-05-09 22:00 154,664 --a------ C:\WINDOWS\winsbak2.reg
2008-05-09 22:00 . 2004-09-15 23:00 146,944 --a------ C:\WINDOWS\R.COM
2008-05-09 22:00 . 2004-09-15 23:00 138,240 --a------ C:\WINDOWS\system32\T.COM
2008-05-09 22:00 . 2008-02-19 16:42 47,104 --a------ C:\WINDOWS\killproc.exe
2008-05-09 22:00 . 2008-05-09 22:00 17,336 --a------ C:\WINDOWS\winsbak.reg
2008-05-09 22:00 . 2008-04-14 10:43 413 --a------ C:\bootini.ins
2008-05-09 21:59 . 2008-05-27 00:23 <KANSIO> d-------- C:\Program Files\eScan
2008-05-08 17:49 . 2008-05-08 17:49 <KANSIO> d-------- C:\Program Files\DDD Pool 1.2
2008-05-08 17:49 . 2005-07-14 10:30 30,664 --a------ C:\WINDOWS\system32\oemlogo.mrt
2008-05-08 17:49 . 2005-01-01 20:00 1,017 --a------ C:\WINDOWS\system32\oeminfo.mrt
2008-05-07 13:50 . 2008-05-07 13:50 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\DVDFab
2008-05-07 13:11 . 2008-05-09 11:34 <KANSIO> d-------- C:\Program Files\DVDFab Platinum 4
2008-05-02 20:34 . 2007-12-10 14:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-04-28 10:55 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-28 10:55 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-27 23:23 . 2008-04-27 23:23 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Grisoft
2008-04-27 23:22 . 2007-05-30 15:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-27 12:51 . 2008-05-14 20:31 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-26 09:19 . 2008-04-29 18:14 <KANSIO> d-------- C:\Documents and Settings\NetworkService\Työpöytä
2008-04-26 00:33 . 2008-04-26 00:33 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-04-26 00:33 . 2008-04-26 00:33 0 --a------ C:\WINDOWS\system32\SBFC.dat

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 21:23 --------- d-----w C:\Documents and Settings\Mikko\Application Data\uTorrent
2008-05-26 08:27 --------- d-----w C:\Program Files\PokerStars
2008-05-26 06:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-25 21:02 --------- d-----w C:\Documents and Settings\Mikko\Application Data\dvdcss
2008-05-25 18:20 --------- d-----w C:\Program Files\Evil Player
2008-05-24 06:34 --------- d-----w C:\Documents and Settings\Mikko\Application Data\Vso
2008-05-16 08:51 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-16 08:28 --------- d-----w C:\Program Files\Full Tilt Poker
2008-05-16 06:32 --------- d-----w C:\Documents and Settings\Mikko\Application Data\ImgBurn
2008-05-09 15:52 --------- d-----w C:\Program Files\MansionPoker
2008-05-09 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2008-05-08 13:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-08 13:24 --------- d-----w C:\Documents and Settings\Mikko\Application Data\AdobeUM
2008-05-07 11:05 --------- d-----w C:\Documents and Settings\Mikko\Application Data\LimeWire
2008-05-06 21:53 --------- d-----w C:\Documents and Settings\Mikko\Application Data\Ahead
2008-05-06 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-05-06 06:01 45,056 ----a-w C:\WINDOWS\system32\WNASPI32.DLL
2008-05-06 06:01 16,512 ----a-w C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-04-25 10:50 --------- d-----w C:\Documents and Settings\Mikko\Application Data\Sunbelt Software
2008-04-24 10:04 --------- d-----w C:\Program Files\Security Task Manager
2008-04-24 10:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-04-24 05:10 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-04-23 19:14 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-04-23 19:14 82,944 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-04-20 17:19 --------- d-----w C:\Program Files\VSO
2008-04-20 16:52 --------- d-----w C:\Program Files\ffdshow
2008-04-14 22:11 --------- d-----w C:\Program Files\SlySoft
2008-04-14 21:22 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-14 21:22 47,360 ----a-w C:\Documents and Settings\Mikko\Application Data\pcouffin.sys
2008-04-14 16:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 16:15 331,264 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 16:11 997,888 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 16:10 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 16:09 7,168 ----a-w C:\WINDOWS\system32\f3ahvoas.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 16:09 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 16:09 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 15:51 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 15:51 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 15:51 68,096 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 15:51 46,720 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 15:51 120,064 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 15:49 2,147,840 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 15:49 2,026,496 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 15:48 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 15:47 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 15:47 154,112 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 15:46 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 15:46 37,120 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 15:46 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 15:46 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 15:45 80,384 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 15:45 40,704 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 15:45 40,320 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 15:44 48,640 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 15:43 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 15:43 52,096 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 15:42 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 15:42 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 15:41 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 15:41 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 15:40 65,536 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 15:40 57,472 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 15:40 272,896 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 15:39 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-14 15:39 51,840 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 15:39 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 15:38 39,808 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 15:38 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 15:37 41,728 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 15:37 41,344 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 15:36 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 15:36 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 15:36 187,904 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-14 06:12 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 06:11 992,256 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 06:11 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2007-06-17 12:36 23 --sha-w C:\WINDOWS\system32\abebcdcb3_r.dll
2007-05-08 19:02 5 --sha-w C:\WINDOWS\system32\feecfa6_d.dll
2007-05-08 18:57 5 --sha-w C:\WINDOWS\system32\feecfa6_s.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\utorrent\utorrent.exe" [2008-01-30 02:00 219952]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-14 19:12 143360]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"eScan Updater"="C:\PROGRA~1\eScan\TRAYICOS.exe" [2008-02-20 19:56 1300480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"ClocX"="C:\Program Files\ClocX\ClocX.exe" [2007-07-26 18:43 270336]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" [2007-06-11 12:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailScan Dispatcher]
--a------ 2008-02-19 18:19 192512 C:\PROGRA~1\eScan\LAUNCH.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"EVEREST AutoStart"=C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
"Uniblue SpeedUpMyPC"=C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
"SoundMan"=SOUNDMAN.EXE
"nwiz"=nwiz.exe /install
"Acer Empowering Technology Monitor"=C:\WINDOWS\system32\SysMonitor.exe
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"KingKongCapture"=C:\Program Files\King Kong Software\Capture\KingKongCapture.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\PROGRA~1\\eScan\\DOWNLOAD.EXE"=
"C:\\PROGRA~1\\eScan\\TRAYICOS.EXE"=
"C:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT.EXE"=
"C:\\PROGRA~1\\eScan\\LICENSE.EXE"=
"C:\\PROGRA~1\\eScan\\MAILADM.EXE"=
"C:\\PROGRA~1\\COMMON~1\\MICROW~1\\eScanRAD\\ESCANRAD.EXE"=
"C:\\Program Files\\B2BPOKER\\JetBetPoker\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\B2BPOKER\\Club4Aces.com\\jre\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 03:00]
R2 eScan-trayicos;eScan Server-Updater;C:\PROGRA~1\eScan\TRAYSSER.EXE [2008-02-19 16:53]
R2 ESCANMX;eScan Monitor Extension;C:\WINDOWS\system32\drivers\escanmxx.sys [2008-05-10 23:55]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 19:12]
R3 ProcObsrves;Process Creation Monitor;C:\PROGRA~1\eScan\ProcObsrves.sys [2007-12-10 17:25]
S3 int15.sys;int15.sys;C:\acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-23 05:00:30 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-05-26 17:00:15 C:\WINDOWS\Tasks\AwcProUpdate.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\
"2008-05-26 14:00:00 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-27 02:45:06 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-22 17:03:21 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-12-24 12:21:16 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-26 06:57:19 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 00:23:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


folder error: C:\DOCUME~1\Mikko\LOCALS~1\Temp\

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\catchme]
"ImagePath"="\??\C:\DOCUME~1\Mikko\LOCALS~1\Temp\catchme.sys"
.
Completion time: 2008-05-27 0:25:24
ComboFix-quarantined-files.txt 2008-05-26 21:25:08
ComboFix2.txt 2008-05-24 12:03:04
ComboFix3.txt 2008-05-19 07:59:44

Pre-Run: 81,890,459,648 tavua vapaana
Post-Run: 81,871,175,680 tavua vapaana

329 --- E O F --- 2008-05-24 11:27:15

 

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

===========

Lataa: RegSeeker.zip työpöydälle:

Pura zip C:\RegSeeker\ kansioon. Sieltä käynnistät RegSeeker.exe ohjelman.
Oikeasa yläkulmassa on Languages.... linkki, josta valitset Suomenkielen.
Vasemmasta alakulmasta ruksit Luo vrmuuskopio ja sitten linkki Puhdista rekisteri
Ruksit kaikkiin muihin kohtiin paitsi "Käyttökelvottomat.." sitten "OK" (odotat hetken).
Ruutuun ilmestyy lista epäkelvoista rekisterimerkinnöistä, jotka alapalkista Valitse kohdasta
klikkaat Valitse kaikki jolloin valitut saavat keltaisen pohjavärin.
Alapalkin Toiminnot linkistä klikkaat Poista valitut kohteet
Ponnahdusikkunaan "Kaikki valitut kohteet poistetaan ? vastaat "OK".
Seuraavaan Ponnahdusikkunaan "Varmuuskopiot" vastaat "OK".
Klikaa vasemmalta Lopeta RegSeeker ja käynnistä koneesi uudelleen.

 

Tuntuu kestävän toi eSannaus.huomasit varmaan että mulla on eSan Internet Security koneella.Se ehdotti pikaskannausta ennenkuin ehdin ajaa Combofixiä,silloin se löysi runsaasti roipetta jotka korjasi.
RegSeeker löysi 197 roipetta...
koti.mbnet kautta haettu eScan löytäny tähän mennessä yhden viruksen:
Password-protected-EXE:n...
palataan huomenna tarvittaessa asiaan.

runsas kiitos

 

File C:\Program Files\eScan\INFECTED\pinfect.zip infected by "Password-protected-EXE" Virus. Action Taken: File Renamed.
Tollanen sieltä vielä löyty.
Kone tuntuu paremmalta.Selaimet mozilla ja explorer aukee hitaasti,
taitaa johtua yhteydestä.

Mikähän virustorjunta on hyvä Maestro Hujon mielestä?

Kiitti vielä,palataan asiaan tarvittaessa.

 

Kuinkas paljon koneessa on keskusmuistia

 

Ominaisuus Arvo
Keskusmuisti 1024 MB (PC3200 DDR SDRAM)

 

Päivitä AVG Anti-Spyware 7.5 ja aja se vikasiedossa.

=============

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Nimees tuo uudelleen

Uudelleen nimeäminen

1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia.


2. Valitse Uudelleennineä/ Rename.

3. Kirjoita scanner.exe


=============

ja ota uusi hjt:n loki

 

Sorry ku kestää ja taitaa tulla kestämään...
Purin eScan virustorjunnan koneelta kun alko päivät väheneen trialversiosta.Asensin Kasperskyn kun oli koneella ohjelma,onnistu hyvin,päivityksiä myöten.Jätin skannaamaan kun lähdin töihin klo 14 maissa.Takas tullessa Kaspersky ilm. että rekisteri avain on mustallalistalla,että sillee.Se oli siis piraattiversio...Kone oli ilman virussuojaa about 10 tuntia,että sillee,ehkä muut ottaa opiksi.
Työpöytäkuvakkeet näkyy muutaman sekunnin ja häviää pelkkä taustakuva näkyy.Ajoin AVG:n vikasietotila,mutta roipetta on niin paljon,että kone sammuu automaattisesti vajaan tunnin skannauksen jälkeen,tuuletin pyörii täysillä,suoritin käyttö käy 100%:ssa.Ajoin AVG:n normaalitilassa se löysi noin 25000 roipetta suurin osa adwareja ja lisäksi troijalaisia ja hijackereitä.Keskeytin skannauksen ja yritin poista löydetyt orkit,mutta AVG ilm.Virus Vault has reach maxium numbers ot threats.Että sillee.Tässä ny tää scanner.exe loki.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:28, on 28.5.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ClocX\ClocX.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thepiratebay.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://results.limewire.com/securit...=4.17.3+Pro&jv=1.6.0_05&os=Windows+XP&osv=5.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\utorrent\utorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://plugin.driveragent.com/files/driveragent.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by119fd.bay119.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5750 bytes

 

scannaa hjt:llä merkkaa paina Fix checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://results.limewire.com/security?gui...dows+XP&osv=5.1

 

Fix&checkasin hjt:llä ko. kohdat.KONE TOIMII HYVIN!!!!
Sitä ennen purin AVG asennuksen ja samalla sai valita lähetetäänkö virus vaultin sisältö bittiavaruuteen,kyllä lähti.Asensin AVG:n takaisin ja ajoin sen vikasietotilassa,mutta kone tilttas.Sitä toimintoa ei varmaan enää kaivatakkaan.AVG pysyy koneella, vaikuttaa hyvältä ohjelmalta.SpyBot löysi muutaman Virtumondon...


Kiitän ja Ylistän