kone tökkii

jartsa32 · Sep 13, 2008

kone tökkii pahasti.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:33, on 13.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ftpa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: BrowserConnector Object - {0D84AC30-5186-4CD9-8FD8-4A1382D5F0F3} - C:\WINDOWS\system32\odbcjta32.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\msjterr40.dll
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: System kernel integrity service (Scprtn) - SearchHelp, Inc. - C:\WINDOWS\system32\ftpa.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 5175 bytes

Hujo · Sep 13, 2008

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

================

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

================

Lataa Tästä Ccleaner
CCleaner v2.05.555- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
Asennuksen jälkeen aukaise CCleaner.
Valitse vasemmalta pystyrivistä Options.
Valitse viereisestä pystyrivistä Settings.
Language kohtaan valitse Suomi.

Puhdistaja
Valitse vasemmalta pystyrivistä Puhdistaja.
Paina alhaalta Tutki.
Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaner poistaa löydetyt tempit, cookiessit jne.

Rekisterin virheiden korjaus
Valitse vasemmalta pystyrivistä Rekisteri.
Paina alhaalta Etsi rekisterin virheitä.
Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
Saat vielä varmistus kysymyksen, paina Ok.
Kun virheet on korjattu, paina Sulje.
Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.

jartsa32 · Sep 13, 2008

combofix loki

ComboFix 08-09-12.06 - Jartsa 2008-09-13 13:23:04.1 - NTFSx86
Sijainti: C:\Documents and Settings\Jartsa\Työpöytä\ComboFix.exe

VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.
ADS - system32: deleted 0 bytes in 1 streams.
ADS - WINDOWS: deleted 0 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\directut.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-08-13 to 2008-09-13 )))))))))))))))))
.

2008-09-12 23:01 . 2008-09-13 13:28 109 --a------ C:\WINDOWS\system32\sysdnc.dat
2008-09-12 22:23 . 2007-11-22 01:12 4,286 --a------ C:\WINDOWS\system32\sentrylite.ico
2008-09-12 22:20 . 2008-09-12 22:50 155 --a------ C:\WINDOWS\system32\suntfs.nfx
2008-09-12 22:09 . 2008-09-12 22:21 10,416 --a------ C:\WINDOWS\system32\spnetrm.nfx
2008-09-12 22:09 . 2008-09-12 22:21 10,416 --a------ C:\WINDOWS\system32\sbnetkey.sys
2008-09-12 22:05 . 2008-09-09 23:19 5,268,992 --a------ C:\WINDOWS\system32\GCCollectiong.dll
2008-09-09 23:22 . 2008-09-09 23:22 83,968 --a------ C:\WINDOWS\system32\rpcrts4.dll
2008-09-09 23:22 . 2008-09-09 23:22 77,824 --a------ C:\WINDOWS\system32\rdpcfcnex.dll
2008-09-09 23:21 . 2008-09-09 23:21 196,608 --a------ C:\WINDOWS\system32\rdpdds.dll
2008-09-09 23:21 . 2008-09-09 23:21 47,104 --a------ C:\WINDOWS\system32\sxssupl.dll
2008-09-09 14:48 . 2008-09-09 14:49 <KANSIO> dr------- C:\Documents and Settings\Jartsa\Omat tiedostot
2008-09-09 14:01 . 2003-07-06 14:07 372,736 --a------ C:\WINDOWS\system32\IJL_11.DLL
2008-09-09 14:01 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-09-09 11:56 . 2008-09-09 11:57 <KANSIO> d-------- C:\Documents and Settings\Jartsa\Application Data\SUPERAntiSpyware.com
2008-09-09 11:24 . 2008-09-12 21:51 <KANSIO> dr------- C:\Documents and Settings\Jartsa\Suosikit
2008-09-09 11:13 . 2008-09-09 11:14 <KANSIO> d-------- C:\Program Files\Java
2008-09-09 11:13 . 2008-09-09 11:13 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-09-09 11:12 . 2008-09-09 11:12 <KANSIO> d-------- C:\Documents and Settings\Jartsa\Application Data\Simply Super Software
2008-09-09 11:12 . 2008-09-09 11:12 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-09-09 11:00 . 2008-09-09 11:00 <KANSIO> d-------- C:\Program Files\Common Files\Totem Shared
2008-09-09 10:58 . 2008-09-09 10:58 <KANSIO> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-09-09 10:58 . 2008-09-09 10:58 <KANSIO> d---s---- C:\Documents and Settings\Jartsa\UserData
2008-09-09 10:54 . 2008-09-09 11:41 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-09-09 09:56 . 2008-09-09 11:12 <KANSIO> d-------- C:\Program Files\Trojan Remover
2008-09-09 09:55 . 2008-09-09 09:55 <KANSIO> d-------- C:\Program Files\Microsoft AntiSpyware
2008-09-09 09:55 . 2008-09-09 09:55 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2008-09-09 09:55 . 2008-09-09 09:55 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-09-09 09:55 . 2008-09-09 11:11 <KANSIO> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-09-09 09:55 . 2008-09-09 10:43 <KANSIO> d-------- C:\Documents and Settings\Jartsa\Application Data\Hamachi
2008-09-09 09:54 . 2008-09-09 09:54 <KANSIO> d--h----- C:\Documents and Settings\Jartsa\Tulostinymp„rist”
2008-09-09 09:54 . 2008-09-09 09:54 <KANSIO> d-------- C:\Documents and Settings\Jartsa\temp
2008-09-09 09:54 . 2008-09-09 10:44 <KANSIO> d--h----- C:\Documents and Settings\Jartsa\Recent(2)
2008-09-09 09:54 . 2008-09-09 09:54 <KANSIO> d-------- C:\Documents and Settings\Jartsa\Phone Browser
2008-09-09 09:54 . 2008-09-09 09:54 <KANSIO> d--h----- C:\Documents and Settings\Jartsa\Mallit
2008-09-09 09:54 . 2008-09-09 09:54 <KANSIO> dr------- C:\Documents and Settings\Jartsa\K„ynnist„-valikko
2008-09-09 09:54 . 2008-09-09 09:54 <KANSIO> d-------- C:\Documents and Settings\Jartsa\Application Data\TrojanHunter
2008-09-09 09:54 . 2008-09-09 09:54 <KANSIO> d-------- C:\Documents and Settings\Jartsa\Application Data\TeamViewer
2008-09-09 09:54 . 2008-09-09 09:54 <KANSIO> d-------- C:\Documents and Settings\Jartsa\Application Data\Symantec
2008-09-09 09:53 . 2008-09-13 13:27 <KANSIO> d-------- C:\Documents and Settings\Jartsa\Ty”p”yt„
2008-09-09 09:53 . 2008-09-09 16:04 <KANSIO> d-------- C:\Documents and Settings\Jartsa
2008-09-08 10:45 . 2005-06-02 12:01 179,712 --a------ C:\WINDOWS\system32\ConnAPI.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-13 10:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-13 08:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-12 19:49 --------- d--h--w C:\Program Files\Eeyguxgwodxkm
2008-09-12 19:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-09 08:47 --------- d-----w C:\Program Files\TrojanHunter 5.0
2008-09-09 08:12 --------- d-----w C:\Program Files\Common Files\Java(2)
2008-09-09 08:02 --------- d-----w C:\Program Files\Lavasoft
2008-09-09 08:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-09 08:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-09 08:00 --------- d---a-w C:\Program Files\Webteh
2008-09-09 07:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-09 06:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-09 06:52 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-09-09 06:50 --------- d-----w C:\Program Files\Winamp
2008-07-17 08:24 --------- d-----w C:\Program Files\SpywareBlaster
2007-04-23 12:21 269,824 -c--a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 12:11 224,896 -c--a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 09:30 98,304 -c--a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 09:30 66,048 -c--a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 09:30 315,392 -c--a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 09:30 28,672 -c--a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 09:30 212,992 -c--a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 09:30 20,480 -c--a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 09:30 19,968 -c--a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
2007-06-08 18:40 8 -csh--r C:\WINDOWS\system32\29FBA64F40.dll
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D84AC30-5186-4CD9-8FD8-4A1382D5F0F3}]
2008-09-09 23:22 118784 --a------ C:\WINDOWS\system32\odbcjta32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 714608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\msjterr40.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KmReg]
@="Event log"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NtLclIpc]
@="Event log"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Scprtn]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009

R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
R3 XDva009;XDva009;C:\WINDOWS\system32\DRIVERS\XDva009.syS []
R4 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe []
R4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.syS []
S0 ndisrd;ndisrd;C:\WINDOWS\system32\DRIVERS\ndisrd.syS [2005-04-04 17:25]
S0 pxark;pxark;C:\WINDOWS\System32\drivers\pxark.sys [2008-06-08 19:33]
S1 KmReg;System kernel configuration;C:\WINDOWS\system32\ntdosa412.sys [2008-09-09 23:21]
S1 NtLclIpc;Remote Procedure Call RT4s;C:\WINDOWS\system32\ntiot404.sys [2008-09-09 23:21]
S2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 12:02]
S2 Scprtn;System kernel integrity service;C:\WINDOWS\system32\ftpa.exe [2008-09-09 23:21]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]

*Newly Created Service* - COMHOST
.
'Ajoitetut teht„v„t'-kansion sis„lt”
.
- - - - POISTETUT JŽMŽRIVIT - - - -

Notify-WgaLogon - (no file)

.
------- T„ydent„v„ tarkistus -------
.
FireFox -: Profile - C:\Documents and Settings\Jartsa\Application Data\Mozilla\Firefox\Profiles\1v0w7cgd.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-13 13:33:01
Windows 5.1.2600 Service Pack 2 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja k„ynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
------------------------ Muut prosessit ------------------------
.
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Valmistumisajankohta: 2008-09-13 13:44:21 - kone k„ynnistettiin uudelleen
ComboFix-quarantined-files.txt 2008-09-13 10:43:48

Pre-Run: 133,441,142,784 tavua vapaana
Post-Run: 133,436,497,920 tavua vapaana

171

Hujo · Sep 13, 2008

siintä van listaa alas päin

jartsa32 · Sep 13, 2008

uudet lokit

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:14, on 13.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ftpa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: BrowserConnector Object - {0D84AC30-5186-4CD9-8FD8-4A1382D5F0F3} - C:\WINDOWS\system32\odbcjta32.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\msjterr40.dll
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: System kernel integrity service (Scprtn) - SearchHelp, Inc. - C:\WINDOWS\system32\ftpa.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 5474 bytes

ja

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-13 18:21:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:0a5d6942
"s2"=dword:2c8122e5
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:0d,61,78,38,12,c0,82,7e,83,70,ee,5b,20,75,f8,5e,00,c3,07,da,cf,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{fb61047f-dd7b-4c6c-96ed-0eb49db41da4}]
"Current State"=dword:00000000
"Log Type"=dword:00000000
"Collection Name"="Järjestelmän yleiskatsaus"
"Collection Name Indirect"="@C:\WINDOWS\System32\smlogcfg.dll,-731"
"Counter List"=str(7):"\Processor(_Total)\% Processor Time\0\Memory\Pages/sec\0\PhysicalDisk(_Total)\Avg. Disk Queue Length\0"
"Comment"="Tämä näyteloki tarjoaa yleiskuvan järjestelmän suorituskyvystä."
"Epäsuora kommentti"="@C:\WINDOWS\System32\smlogcfg.dll,-735"
"RealTime DataSource"=dword:00000001
"Log File Max Size"=dword:ffffffff
"Tietosäilön määritteet"=dword:00000021
"Log File Base Name"="System_Overview"
"Epäsuora lokitiedoston kannan nimi"="@C:\WINDOWS\System32\smlogcfg.dll,-744"
"Sql Log Base Name"="SQL:!Järjestelmän yleiskatsaus"
"Log File Serial Number"=dword:00000001
"Log File Folder"="C:\PerfLogs"
"Log File Auto Format"=dword:ffffffff
"Log File Type"=dword:00000002
"ExecuteOnly"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:0d,61,78,38,12,c0,82,7e,83,70,ee,5b,20,75,f8,5e,00,c3,07,da,cf,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SysmonLog\Log Queries\{fb61047f-dd7b-4c6c-96ed-0eb49db41da4}]
"Current State"=dword:00000000
"Log Type"=dword:00000000
"Collection Name"="Järjestelmän yleiskatsaus"
"Collection Name Indirect"="@C:\WINDOWS\System32\smlogcfg.dll,-731"
"Counter List"=str(7):"\Processor(_Total)\% Processor Time\0\Memory\Pages/sec\0\PhysicalDisk(_Total)\Avg. Disk Queue Length\0"
"Comment"="Tämä näyteloki tarjoaa yleiskuvan järjestelmän suorituskyvystä."
"Epäsuora kommentti"="@C:\WINDOWS\System32\smlogcfg.dll,-735"
"RealTime DataSource"=dword:00000001
"Log File Max Size"=dword:ffffffff
"Tietosäilön määritteet"=dword:00000021
"Log File Base Name"="System_Overview"
"Epäsuora lokitiedoston kannan nimi"="@C:\WINDOWS\System32\smlogcfg.dll,-744"
"Sql Log Base Name"="SQL:!Järjestelmän yleiskatsaus"
"Log File Serial Number"=dword:00000001
"Log File Folder"="C:\PerfLogs"
"Log File Auto Format"=dword:ffffffff
"Log File Type"=dword:00000002
"ExecuteOnly"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:0d,61,78,38,12,c0,82,7e,83,70,ee,5b,20,75,f8,5e,00,c3,07,da,cf,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SysmonLog\Log Queries\{fb61047f-dd7b-4c6c-96ed-0eb49db41da4}]
"Current State"=dword:00000000
"Log Type"=dword:00000000
"Collection Name"="Järjestelmän yleiskatsaus"
"Collection Name Indirect"="@C:\WINDOWS\System32\smlogcfg.dll,-731"
"Counter List"=str(7):"\Processor(_Total)\% Processor Time\0\Memory\Pages/sec\0\PhysicalDisk(_Total)\Avg. Disk Queue Length\0"
"Comment"="Tämä näyteloki tarjoaa yleiskuvan järjestelmän suorituskyvystä."
"Epäsuora kommentti"="@C:\WINDOWS\System32\smlogcfg.dll,-735"
"RealTime DataSource"=dword:00000001
"Log File Max Size"=dword:ffffffff
"Tietosäilön määritteet"=dword:00000021
"Log File Base Name"="System_Overview"
"Epäsuora lokitiedoston kannan nimi"="@C:\WINDOWS\System32\smlogcfg.dll,-744"
"Sql Log Base Name"="SQL:!Järjestelmän yleiskatsaus"
"Log File Serial Number"=dword:00000001
"Log File Folder"="C:\PerfLogs"
"Log File Auto Format"=dword:ffffffff
"Log File Type"=dword:00000002
"ExecuteOnly"=dword:00000001

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Hujo · Sep 13, 2008

Malwarebytes' Anti-Malware loki

sdfix loki

jartsa32 · Sep 13, 2008

en kyllä saanu tätä myllyä vikasietotilaan,mutta normaali olossa
sain tälläsen lokin.

System Report
*************

Run on la 13.09.2008 at 21:11

Microsoft Windows XP [versio 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [640]
\??\C:\WINDOWS\system32\csrss.exe [868]
\??\C:\WINDOWS\system32\winlogon.exe [892]
C:\WINDOWS\system32\services.exe [936]
C:\WINDOWS\system32\lsass.exe [948]
C:\WINDOWS\system32\svchost.exe [1092]
C:\WINDOWS\system32\ftpa.exe [1128]
C:\WINDOWS\system32\svchost.exe [1204]
C:\WINDOWS\System32\svchost.exe [1352]
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [1748]
C:\WINDOWS\system32\spoolsv.exe [552]
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [608]
C:\WINDOWS\System32\svchost.exe [756]
C:\WINDOWS\System32\wdfmgr.exe [828]
C:\WINDOWS\System32\alg.exe [444]
C:\WINDOWS\Explorer.EXE [1812]
C:\WINDOWS\system32\ctfmon.exe [3320]
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [3416]
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [2064]
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2444]
C:\Program Files\Mozilla Firefox\firefox.exe [3424]
C:\WINDOWS\system32\msiexec.exe [540]

Drivers - Running:

ACPI
AegisP
AFD
AmdK7
atapi
audstub
Beep
Cdfs
Cdrom
CO_Mon
Disk
dmio
dmload
eeCtrl
EraserUtilRebootDrv
Fdc
FETNDIS
Fips
FltMgr
Ftdisk
Gpc
HidUsb
i8042prt
Imapi
IpNat
IPSec
isapnp
Kbdclass
kmixer
KmReg
KSecDD
mbmiodrvr
mnmdd
Mouclass
mouhid
MountMgr
MRxSmb
Msfs
mssmbios
Mup
NAVENG
NAVEX15
NDIS
ndisrd
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
Npfs
Ntfs
NtLclIpc
Null
Parport
PartMgr
ParVdm
PCI
PptpMiniport
prodrv06
prohlp02
PSched
Ptilink
pxark
PxHelp20
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
rdpdr
redbook
RTL8187B
S3Psddr
SASDIFSV
SASKUTIL
serenum
Serial
sfhlp01
SPBBCDrv
sptd
sr
SRTSP
SRTSPX
Srv
swenum
SYMDNS
SymEvent
SYMFW
SYMIDS
SYMIDSCO
SYMNDIS
SYMREDRV
SYMTDI
sysaudio
Tcpip
TermDD
Update
usbhub
usbuhci
VgaSave
viaagp
ViaIde
VIAudio
VolSnap
Wanarp
wdmaud

Drivers - Stopped:

Abiosdsk
abp480n5
ACPIEC
adpu160m
aec
Aha154x
aic78u2
aic78xx
AliIde
amsint
asc
asc3350p
asc3550
ASPI32
AsyncMac
Atdisk
Atmarpc
catchme
cbidf2k
CCDECODE
cd20xrnt
Cdaudio
Changer
CmdIde
COH_Mon
Cpqarray
dac960nt
dmboot
DMusic
dpti2o
drmkaud
ENTECH
Fastfat
Flpydisk
FreshIO
hpn
hpt3xx
HTTP
i2omgmt
i2omp
ini910u
IntelIde
ip6fw
IpFilterDriver
IpInIp
IRENUM
lbrtfdc
Modem
mraid35x
MRxDAV
MSKSSRV
MSPCLOCK
MSPQM
MSTEE
NABTSFEC
NdisIP
Nokia
Nokia
Nokia
NwlnkFlt
NwlnkFwd
PCIDump
PCIIde
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
pepifilter
perc2
perc2hib
PID_08A0
Processor
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RDPWD
RT73
SASENUM
Secdrv
Sfloppy
Simbad
SLIP
Sparrow
splitter
SRTSPL
streamip
swmidi
symc810
symc8xx
SymIM
sym_hi
sym_u3
TDPIPE
TDTCP
TosIde
tunmp
TVICHW32
Udfs
ultra
usbaudio
usbccgp
USBSTOR
WDICA
WS2IFSL
WSTCODEC
XDva009

Services - Running:

ALG
AudioSrv
Automatic
Browser
ccEvtMgr
ccSetMgr
CLTNetCnService
CryptSvc
DcomLaunch
Dhcp
dmserver
ERSvc
Eventlog
EventSystem
FastUserSwitchingCompatibility
helpsvc
lanmanserver
lanmanworkstation
LiveUpdate
MSIServer
Netman
Nla
PlugPlay
ProtectedStorage
RasMan
RpcSs
SamSs
Schedule
Scprtn
seclogon
SENS
SharedAccess
ShellHWDetection
Spooler
srservice
stisvc
Symantec
TapiSrv
TermService
Themes
UMWdf
W32Time
winmgmt
wuauserv
WZCSVC

Services - Stopped:

Alerter
AppMgmt
aspnet_state
BITS
cisvc
ClipSrv
clr_optimization_v2.0.50727_32
comHost
COMSysApp
CSIScanner
dmadmin
Dnscache
HidServ
HTTPFilter
IDriverT
ImapiService
LiveUpdate
LmHosts
Messenger
mnmsrvc
MSDTC
NetDDE
NetDDEdsdm
Netlogon
NtLmSsp
NtmsSvc
PolicyAgent
RasAuto
RDSessMgr
RemoteAccess
RemoteRegistry
RpcLocator
RSVP
SCardSvr
SSDPSRV
SwPrv
SysmonLog
TlntSvr
TrkWks
upnphost
UPS
VSS
WebClient
WmdmPmSN
Wmi
WmiApSrv
wscsvc
xmlprov

Files Created/Modified - 60 Days:

C:\

13 Sep 2008 13.44.26 11 511 A.... "C:\ComboFix.txt"
13 Sep 2008 19.01.32 1 593 835 520 A.SH. "C:\pagefile.sys"

C:\WINDOWS\

13 Sep 2008 19.02.00 2 048 A.S.. "C:\WINDOWS\bootstat.dat"
9 Sep 2008 18.23.56 49 A.... "C:\WINDOWS\NeroDigital.ini"
13 Sep 2008 17.03.14 32 606 ..... "C:\WINDOWS\SchedLgU.Txt"
13 Sep 2008 13.32.24 246 A.... "C:\WINDOWS\system.ini"
13 Sep 2008 19.03.08 159 ..... "C:\WINDOWS\wiadebug.log"
13 Sep 2008 19.03.04 49 ..... "C:\WINDOWS\wiaservc.log"
12 Sep 2008 22.21.06 585 A.... "C:\WINDOWS\win.ini"
13 Sep 2008 19.03.10 1 135 821 ..... "C:\WINDOWS\WindowsUpdate.log"
13 Sep 2008 19.02.00 0 ..... "C:\WINDOWS\Debug\PASSWD.LOG"
13 Sep 2008 13.27.40 110 A.... "C:\WINDOWS\erdnt\CFrecovery.bat"
9 Sep 2008 18.12.58 12 512 A.... "C:\WINDOWS\inf\acpi.PNF"
9 Sep 2008 18.13.26 9 644 A.... "C:\WINDOWS\inf\ccdecode.PNF"
9 Sep 2008 18.13.00 56 508 A.... "C:\WINDOWS\inf\cdrom.PNF"
9 Sep 2008 18.12.54 16 996 A.... "C:\WINDOWS\inf\cpu.PNF"
9 Sep 2008 18.13.00 12 120 A.... "C:\WINDOWS\inf\disk.PNF"
9 Sep 2008 18.12.56 7 884 A.... "C:\WINDOWS\inf\fdc.PNF"
9 Sep 2008 18.13.20 11 516 A.... "C:\WINDOWS\inf\hal.PNF"
9 Sep 2008 18.13.30 100 156 A.... "C:\WINDOWS\inf\input.PNF"
9 Sep 2008 18.13.08 92 268 A.... "C:\WINDOWS\inf\ks.PNF"
9 Sep 2008 18.13.26 24 720 A.... "C:\WINDOWS\inf\ksfilter.PNF"
9 Sep 2008 18.12.58 108 132 A.... "C:\WINDOWS\inf\monitor.PNF"
9 Sep 2008 18.12.58 94 204 A.... "C:\WINDOWS\inf\monitor6.PNF"
9 Sep 2008 18.13.00 112 360 A.... "C:\WINDOWS\inf\monitor8.PNF"
9 Sep 2008 18.13.06 49 572 A.... "C:\WINDOWS\inf\mshdc.PNF"
9 Sep 2008 18.12.56 30 288 A.... "C:\WINDOWS\inf\msports.PNF"
9 Sep 2008 18.13.24 9 636 A.... "C:\WINDOWS\inf\nabtsfec.PNF"
9 Sep 2008 18.13.26 9 120 A.... "C:\WINDOWS\inf\ndisip.PNF"
9 Sep 2008 18.13.22 5 788 A.... "C:\WINDOWS\inf\netpsa.PNF"
9 Sep 2008 18.13.22 23 520 A.... "C:\WINDOWS\inf\netrasa.PNF"
9 Sep 2008 18.13.12 14 980 A.... "C:\WINDOWS\inf\netvt86.PNF"
9 Sep 2008 18.13.14 23 348 A.... "C:\WINDOWS\inf\oem0.PNF"
9 Sep 2008 18.13.06 44 784 A.... "C:\WINDOWS\inf\oem1.PNF"
9 Sep 2008 18.13.32 17 440 A.... "C:\WINDOWS\inf\oem13.PNF"
9 Sep 2008 18.13.30 16 956 A.... "C:\WINDOWS\inf\oem18.PNF"
9 Sep 2008 18.13.02 41 782 A.... "C:\WINDOWS\inf\oem19.PNF"
9 Sep 2008 18.13.02 46 866 A.... "C:\WINDOWS\inf\oem20.PNF"
9 Sep 2008 16.30.58 0 ...H. "C:\WINDOWS\inf\oem21.inf"
9 Sep 2008 18.13.30 5 666 A.... "C:\WINDOWS\inf\oem5.PNF"
9 Sep 2008 18.13.24 9 196 A.... "C:\WINDOWS\inf\slip.PNF"
9 Sep 2008 18.13.28 11 956 A.... "C:\WINDOWS\inf\streamip.PNF"
9 Sep 2008 16.31.04 101 660 A.... "C:\WINDOWS\inf\syssetup.PNF"
9 Sep 2008 18.13.28 44 648 A.... "C:\WINDOWS\inf\usb.PNF"
9 Sep 2008 18.13.30 37 032 A.... "C:\WINDOWS\inf\usbstor.PNF"
9 Sep 2008 18.13.24 4 808 A.... "C:\WINDOWS\inf\volume.PNF"
9 Sep 2008 18.13.20 10 852 A.... "C:\WINDOWS\inf\wave.PNF"
9 Sep 2008 18.13.08 44 888 A.... "C:\WINDOWS\inf\wdmaudio.PNF"
9 Sep 2008 18.13.26 9 200 A.... "C:\WINDOWS\inf\wstcodec.PNF"
18 Jul 2008 21.54.24 56 714 A.... "C:\WINDOWS\inf\wuau.adm"
7 Sep 2008 17.12.32 24 A.... "C:\WINDOWS\.jagex_cache_32\random.dat"
13 Aug 2008 19.49.44 1 158 A.... "C:\WINDOWS\.mpr_file_store_32\Mopar_error.log"
9 Sep 2008 23.22.22 224 256 A.... "C:\WINDOWS\system32\admparsei.dll"
9 Sep 2008 23.19.04 139 776 A.... "C:\WINDOWS\system32\alrsvcd.dll"
9 Sep 2008 23.21.08 182 784 A.... "C:\WINDOWS\system32\blastclns.exe"
9 Sep 2008 23.17.54 72 192 A.... "C:\WINDOWS\system32\browseuik.dll"
18 Jul 2008 22.10.48 94 920 A.... "C:\WINDOWS\system32\cdm.dll"
9 Sep 2008 23.20.30 43 008 A.... "C:\WINDOWS\system32\certmgrf.dll"
9 Sep 2008 23.22.22 308 224 A.... "C:\WINDOWS\system32\creduin.dll"
9 Sep 2008 23.20.56 71 168 A.... "C:\WINDOWS\system32\d3dk9.dll"
9 Sep 2008 23.19.40 5 268 992 A.... "C:\WINDOWS\system32\dcimani32.dll"
9 Sep 2008 23.18.40 216 576 A.... "C:\WINDOWS\system32\dpnhpasta.dll"
9 Sep 2008 23.19.12 148 480 A.... "C:\WINDOWS\system32\dpnmodems.dll"
9 Sep 2008 23.22.22 308 224 A.... "C:\WINDOWS\system32\dskquotay.dll"
9 Sep 2008 23.20.30 43 008 A.... "C:\WINDOWS\system32\elsc.dll"
9 Sep 2008 23.18.20 253 440 A.... "C:\WINDOWS\system32\feclientl.dll"
9 Sep 2008 23.18.40 216 576 A.... "C:\WINDOWS\system32\fontexta.dll"
9 Sep 2008 23.21.08 182 784 A.... "C:\WINDOWS\system32\ftpa.exe"
9 Sep 2008 23.19.40 5 268 992 A.... "C:\WINDOWS\system32\GCCollectiong.dll"
9 Sep 2008 23.20.56 71 168 A.... "C:\WINDOWS\system32\gdiplusi.dll"
9 Sep 2008 23.21.16 171 520 A.... "C:\WINDOWS\system32\httpapiq.dll"
9 Sep 2008 23.19.12 148 480 A.... "C:\WINDOWS\system32\iasnapw.dll"
9 Sep 2008 23.22.48 445 440 A.... "C:\WINDOWS\system32\iprtrmgrm.dll"
9 Sep 2008 23.18.20 253 440 A.... "C:\WINDOWS\system32\jscriptt.dll"
9 Sep 2008 23.20.52 59 392 A.... "C:\WINDOWS\system32\kbdbrw.dll"
9 Sep 2008 23.18.20 241 152 A.... "C:\WINDOWS\system32\kbdkyrx.dll"
9 Sep 2008 23.21.16 171 520 A.... "C:\WINDOWS\system32\kbdlag.dll"
9 Sep 2008 23.20.52 59 392 A.... "C:\WINDOWS\system32\kbdnou.dll"
9 Sep 2008 23.21.14 60 928 A.... "C:\WINDOWS\system32\kbdukr.dll"
9 Sep 2008 23.20.28 283 648 A.... "C:\WINDOWS\system32\LegitCheckControli.dll"
9 Sep 2008 23.18.20 241 152 A.... "C:\WINDOWS\system32\licmgrb10.dll"
9 Sep 2008 23.20.28 283 648 A.... "C:\WINDOWS\system32\lmhsvci.dll"
9 Sep 2008 23.21.14 60 928 A.... "C:\WINDOWS\system32\lmhsvcih.dll"
9 Sep 2008 23.19.00 4 013 568 A.... "C:\WINDOWS\system32\mprdimy.dll"
9 Sep 2008 23.22.48 445 440 A.... "C:\WINDOWS\system32\mqrtdepa.dll"
9 Sep 2008 23.20.06 437 760 A.... "C:\WINDOWS\system32\msftedite.dll"
9 Sep 2008 23.22.58 194 560 A.... "C:\WINDOWS\system32\msjterr40.dll"
9 Sep 2008 23.22.00 118 784 A.... "C:\WINDOWS\system32\msobjsb.dll"
9 Sep 2008 23.22.58 194 560 A.... "C:\WINDOWS\system32\msxbdet40.dll"
9 Sep 2008 23.20.06 437 760 A.... "C:\WINDOWS\system32\muwebs.dll"
9 Sep 2008 23.21.28 196 608 A.... "C:\WINDOWS\system32\nddeapis.dll"
9 Sep 2008 23.22.36 190 976 A.... "C:\WINDOWS\system32\ntdllg.dll"
9 Sep 2008 23.21.38 38 912 A.... "C:\WINDOWS\system32\ntdosa412.sys"
9 Sep 2008 23.21.38 38 912 A.... "C:\WINDOWS\system32\ntdost.sys"
9 Sep 2008 23.21.56 122 240 A.... "C:\WINDOWS\system32\ntiof.sys"
9 Sep 2008 23.21.56 122 240 A.... "C:\WINDOWS\system32\ntiot404.sys"
9 Sep 2008 23.18.30 69 120 A.... "C:\WINDOWS\system32\objsell.dll"
9 Sep 2008 23.22.00 118 784 A.... "C:\WINDOWS\system32\odbcjta32.dll"
4 Aug 2008 11.51.52 58 732 A.... "C:\WINDOWS\system32\perfc009.dat"
4 Aug 2008 11.51.52 71 202 A.... "C:\WINDOWS\system32\perfc00B.dat"
4 Aug 2008 11.51.52 392 432 A.... "C:\WINDOWS\system32\perfh009.dat"
4 Aug 2008 11.51.52 366 824 A.... "C:\WINDOWS\system32\perfh00B.dat"
9 Sep 2008 23.19.50 346 624 A.... "C:\WINDOWS\system32\quartz(2)H.dll"
9 Sep 2008 23.21.06 47 104 A.... "C:\WINDOWS\system32\rasmontrb.dll"
9 Sep 2008 23.22.06 77 824 A.... "C:\WINDOWS\system32\rdpcfcnex.dll"
9 Sep 2008 23.21.28 196 608 A.... "C:\WINDOWS\system32\rdpdds.dll"
9 Sep 2008 23.22.48 83 968 A.... "C:\WINDOWS\system32\remotepgo.dll"
9 Sep 2008 23.19.26 113 664 A.... "C:\WINDOWS\system32\remotepgv.dll"
9 Sep 2008 23.22.48 83 968 A.... "C:\WINDOWS\system32\rpcrts4.dll"
9 Sep 2008 23.19.26 113 664 A.... "C:\WINDOWS\system32\rsfsapsx.dll"
9 Sep 2008 23.22.36 190 976 A.... "C:\WINDOWS\system32\rsmpsp.dll"
12 Sep 2008 22.21.06 10 416 A.... "C:\WINDOWS\system32\sbnetkey.sys"
9 Sep 2008 23.19.50 346 624 A.... "C:\WINDOWS\system32\scrrnfil.dll"
12 Sep 2008 22.21.06 10 416 A.... "C:\WINDOWS\system32\secrd.dat"
9 Sep 2008 23.18.30 69 120 A.... "C:\WINDOWS\system32\sensr.dll"
12 Sep 2008 22.21.06 10 416 A.... "C:\WINDOWS\system32\spnetrm.nfx"
9 Sep 2008 23.21.50 70 656 A.... "C:\WINDOWS\system32\stii.dll"
12 Sep 2008 22.50.36 155 A.... "C:\WINDOWS\system32\suntfs.nfx"
9 Sep 2008 23.21.06 47 104 A.... "C:\WINDOWS\system32\sxssupl.dll"
13 Sep 2008 17.03.12 109 A.... "C:\WINDOWS\system32\sysdnc.dat"
9 Sep 2008 23.20.10 84 480 A.... "C:\WINDOWS\system32\tcpmonuij.dll"
9 Sep 2008 23.22.06 77 824 A.... "C:\WINDOWS\system32\typelibh.dll"
9 Sep 2008 23.22.22 224 256 A.... "C:\WINDOWS\system32\unzipp32.dll"
9 Sep 2008 23.18.08 219 648 A.... "C:\WINDOWS\system32\vp6vfwa.dll"
9 Sep 2008 23.20.10 84 480 A.... "C:\WINDOWS\system32\winhttpg.dll"
9 Sep 2008 23.17.54 72 192 A.... "C:\WINDOWS\system32\winsrvg.dll"
9 Sep 2008 23.18.08 219 648 A.... "C:\WINDOWS\system32\winstrmg.dll"
12 Sep 2008 21.40.10 2 206 A.... "C:\WINDOWS\system32\wpa.dbl"
9 Sep 2008 23.19.04 139 776 A.... "C:\WINDOWS\system32\wshnetbsf.dll"
18 Jul 2008 22.09.44 563 912 A.... "C:\WINDOWS\system32\wuapi.dll"
18 Jul 2008 22.08.56 25 800 A.... "C:\WINDOWS\system32\wuapi.dll.mui"
18 Jul 2008 22.10.42 53 448 A.... "C:\WINDOWS\system32\wuauclt.exe"
18 Jul 2008 22.09.46 215 752 A.... "C:\WINDOWS\system32\wuaucpl.cpl"
18 Jul 2008 22.09.08 29 896 A.... "C:\WINDOWS\system32\wuaucpl.cpl.mui"
18 Jul 2008 22.09.42 1 811 656 A.... "C:\WINDOWS\system32\wuaueng.dll"
18 Jul 2008 22.08.42 21 192 A.... "C:\WINDOWS\system32\wuaueng.dll.mui"
18 Jul 2008 22.09.46 325 832 A.... "C:\WINDOWS\system32\wucltui.dll"
18 Jul 2008 22.10.56 33 992 A.... "C:\WINDOWS\system32\wucltui.dll.mui"
18 Jul 2008 22.10.20 36 552 A.... "C:\WINDOWS\system32\wups(2)(2).dll"
18 Jul 2008 22.10.20 36 552 A.... "C:\WINDOWS\system32\wups.dll"
18 Jul 2008 22.10.40 45 768 A.... "C:\WINDOWS\system32\wups2(2)(2).dll"
18 Jul 2008 22.10.40 45 768 A.... "C:\WINDOWS\system32\wups2.dll"
9 Sep 2008 23.21.50 70 656 A.... "C:\WINDOWS\system32\wupsq2.dll"
18 Jul 2008 22.09.44 205 000 A.... "C:\WINDOWS\system32\wuweb.dll"
9 Sep 2008 23.19.00 4 013 568 A.... "C:\WINDOWS\system32\xolehlpt.dll"
13 Sep 2008 17.47.02 284 A.... "C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
8 Sep 2008 21.58.36 636 A.... "C:\WINDOWS\Tasks\Norton Internet Security - Suorita t„ysi j„rjestelm„ntarkistus - 1.job"
8 Sep 2008 20.00.02 646 A.... "C:\WINDOWS\Tasks\Norton Internet Security - Suorita t„ysi j„rjestelm„ntarkistus - Jartsa.job"
13 Sep 2008 19.02.52 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
13 Sep 2008 19.03.02 0 A.... "C:\WINDOWS\temp\JET35C6.tmp"
13 Sep 2008 17.06.28 0 A.... "C:\WINDOWS\temp\JET7A27.tmp"
13 Sep 2008 13.34.28 0 A.... "C:\WINDOWS\temp\JETC6B2.tmp"
13 Sep 2008 21.10.50 15 379 A.... "C:\WINDOWS\temp\scsC1.tmp"
9 Sep 2008 18.14.30 13 279 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.inf"
13 Sep 2008 13.22.10 294 912 A.... "C:\WINDOWS\erdnt\Hiv-backup\default"
13 Sep 2008 13.22.10 673 A.... "C:\WINDOWS\erdnt\Hiv-backup\ERDNT.CON"
13 Sep 2008 13.22.10 1 241 A.... "C:\WINDOWS\erdnt\Hiv-backup\ERDNT.INF"
13 Sep 2008 13.22.10 28 672 A.... "C:\WINDOWS\erdnt\Hiv-backup\SAM"
13 Sep 2008 13.21.54 49 152 A.... "C:\WINDOWS\erdnt\Hiv-backup\SECURITY"
13 Sep 2008 13.22.06 28 733 440 A.... "C:\WINDOWS\erdnt\Hiv-backup\software"
13 Sep 2008 13.43.44 7 077 888 A.... "C:\WINDOWS\erdnt\Hiv-backup\system"
9 Aug 2008 16.27.32 126 A.... "C:\WINDOWS\.jagex_cache_32\arcanistsmulti\main_file_cache.idx12"
9 Aug 2008 16.27.32 12 A.... "C:\WINDOWS\.jagex_cache_32\arcanistsmulti\main_file_cache.idx13"
9 Aug 2008 16.27.30 204 A.... "C:\WINDOWS\.jagex_cache_32\arcanistsmulti\main_file_cache.idx10"
7 Aug 2008 13.37.04 0 A.... "C:\WINDOWS\.jagex_cache_32\arcanistsmulti\main_file_cache.idx11"
9 Aug 2008 16.27.32 6 A.... "C:\WINDOWS\.jagex_cache_32\arcanistsmulti\main_file_cache.idx4"
9 Aug 2008 16.27.30 6 A.... "C:\WINDOWS\.jagex_cache_32\arcanistsmulti\main_file_cache.idx5"
9 Aug 2008 16.27.32 6 A.... "C:\WINDOWS\.jagex_cache_32\arcanistsmulti\main_file_cache.idx255"
9 Aug 2008 16.27.30 6 A.... "C:\WINDOWS\.jagex_cache_32\arcanistsmulti\main_file_cache.idx6"
9 Aug 2008 16.27.30 6 A.... "C:\WINDOWS\.jagex_cache_32\arcanistsmulti\main_file_cache.idx7"
9 Aug 2008 16.27.30 72 A.... "C:\WINDOWS\.jagex_cache_32\arcanistsmulti\main_file_cache.idx8"
7 Aug 2008 13.37.04 0 A.... "C:\WINDOWS\.jagex_cache_32\arcanistsmulti\main_file_cache.idx9"
9 Aug 2008 16.27.32 4 362 352 A.... "C:\WINDOWS\.jagex_cache_32\arcanistsmulti\main_file_cache.dat2"
9 Aug 2008 16.27.32 72 A.... "C:\WINDOWS\.jagex_cache_32\arcanistsmulti\main_file_cache.idx0"
7 Aug 2008 13.37.28 426 207 A.... "C:\WINDOWS\.jagex_cache_32\arcanistsmulti\main_file_cache.dat0"
9 Aug 2008 16.27.32 48 A.... "C:\WINDOWS\.jagex_cache_32\arcanistsmulti\main_file_cache.idx1"
9 Aug 2008 16.27.32 6 A.... "C:\WINDOWS\.jagex_cache_32\arcanistsmulti\main_file_cache.idx2"
9 Aug 2008 16.27.30 6 A.... "C:\WINDOWS\.jagex_cache_32\arcanistsmulti\main_file_cache.idx3"
5 Sep 2008 17.23.44 100 888 A.... "C:\WINDOWS\.jagex_cache_32\loginapplet\cache--1999123318.dat"
7 Sep 2008 16.38.04 10 614 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx12"
7 Sep 2008 17.12.34 4 920 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx13"
7 Sep 2008 17.12.34 3 504 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx14"
7 Sep 2008 17.12.32 1 560 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx15"
7 Sep 2008 16.38.04 912 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx16"
7 Sep 2008 16.38.04 48 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx17"
7 Sep 2008 17.12.32 384 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx18"
7 Sep 2008 17.12.32 324 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx19"
7 Sep 2008 17.12.32 12 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx10"
7 Sep 2008 16.38.22 2 076 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx11"
7 Sep 2008 17.12.34 36 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx22"
7 Sep 2008 17.12.34 18 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx23"
7 Sep 2008 17.12.34 12 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx24"
7 Sep 2008 17.12.34 12 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx25"
7 Sep 2008 17.12.34 6 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx26"
7 Sep 2008 17.12.34 486 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx20"
7 Sep 2008 16.38.04 48 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx21"
7 Sep 2008 16.38.04 31 752 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx4"
7 Sep 2008 16.38.22 21 234 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx5"
7 Sep 2008 17.12.34 162 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx255"
7 Sep 2008 17.12.32 3 690 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx6"
7 Sep 2008 16.38.22 253 026 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx7"
7 Sep 2008 16.38.22 8 868 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx8"
7 Sep 2008 17.12.32 4 068 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx9"
7 Sep 2008 16.38.28 77 515 259 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.dat2"
7 Sep 2008 16.37.46 15 216 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx0"
7 Sep 2008 16.35.40 365 234 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.dat0"
7 Sep 2008 16.37.42 13 578 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx1"
7 Sep 2008 17.12.32 162 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx2"
7 Sep 2008 16.37.50 4 734 A.... "C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx3"
18 Jul 2008 22.10.48 94 920 A.... "C:\WINDOWS\system32\dllcache\cdm.dll"
18 Jul 2008 22.09.44 563 912 A.... "C:\WINDOWS\system32\dllcache\wuapi.dll"
18 Jul 2008 22.10.42 53 448 A.... "C:\WINDOWS\system32\dllcache\wuauclt.exe"
18 Jul 2008 22.09.46 215 752 A.... "C:\WINDOWS\system32\dllcache\wuaucpl.cpl"
18 Jul 2008 22.09.42 1 811 656 A.... "C:\WINDOWS\system32\dllcache\wuaueng.dll"
18 Jul 2008 22.09.46 325 832 A.... "C:\WINDOWS\system32\dllcache\wucltui.dll"
18 Jul 2008 22.10.20 36 552 A.... "C:\WINDOWS\system32\dllcache\wups.dll"
18 Jul 2008 22.09.44 205 000 A.... "C:\WINDOWS\system32\dllcache\wuweb.dll"
8 Sep 2008 0.11.02 17 200 A.... "C:\WINDOWS\system32\drivers\mbam.sys"
8 Sep 2008 0.11.08 38 528 A.... "C:\WINDOWS\system32\drivers\mbamswissarmy.sys"
9 Sep 2008 16.04.58 466 040 A.... "C:\WINDOWS\system32\Restore\rstrlog.dat"
28 Aug 2008 13.49.32 1 304 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Logs\helpctr.log"
13 Sep 2008 20.57.18 686 A.... "C:\WINDOWS\system32\drivers\etc\HOSTS"
13 Sep 2008 13.22.10 233 472 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT"
13 Sep 2008 13.22.10 8 192 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat"
13 Sep 2008 13.22.10 237 568 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat"
13 Sep 2008 13.22.10 8 192 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat"
13 Sep 2008 13.22.10 1 359 872 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat"
13 Sep 2008 13.22.10 151 552 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat"

C:\Program Files\

22 Aug 2008 20.26.02 1 234 160 A.... "C:\Program Files\CCleaner\ccleaner.exe"
23 Aug 2008 1.03.10 22 528 A.... "C:\Program Files\CCleaner\lang-1035.dll"
13 Sep 2008 19.47.58 114 605 A.... "C:\Program Files\CCleaner\uninst.exe"
8 Sep 2008 0.11.00 380 080 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe"
8 Sep 2008 0.10.58 61 104 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll"
8 Sep 2008 0.11.00 1 253 040 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
8 Sep 2008 0.11.02 73 392 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
8 Sep 2008 0.11.04 110 256 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"
8 Sep 2008 0.11.04 372 400 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe"
8 Sep 2008 0.11.06 44 720 A.... "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"
13 Sep 2008 14.10.44 7 899 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.dat"
13 Sep 2008 14.10.00 688 816 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
8 Sep 2008 0.11.06 78 000 A.... "C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll"
9 Sep 2008 23.17.54 72 192 A.... "C:\Program Files\Mozilla Firefox\components\winsrvg.dll"
28 Aug 2008 15.53.00 10 845 A.... "C:\Program Files\NETGEAR\WG111v3\MultiLanguage.tmp"
16 Jul 2008 11.31.04 86 811 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.pups.zip"
16 Jul 2008 11.31.06 7 899 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.security.zip"
16 Jul 2008 11.31.20 505 184 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.trojans.zip"
16 Jul 2008 11.31.06 168 782 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.spybots.zip"
16 Jul 2008 11.31.26 601 381 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip"
16 Jul 2008 11.31.00 148 756 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.hijackers.zip"
16 Jul 2008 11.31.00 75 179 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.keyloggers.zip"
16 Jul 2008 11.31.04 399 173 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.malware.zip"
16 Jul 2008 11.31.36 25 295 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip"
16 Jul 2008 11.31.12 555 164 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\supplemental.zip"
13 Sep 2008 20.32.56 72 A.... "C:\Program Files\Symantec\LiveUpdate\ludirloc.dat"

Files with hidden attributes:

Fri 8 Jun 2007 8 ..SHR --- "C:\WINDOWS\system32\29FBA64F40.dll"
Sat 20 Aug 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"
Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"

Program Folders:

C:\Program Files\

AC3Filter
Adobe
Ahead
CCleaner
Common Files
Eeyguxgwodxkm
InstallShield Installation Information
Internet Explorer
Java
Lavasoft
Malwarebytes' Anti-Malware
Messenger
Microsoft AntiSpyware
microsoft frontpage
Microsoft Office
Movie Maker
Mozilla Firefox
MSN Gaming Zone
MSN Messenger
NETGEAR
NetMeeting
Norton Internet Security
Outlook Express
Real
Spybot - Search & Destroy
SpywareBlaster
SUPERAntiSpyware
Symantec
Trend Micro
Trojan Remover
TrojanHunter 5.0
Uninstall Information
Webteh
VIA Technologies, Inc
VideoLAN
Winamp
Windows Media Player
Windows NT
Windows Sidebar
WindowsUpdate
WinRAR
xerox
Yahoo!

C:\Program Files\Common Files\

Adobe
Ahead
Blizzard Entertainment
Designer
InstallShield
Java
Java(2)
Microsoft Shared
MSSoap
Nokia
PCSuite
Real
Services
SpeechEngines
Symantec Shared
System
Totem Shared
Wise Installation Wizard
xing shared

Add/Remove Programs:

AC3Filter (remove only)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Shockwave Player
Advanced WindowsCare
BSPlayer
CCleaner (remove only)
ffdshow
HijackThis 2.0.2
Nokia Connectivity Cable Driver
NETGEAR WG111v3 wireless USB 2.0 adapter
Nokia PC Suite
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Suojauspäivitys Windows XP:lle (KB883939)
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Suojauspäivitys Windows XP:lle (KB890046)
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Suojauspäivitys Windows XP:lle (KB893066)
Windows XP Hotfix - KB893086
Suojauspäivitys Windows XP:lle (KB893756)
Windows Installer 3.1 (KB893803)
Päivitys Windows XP:lle (KB894391)
Suojauspäivitys Windows XP:lle (KB896358)
Suojauspäivitys Windows XP:lle (KB896422)
Suojauspäivitys Windows XP:lle (KB896423)
Suojauspäivitys Windows XP:lle (KB896424)
Suojauspäivitys Windows XP:lle (KB896428)
Suojauspäivitys Windows XP:lle (KB896688)
Päivitys Windows XP:lle (KB896727)
Päivitys Windows XP:lle (KB898461)
Suojauspäivitys Windows XP:lle (KB899587)
Suojauspäivitys Windows XP:lle (KB899588)
Suojauspäivitys Windows XP:lle (KB899589)
Suojauspäivitys Windows XP:lle (KB899591)
Päivitys Windows XP:lle (KB900485)
Suojauspäivitys Windows XP:lle (KB900725)
Päivitys Windows XP:lle (KB900930)
Suojauspäivitys Windows XP:lle (KB901017)
Suojauspäivitys Windows XP:lle (KB901190)
Suojauspäivitys Windows XP:lle (KB901214)
Suojauspäivitys Windows XP:lle (KB902400)
Suojauspäivitys Windows XP:lle (KB903235)
Suojauspäivitys Windows XP:lle (KB904706)
Suojauspäivitys Windows XP:lle (KB905414)
Suojauspäivitys Windows XP:lle (KB905749)
Suojauspäivitys Windows XP:lle (KB905915)
Suojauspäivitys Windows XP:lle (KB908519)
Suojauspäivitys Windows XP:lle (KB908531)
Päivitys Windows XP:lle (KB910437)
Suojauspäivitys Windows XP:lle (KB911280)
Suojauspäivitys Windows XP:lle (KB911562)
Suojauspäivitys Windows Media Playerille (KB911564)
Suojauspäivitys Windows Media Player 10:lle (KB911565)
Suojauspäivitys Windows XP:lle (KB911567)
Suojauspäivitys Windows XP:lle (KB911927)
Suojauspäivitys Windows XP:lle (KB912812)
Suojauspäivitys Windows XP:lle (KB912919)
Suojauspäivitys Windows XP:lle (KB913446)
Suojauspäivitys Windows XP:lle (KB913580)
Suojauspäivitys Windows XP:lle (KB914388)
Suojauspäivitys Windows XP:lle (KB914389)
Suojauspäivitys Windows XP:lle (KB916281)
Päivitys Windows XP:lle (KB916595)
Suojauspäivitys Windows XP:lle (KB917159)
Suojauspäivitys Windows XP:lle (KB917344)
Suojauspäivitys Windows XP:lle (KB917422)
Suojauspäivitys Windows Media Player 10:lle (KB917734)
Suojauspäivitys Windows XP:lle (KB917953)
Suojauspäivitys Windows XP:lle (KB918118)
Suojauspäivitys Windows XP:lle (KB918439)
Suojauspäivitys Windows XP:lle (KB918899)
Suojauspäivitys Windows XP:lle (KB919007)
Suojauspäivitys Windows XP:lle (KB920213)
Suojauspäivitys Windows XP:lle (KB920214)
Suojauspäivitys Windows XP:lle (KB920670)
Suojauspäivitys Windows XP:lle (KB920683)
Suojauspäivitys Windows XP:lle (KB920685)
Päivitys Windows XP:lle (KB920872)
Suojauspäivitys Windows XP:lle (KB921398)
Suojauspäivitys Windows XP:lle (KB921503)
Suojauspäivitys Windows XP:lle (KB921883)
Päivitys Windows XP:lle (KB922582)
Suojauspäivitys Windows XP:lle (KB922616)
Suojauspäivitys Windows XP:lle (KB922760)
Suojauspäivitys Windows XP:lle (KB922819)
Suojauspäivitys Windows XP:lle (KB923191)
Suojauspäivitys Windows XP:lle (KB923414)
Suojauspäivitys ohjelmistolle Windows XP (KB923689)
Suojauspäivitys Windows XP:lle (KB923694)
Suojauspäivitys Windows XP:lle (KB923980)
Suojauspäivitys Windows XP:lle (KB924191)
Suojauspäivitys Windows XP:lle (KB924270)
Suojauspäivitys Windows XP:lle (KB924496)
Suojauspäivitys Windows XP:lle (KB924667)
Suojauspäivitys Windows Media Player 6.4:lle (KB925398)
Suojauspäivitys Windows XP:lle (KB925454)
Suojauspäivitys Windows XP:lle (KB925486)
Suojauspäivitys Windows XP:lle (KB925902)
Suojauspäivitys Windows XP:lle (KB926255)
Suojauspäivitys Windows XP:lle (KB926436)
Suojauspäivitys Windows XP:lle (KB927779)
Suojauspäivitys Windows XP:lle (KB927802)
Päivitys Windows XP:lle (KB927891)
Suojauspäivitys Windows XP:lle (KB928090)
Suojauspäivitys Windows XP:lle (KB928255)
Microsoft .NET Framework 2.0 -tuotteen Security Update (KB928365)
Suojauspäivitys Windows XP:lle (KB928843)
Suojauspäivitys Windows XP:lle (KB929123)
Päivitys Windows XP:lle (KB929338)
Suojauspäivitys Windows XP:lle (KB929969)
Suojauspäivitys Windows XP:lle (KB930178)
Päivitys Windows XP:lle (KB930916)
Suojauspäivitys Windows XP:lle (KB931261)
Suojauspäivitys Windows XP:lle (KB931768)
Suojauspäivitys Windows XP:lle (KB931784)
Päivitys Windows XP:lle (KB931836)
Security Update for CAPICOM (KB931906)
Suojauspäivitys Windows XP:lle (KB932168)
Päivitys Windows XP:lle (KB933360)
Suojauspäivitys Windows XP:lle (KB933566)
Suojauspäivitys Windows XP:lle (KB933729)
Suojauspäivitys Windows XP:lle (KB935839)
Suojauspäivitys Windows XP:lle (KB935840)
Suojauspäivitys Windows XP:lle (KB936021)
Suojauspäivitys Windows Media Player 10:lle (KB936782)
Suojauspäivitys Windows XP:lle (KB937143)
Suojauspäivitys Windows XP:lle (KB937894)
Suojauspäivitys Windows XP:lle (KB938127)
Päivitys Windows XP:lle (KB938828)
Suojauspäivitys Windows XP:lle (KB938829)
Suojauspäivitys Windows XP:lle (KB939653)
Suojauspäivitys Windows XP:lle (KB941202)
Suojauspäivitys Windows XP:lle (KB941568)
Suojauspäivitys ohjelmistolle Windows XP (KB941569)
Suojauspäivitys Windows XP:lle (KB941644)
Suojauspäivitys Windows XP:lle (KB942615)
Päivitys Windows XP:lle (KB942763)
Päivitys Windows XP:lle (KB942840)
Suojauspäivitys Windows XP:lle (KB943055)
Suojauspäivitys Windows XP:lle (KB943460)
Suojauspäivitys Windows XP:lle (KB943485)
Suojauspäivitys Windows XP:lle (KB944533)
Suojauspäivitys Windows XP:lle (KB944653)
Suojauspäivitys Windows XP:lle (KB946026)
Päivitys Windows XP:lle (KB946627)
LQfix 2.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - FIN
Mixkello Screen Saver
Mozilla Firefox (3.0.1)
Nero OEM
NeroVision Express 2
Nero Media Player
LiveUpdate (Symantec Corporation)
RealPlayer
S3Display
S3Gamma2
S3Info2
S3Overlay
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster v3.5.1
Norton Internet Security (Symantec Corporation)
Trojan Remover 6.6.8
TrojanHunter 5.0
VIA Audio Driver Setup Program
VideoLAN VLC media player 0.8.2
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
Winamp (remove only)
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 2
WinRAR archiver
Microsoft Office 2000 Professional
Security Update for CAPICOM (KB931906)
SymNet
Component Framework
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
Java(TM) SE Runtime Environment 6 Update 1
MSXML 4.0 SP2 (KB927978)
Nokia Connectivity Cable Driver
NETGEAR WG111v3 wireless USB 2.0 adapter
Norton Confidential Core
Nokia PC Suite
Norton Protection Center
Windows Genuine Advantage v1.3.0254.0
Microsoft .NET Framework 2.0
Microsoft Visual C++ 2005 Redistributable
Symantec Real Time Storage Protection Component
Apple Software Update
SPBBC 32bit
Norton AntiVirus
Ad-Aware SE Personal
Windows Defender Signatures
Microsoft .NET Framework 2.0 Language Pack - FIN
MSN Messenger 7.0
Adobe Reader 7.0.8 - Suomi
Adobe Reader 7.0.5 Language Support
ccCommon
Norton Internet Security
SUPERAntiSpyware Free Edition
Norton AntiVirus Help
LiveUpdate (Symantec Corporation)
AppCore
EasyCleaner
Windows Live Sign-in Assistant
World of Warcraft Trial

Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Tietoturvakeskus
START_TYPE : 4 DISABLED

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automaattiset päivitykset
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : Järjestelmän palauttaminen -palvelu
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"FirewallOverride"=dword:00000000
"AntiVirusOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="5000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"

ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

Environment:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\GTK\2.0\bin
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
LANG REG_SZ fi

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0

Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"

Non-Default IFEO Debugger:

Non-Default Installed Components:

Non-Default Safeboot Minimal:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\avg anti-spyware driver
<NO NAME> REG_SZ Driver

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\avg anti-spyware guard
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\kmreg
<NO NAME> REG_SZ Event log

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ntlclipc
<NO NAME> REG_SZ Event log

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\scprtn
<NO NAME> REG_SZ Service

File Associations:

[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\System32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -requestPending -osint -url \"%1\""

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"

Finished!

Hujo · Sep 13, 2008

Javan päivitys ja välimuistin tyhjennys:

Lataa JavaRa ja pura se työpöydällesi.

***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***

* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.
4. Asenna uusin Java päivitys seuraavasta linkistä..

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 7
Paina Download
Laita Platform -kohtaan Windows
Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue
Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe

Tallenna tiedosto vaikka työpöydälle ja asenna se.

5. Käynnistä kone uudelleen asennuksen jälkeen.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:
* Applications and Applets
* Trace and Log Files

Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically
Valitse Never check
11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.

jartsa32 · Sep 13, 2008

malwaresta hukkakasin koko login,mutta tän löysin.

Malwarebytes' Anti-Malware 1.27
Tietokantaversio: 1127
Windows 5.1.2600 Service Pack 2

13.9.2008 17:01:36
mbam-log-2008-09-13 (17-01-36).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 77354
Kulunut aika: 2 hour(s), 19 minute(s), 37 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 1

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\WINDOWS\system32\vcmgcd32.dll (Trojan.Agent) -> Delete on reboot.

Hujo · Sep 13, 2008

Lataa Tästä Ccleaner
CCleaner v2.05.555- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
Asennuksen jälkeen aukaise CCleaner.
Valitse vasemmalta pystyrivistä Options.
Valitse viereisestä pystyrivistä Settings.
Language kohtaan valitse Suomi.

Puhdistaja
Valitse vasemmalta pystyrivistä Puhdistaja.
Paina alhaalta Tutki.
Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaner poistaa löydetyt tempit, cookiessit jne.

Rekisterin virheiden korjaus
Valitse vasemmalta pystyrivistä Rekisteri.
Paina alhaalta Etsi rekisterin virheitä.
Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
Saat vielä varmistus kysymyksen, paina Ok.
Kun virheet on korjattu, paina Sulje.
Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.

=============

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

==============

Mites kone toimii

jartsa32 · Sep 13, 2008

kone toimii netissä ihan mukavasti taas vaihteeks.
tässä javara loki

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Sep 13 22:12:27 2008

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.5.0_09

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150090}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_09\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.

Hujo · Sep 13, 2008

otetaas tuo

Luo poistolista:
• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta ketjuusi

jartsa32 · Sep 13, 2008

hijackthis

AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.8 - Suomi
Adobe Shockwave Player
Advanced WindowsCare
AppCore
Apple Software Update
BSPlayer
ccCommon
CCleaner (remove only)
Component Framework
EasyCleaner
ffdshow
HijackThis 2.0.2
Java(TM) SE Development Kit 6 Update 7
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LQfix 2.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - FIN
Microsoft .NET Framework 2.0 -tuotteen Security Update (KB928365)
Microsoft Office 2000 Professional
Microsoft Visual C++ 2005 Redistributable
Mixkello Screen Saver
Mozilla Firefox (3.0.1)
MSN Messenger 7.0
MSXML 4.0 SP2 (KB927978)
Nero Media Player
Nero OEM
NeroVision Express 2
NETGEAR WG111v3 wireless USB 2.0 adapter
Nokia Connectivity Cable Driver
Nokia PC Suite
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
Päivitys Windows XP:lle (KB900485)
Päivitys Windows XP:lle (KB910437)
Päivitys Windows XP:lle (KB920872)
Päivitys Windows XP:lle (KB922582)
Päivitys Windows XP:lle (KB927891)
Päivitys Windows XP:lle (KB929338)
Päivitys Windows XP:lle (KB930916)
Päivitys Windows XP:lle (KB931836)
Päivitys Windows XP:lle (KB933360)
Päivitys Windows XP:lle (KB942763)
Päivitys Windows XP:lle (KB942840)
Päivitys Windows XP:lle (KB946627)
RealPlayer
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
SPBBC 32bit
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster v3.5.1
Suojauspäivitys ohjelmistolle Windows XP (KB923689)
Suojauspäivitys ohjelmistolle Windows XP (KB941569)
Suojauspäivitys Windows Media Player 6.4:lle (KB925398)
Suojauspäivitys Windows XP:lle (KB901190)
Suojauspäivitys Windows XP:lle (KB905915)
Suojauspäivitys Windows XP:lle (KB908531)
Suojauspäivitys Windows XP:lle (KB911562)
Suojauspäivitys Windows XP:lle (KB911567)
Suojauspäivitys Windows XP:lle (KB912812)
Suojauspäivitys Windows XP:lle (KB913580)
Suojauspäivitys Windows XP:lle (KB917422)
Suojauspäivitys Windows XP:lle (KB918118)
Suojauspäivitys Windows XP:lle (KB918899)
Suojauspäivitys Windows XP:lle (KB919007)
Suojauspäivitys Windows XP:lle (KB920213)
Suojauspäivitys Windows XP:lle (KB920214)
Suojauspäivitys Windows XP:lle (KB920670)
Suojauspäivitys Windows XP:lle (KB920683)
Suojauspäivitys Windows XP:lle (KB920685)
Suojauspäivitys Windows XP:lle (KB921398)
Suojauspäivitys Windows XP:lle (KB921883)
Suojauspäivitys Windows XP:lle (KB922616)
Suojauspäivitys Windows XP:lle (KB922760)
Suojauspäivitys Windows XP:lle (KB923694)
Suojauspäivitys Windows XP:lle (KB923980)
Suojauspäivitys Windows XP:lle (KB924270)
Suojauspäivitys Windows XP:lle (KB924667)
Suojauspäivitys Windows XP:lle (KB925454)
Suojauspäivitys Windows XP:lle (KB925486)
Suojauspäivitys Windows XP:lle (KB925902)
Suojauspäivitys Windows XP:lle (KB926255)
Suojauspäivitys Windows XP:lle (KB926436)
Suojauspäivitys Windows XP:lle (KB927779)
Suojauspäivitys Windows XP:lle (KB927802)
Suojauspäivitys Windows XP:lle (KB928090)
Suojauspäivitys Windows XP:lle (KB928255)
Suojauspäivitys Windows XP:lle (KB928843)
Suojauspäivitys Windows XP:lle (KB929123)
Suojauspäivitys Windows XP:lle (KB929969)
Suojauspäivitys Windows XP:lle (KB930178)
Suojauspäivitys Windows XP:lle (KB931261)
Suojauspäivitys Windows XP:lle (KB931768)
Suojauspäivitys Windows XP:lle (KB931784)
Suojauspäivitys Windows XP:lle (KB932168)
Suojauspäivitys Windows XP:lle (KB933566)
Suojauspäivitys Windows XP:lle (KB933729)
Suojauspäivitys Windows XP:lle (KB935839)
Suojauspäivitys Windows XP:lle (KB935840)
Suojauspäivitys Windows XP:lle (KB937894)
Suojauspäivitys Windows XP:lle (KB939653)
Suojauspäivitys Windows XP:lle (KB941202)
Suojauspäivitys Windows XP:lle (KB941568)
Suojauspäivitys Windows XP:lle (KB941644)
Suojauspäivitys Windows XP:lle (KB942615)
Suojauspäivitys Windows XP:lle (KB943055)
Suojauspäivitys Windows XP:lle (KB943460)
Suojauspäivitys Windows XP:lle (KB943485)
Suojauspäivitys Windows XP:lle (KB944533)
Suojauspäivitys Windows XP:lle (KB944653)
Suojauspäivitys Windows XP:lle (KB946026)
SUPERAntiSpyware Free Edition
SymNet
Trojan Remover 6.6.8
TrojanHunter 5.0
VIA Audio Driver Setup Program
VideoLAN VLC media player 0.8.2
Winamp (remove only)
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver

Hujo · Sep 13, 2008

annetaas koneelle vähän ilmaa

Poista lisää poista sovelutuksesta

Trojan Remover 6.6.8
TrojanHunter 5.0
SUPERAntiSpyware Free Edition
Spybot - Search & Destroy 1.5.2.20

================

Poista kansiot vikasiedossa

C:\Program Files\Spybot - Search & Destroy
C:\Program Files\SUPERAntiSpyware
C:\Program Files\Trojan Remover
C:\Program Files\TrojanHunter 5.0

================

ai niin et poäässyt vikasietotilaan

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

File::
C:\Documents and Settings\Jartsa\Application Data\SUPERAntiSpyware.com

Folder::
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\SUPERAntiSpyware
C:\Program Files\Trojan Remover
C:\Program Files\TrojanHunter 5.0

Click to expand...

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

jartsa32 · Sep 14, 2008

moro taas tuli tälläinen loki.

ComboFix 08-09-12.06 - Jartsa 2008-09-14 11:24:03.2 - NTFSx86
Sijainti: C:\Documents and Settings\Jartsa\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jartsa\Työpöytä\CFScript.txt

VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Spybot - Search & Destroy\advcheck.dll
C:\Program Files\Spybot - Search & Destroy\aports.dll
C:\Program Files\Spybot - Search & Destroy\blindman.exe
C:\Program Files\Spybot - Search & Destroy\borlndmm.dll
C:\Program Files\Spybot - Search & Destroy\Default configuration.ini
C:\Program Files\Spybot - Search & Destroy\delphimm.dll
C:\Program Files\Spybot - Search & Destroy\Dummies\dummy.cd_clint.dll
C:\Program Files\Spybot - Search & Destroy\Dummies\dummy.dap.gif
C:\Program Files\Spybot - Search & Destroy\Dummies\dummy.data.xml
C:\Program Files\Spybot - Search & Destroy\Dummies\dummy.default.gif
C:\Program Files\Spybot - Search & Destroy\Dummies\dummy.related.htm
C:\Program Files\Spybot - Search & Destroy\Help\Deutsch.license.txt
C:\Program Files\Spybot - Search & Destroy\Help\English.chm
C:\Program Files\Spybot - Search & Destroy\Help\English.license.txt
C:\Program Files\Spybot - Search & Destroy\Help\English.Resident.chm
C:\Program Files\Spybot - Search & Destroy\Help\Francais.license.txt
C:\Program Files\Spybot - Search & Destroy\Help\Italiano.license.txt
C:\Program Files\Spybot - Search & Destroy\Includes\Adware.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\AdwareC.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\AdvWhite.sbs
C:\Program Files\Spybot - Search & Destroy\Includes\Browserpages.sbs
C:\Program Files\Spybot - Search & Destroy\Includes\CLSIDs.sbs
C:\Program Files\Spybot - Search & Destroy\Includes\Cookies.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\Cookies.sbs
C:\Program Files\Spybot - Search & Destroy\Includes\Dialer.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\Dialer.sbs
C:\Program Files\Spybot - Search & Destroy\Includes\DialerC.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\Domains.sbs
C:\Program Files\Spybot - Search & Destroy\Includes\FPFix.sbs
C:\Program Files\Spybot - Search & Destroy\Includes\HeavyDuty.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\Hijackers.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\HijackersC.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\Keyloggers.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\KeyloggersC.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\Logs.uts
C:\Program Files\Spybot - Search & Destroy\Includes\LSP.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\LSP.sbs
C:\Program Files\Spybot - Search & Destroy\Includes\Malware.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\OperaPlugins.sbs
C:\Program Files\Spybot - Search & Destroy\Includes\ProcWatch.sbs
C:\Program Files\Spybot - Search & Destroy\Includes\PUPS.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\PUPSC.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\RegDFLinks.sbs
C:\Program Files\Spybot - Search & Destroy\Includes\RegWatch.sbs
C:\Program Files\Spybot - Search & Destroy\Includes\Revision.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\Revision.sbs
C:\Program Files\Spybot - Search & Destroy\Includes\Searchpages.sbs
C:\Program Files\Spybot - Search & Destroy\Includes\Security.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\SecurityC.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs
C:\Program Files\Spybot - Search & Destroy\Includes\Spybots.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\SpybotsC.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\Spyware.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\SpywareC.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\Startup.tnfo
C:\Program Files\Spybot - Search & Destroy\Includes\Targets.nfo
C:\Program Files\Spybot - Search & Destroy\Includes\Tracks.uti
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi
C:\Program Files\Spybot - Search & Destroy\Includes\URL-Blacklist.sbs
C:\Program Files\Spybot - Search & Destroy\Includes\X509White.sbs
C:\Program Files\Spybot - Search & Destroy\Languages\Deutsch.sbl
C:\Program Files\Spybot - Search & Destroy\Languages\English.sbl
C:\Program Files\Spybot - Search & Destroy\Languages\Espanol.sbl
C:\Program Files\Spybot - Search & Destroy\Languages\Francais.sbl
C:\Program Files\Spybot - Search & Destroy\Languages\Italiano.sbl
C:\Program Files\Spybot - Search & Destroy\messages.zres
C:\Program Files\Spybot - Search & Destroy\OptOut.ini
C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
C:\Program Files\Spybot - Search & Destroy\Skins\Colorblind.ini
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\Suomi.sbl
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\Tools.dll
C:\Program Files\Spybot - Search & Destroy\unins000.dat
C:\Program Files\Spybot - Search & Destroy\unins000.exe
C:\Program Files\Spybot - Search & Destroy\UnzDll.dll
C:\Program Files\Spybot - Search & Destroy\Update.exe
C:\Program Files\Spybot - Search & Destroy\Updates\advcheck152.zip
C:\Program Files\Spybot - Search & Destroy\Updates\advcheck153.zip
C:\Program Files\Spybot - Search & Destroy\Updates\clsid.zip
C:\Program Files\Spybot - Search & Destroy\Updates\desc.english.zip
C:\Program Files\Spybot - Search & Destroy\Updates\downloaded.ini
C:\Program Files\Spybot - Search & Destroy\Updates\fpfix.zip
C:\Program Files\Spybot - Search & Destroy\Updates\help.english.zip
C:\Program Files\Spybot - Search & Destroy\Updates\helpres.english.zip
C:\Program Files\Spybot - Search & Destroy\Updates\includes.dialer.zip
C:\Program Files\Spybot - Search & Destroy\Updates\includes.hijackers.zip
C:\Program Files\Spybot - Search & Destroy\Updates\includes.keyloggers.zip
C:\Program Files\Spybot - Search & Destroy\Updates\includes.malware.zip
C:\Program Files\Spybot - Search & Destroy\Updates\includes.pups.zip
C:\Program Files\Spybot - Search & Destroy\Updates\includes.security.zip
C:\Program Files\Spybot - Search & Destroy\Updates\includes.spybots.zip
C:\Program Files\Spybot - Search & Destroy\Updates\includes.trojans.zip
C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
C:\Program Files\Spybot - Search & Destroy\Updates\mainapp152.zip
C:\Program Files\Spybot - Search & Destroy\Updates\online.ini
C:\Program Files\Spybot - Search & Destroy\Updates\plugtcpip.zip
C:\Program Files\Spybot - Search & Destroy\Updates\sbsd152upd.exe
C:\Program Files\Spybot - Search & Destroy\Updates\skins.main.zip
C:\Program Files\Spybot - Search & Destroy\Updates\startup.zip
C:\Program Files\Spybot - Search & Destroy\Updates\supplemental.zip
C:\Program Files\Spybot - Search & Destroy\Updates\tools15.zip
C:\Program Files\Spybot - Search & Destroy\Updates\tools212.zip
C:\Program Files\Spybot - Search & Destroy\ZipDll.dll
C:\Program Files\SUPERAntiSpyware
C:\Program Files\SUPERAntiSpyware\BootSafe.exe
C:\Program Files\SUPERAntiSpyware\deupx.dll
C:\Program Files\SUPERAntiSpyware\msvcr71.dll
C:\Program Files\SUPERAntiSpyware\Plugins\sab_incr.dll
C:\Program Files\SUPERAntiSpyware\Plugins\sab_mapi.dll
C:\Program Files\SUPERAntiSpyware\Plugins\sab_wab.dll
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
C:\Program Files\SUPERAntiSpyware\sasdifsv.sys
C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
C:\Program Files\SUPERAntiSpyware\SASREPAIRS.STG
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
C:\Program Files\SUPERAntiSpyware\SSUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.chm
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trojan Remover
C:\Program Files\Trojan Remover\Rmvtrjan.exe
C:\Program Files\Trojan Remover\Sschk.exe
C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trshlex.dll
C:\Program Files\Trojan Remover\trunins.exe
C:\Program Files\Trojan Remover\trupd.exe
C:\Program Files\Trojan Remover\unins000.exe
C:\Program Files\TrojanHunter 5.0
C:\Program Files\TrojanHunter 5.0\contmenu.dll
C:\Program Files\TrojanHunter 5.0\IL.ini
C:\Program Files\TrojanHunter 5.0\InstallLicense.exe
C:\Program Files\TrojanHunter 5.0\Options.cfg
C:\Program Files\TrojanHunter 5.0\RuleFiles\Gen.dll
C:\Program Files\TrojanHunter 5.0\RuleFiles\LiveUpdate.ini
C:\Program Files\TrojanHunter 5.0\SubmitFiles\SubmitFiles.exe
C:\Program Files\TrojanHunter 5.0\thcl.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\TrojanHunter 5.0\THSec.dll
C:\Program Files\TrojanHunter 5.0\thshlicons.dll
C:\Program Files\TrojanHunter 5.0\Tools.ini
C:\Program Files\TrojanHunter 5.0\Tools\Autostart Explorer\AutostartExplorer.exe
C:\Program Files\TrojanHunter 5.0\Tools\Autostart Explorer\Descriptions.ini
C:\Program Files\TrojanHunter 5.0\Tools\LiveUpdate\LiveUpdate.exe
C:\Program Files\TrojanHunter 5.0\Tools\MemString\MemString.exe
C:\Program Files\TrojanHunter 5.0\Tools\Netstat Viewer\NetstatViewer.exe
C:\Program Files\TrojanHunter 5.0\Tools\Process Viewer\ProcessViewer.exe
C:\Program Files\TrojanHunter 5.0\Tools\Window List\WindowList.exe
C:\Program Files\TrojanHunter 5.0\TrojanHunter.exe
C:\Program Files\TrojanHunter 5.0\unins000.exe
C:\Program Files\TrojanHunter 5.0\unrar.dll
C:\Program Files\TrojanHunter 5.0\UnUpx.dll
C:\Program Files\TrojanHunter 5.0\unzdll.dll
C:\Program Files\TrojanHunter 5.0\ZipDll.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-08-14 to 2008-09-14 )))))))))))))))))
.

2008-09-13 19:49 . 2008-09-13 19:49 <KANSIO> d--h----- C:\Documents and Settings\Jartsa\Verkkoympäristö
2008-09-13 17:25 . 2008-09-13 21:11 <KANSIO> d-------- C:\SDFix
2008-09-13 14:10 . 2008-09-13 14:10 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-13 14:10 . 2008-09-13 14:10 <KANSIO> d-------- C:\Documents and Settings\Jartsa\Application Data\Malwarebytes
2008-09-13 14:10 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-13 14:10 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-12 23:01 . 2008-09-13 23:32 109 --a------ C:\WINDOWS\system32\sysdnc.dat
2008-09-12 22:23 . 2007-11-22 01:12 4,286 --a------ C:\WINDOWS\system32\sentrylite.ico
2008-09-12 22:20 . 2008-09-12 22:50 155 --a------ C:\WINDOWS\system32\suntfs.nfx
2008-09-12 22:09 . 2008-09-12 22:21 10,416 --a------ C:\WINDOWS\system32\spnetrm.nfx
2008-09-12 22:09 . 2008-09-12 22:21 10,416 --a------ C:\WINDOWS\system32\sbnetkey.sys
2008-09-12 22:05 . 2008-09-09 23:19 5,268,992 --a------ C:\WINDOWS\system32\GCCollectiong.dll
2008-09-09 23:22 . 2008-09-09 23:22 83,968 --a------ C:\WINDOWS\system32\rpcrts4.dll
2008-09-09 23:22 . 2008-09-09 23:22 77,824 --a------ C:\WINDOWS\system32\rdpcfcnex.dll
2008-09-09 23:21 . 2008-09-09 23:21 196,608 --a------ C:\WINDOWS\system32\rdpdds.dll
2008-09-09 23:21 . 2008-09-09 23:21 47,104 --a------ C:\WINDOWS\system32\sxssupl.dll
2008-09-09 14:48 . 2008-09-09 14:49 <KANSIO> dr------- C:\Documents and Settings\Jartsa\Omat tiedostot
2008-09-09 14:01 . 2003-07-06 14:07 372,736 --a------ C:\WINDOWS\system32\IJL_11.DLL
2008-09-09 14:01 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-09-09 11:56 . 2008-09-09 11:57 <KANSIO> d-------- C:\Documents and Settings\Jartsa\Application Data\SUPERAntiSpyware.com
2008-09-09 11:24 . 2008-09-12 21:51 <KANSIO> dr------- C:\Documents and Settings\Jartsa\Suosikit
2008-09-09 11:13 . 2008-09-13 23:30 <KANSIO> d-------- C:\Program Files\Java
2008-09-09 11:13 . 2008-09-09 11:13 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-09-09 11:12 . 2008-09-09 11:12 <KANSIO> d-------- C:\Documents and Settings\Jartsa\Application Data\Simply Super Software
2008-09-09 11:12 . 2008-09-09 11:12 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-09-09 11:00 . 2008-09-09 11:00 <KANSIO> d-------- C:\Program Files\Common Files\Totem Shared
2008-09-09 10:54 . 2008-09-09 11:41 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-09-09 09:55 . 2008-09-09 09:55 <KANSIO> d-------- C:\Program Files\Microsoft AntiSpyware
2008-09-09 09:55 . 2008-09-09 09:55 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2008-09-09 09:55 . 2008-09-09 09:55 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-09-09 09:55 . 2008-09-09 11:11 <KANSIO> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-09-09 09:55 . 2008-09-09 10:43 <KANSIO> d-------- C:\Documents and Settings\Jartsa\Application Data\Hamachi
2008-09-09 09:54 . 2008-09-09 09:54 <KANSIO> d--h----- C:\Documents and Settings\Jartsa\Tulostinympäristö
2008-09-09 09:54 . 2008-09-09 10:44 <KANSIO> d--h----- C:\Documents and Settings\Jartsa\Recent(2)
2008-09-09 09:54 . 2008-09-09 09:54 <KANSIO> d--h----- C:\Documents and Settings\Jartsa\Mallit
2008-09-09 09:54 . 2008-09-09 09:54 <KANSIO> dr------- C:\Documents and Settings\Jartsa\Käynnistä-valikko
2008-09-09 09:54 . 2008-09-09 09:54 <KANSIO> d-------- C:\Documents and Settings\Jartsa\Application Data\TrojanHunter
2008-09-09 09:54 . 2008-09-09 09:54 <KANSIO> d-------- C:\Documents and Settings\Jartsa\Application Data\TeamViewer
2008-09-09 09:54 . 2008-09-09 09:54 <KANSIO> d-------- C:\Documents and Settings\Jartsa\Application Data\Symantec
2008-09-09 09:53 . 2008-09-14 11:23 <KANSIO> d-------- C:\Documents and Settings\Jartsa\Työpöytä
2008-09-09 09:53 . 2008-09-13 23:31 <KANSIO> d-------- C:\Documents and Settings\Jartsa
2008-09-08 10:45 . 2005-06-02 12:01 179,712 --a------ C:\WINDOWS\system32\ConnAPI.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-14 08:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-14 08:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-12 19:49 --------- d--h--w C:\Program Files\Eeyguxgwodxkm
2008-09-12 19:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-09 08:12 --------- d-----w C:\Program Files\Common Files\Java(2)
2008-09-09 08:02 --------- d-----w C:\Program Files\Lavasoft
2008-09-09 08:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-09 08:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-09 08:00 --------- d---a-w C:\Program Files\Webteh
2008-09-09 07:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-09 06:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-09 06:50 --------- d-----w C:\Program Files\Winamp
2008-07-17 08:24 --------- d-----w C:\Program Files\SpywareBlaster
2007-06-08 18:40 8 -csh--r C:\WINDOWS\system32\29FBA64F40.dll
.

((((((((((((((((((((((((((((( snapshot@2008-09-13_13.42.32.97 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-13 21:31:24 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 22:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-03-13 21:31:28 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 22:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-03-13 23:04:46 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-09 23:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D84AC30-5186-4CD9-8FD8-4A1382D5F0F3}]
2008-09-09 23:22 118784 --a------ C:\WINDOWS\system32\odbcjta32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 714608]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\msjterr40.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KmReg]
@="Event log"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NtLclIpc]
@="Event log"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Scprtn]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009

R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
R3 XDva009;XDva009;C:\WINDOWS\system32\DRIVERS\XDva009.syS []
R4 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe []
R4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.syS []
S0 ndisrd;ndisrd;C:\WINDOWS\system32\DRIVERS\ndisrd.syS [2005-04-04 17:25]
S0 pxark;pxark;C:\WINDOWS\System32\drivers\pxark.sys [2008-06-08 19:33]
S1 KmReg;System kernel configuration;C:\WINDOWS\system32\ntdosa412.sys [2008-09-09 23:21]
S1 NtLclIpc;Remote Procedure Call RT4s;C:\WINDOWS\system32\ntiot404.sys [2008-09-09 23:21]
S2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 12:02]
S2 Scprtn;System kernel integrity service;C:\WINDOWS\system32\ftpa.exe [2008-09-09 23:21]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]

*Newly Created Service* - COMHOST
.
'Ajoitetut tehtävät'-kansion sisältö
.
- - - - POISTETUT JÄMÄRIVIT - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-14 11:30:19
Windows 5.1.2600 Service Pack 2 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2008-09-14 11:35:47
ComboFix-quarantined-files.txt 2008-09-14 08:35:17
ComboFix2.txt 2008-09-13 10:44:24

Pre-Run: 133,177,434,112 tavua vapaana
Post-Run: 133,139,214,336 tavua vapaana

313

Hujo · Sep 14, 2008

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

jartsa32 · Sep 14, 2008

sain ladattua ja purettua escannin,mutta se ei aukea

Hujo · Sep 14, 2008

olekos päivtittänyt

jartsa32 · Sep 14, 2008

päivitin ja ilmoitti että avaa escannin kun päivitys valmis mutta ei avannut

Hujo · Sep 14, 2008

mene resusinhallintaan kapensky kansio avaa

etsi mwavscan tuplalikkaa sitä

Log in or Sign up

kone tökkii

jartsa32 Regular member

Hujo Guest

jartsa32 Regular member

Hujo Guest

jartsa32 Regular member

Hujo Guest

jartsa32 Regular member

Hujo Guest

jartsa32 Regular member

Hujo Guest

jartsa32 Regular member

Hujo Guest

jartsa32 Regular member

Hujo Guest

jartsa32 Regular member

Hujo Guest

jartsa32 Regular member

Hujo Guest

jartsa32 Regular member

Hujo Guest

Share This Page

Log in or Sign up

kone tökkii

jartsa32 Regular member

Hujo Guest

jartsa32 Regular member

Hujo Guest

jartsa32 Regular member

Hujo Guest

jartsa32 Regular member

Hujo Guest

jartsa32 Regular member

Hujo Guest

jartsa32 Regular member

Hujo Guest

jartsa32 Regular member

Hujo Guest

jartsa32 Regular member

Hujo Guest

jartsa32 Regular member

Hujo Guest

jartsa32 Regular member

Hujo Guest

Share This Page

Useful Searches