mese virus yritin poistaa ei onnistu tässä loki

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:07, on 15.6.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\schtasks.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hp\kbd\kbd.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9152 bytes

 

1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:

3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u6

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files

Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

 

ComboFix 08-06-12.2 - tomppa 2008-06-15 21:34:24.5 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.1965 [GMT 3:00]
Running from: C:\Users\tomppa\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Fonts\CALIBRIB.TTF . . . . poisto epäonnistui
.
---- Previous Run -------
.

C:\Windows\Fonts\CALIBRIB.TTF . . . . poisto epäonnistui

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-15 to 2008-06-15 )))))))))))))))))
.

2008-06-15 21:33 . 2008-06-15 21:34 <KANSIO> d-------- C:\327882R2FWJFW
2008-06-15 20:57 . 2008-06-15 20:57 <KANSIO> d-------- C:\Program Files\IObit
2008-06-15 20:38 . 2008-06-15 20:40 <KANSIO> d-------- C:\Users\All Users\Lavasoft
2008-06-15 20:38 . 2008-06-15 20:40 <KANSIO> d-------- C:\ProgramData\Lavasoft
2008-06-15 20:38 . 2008-06-15 20:38 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-06-15 20:37 . 2008-06-15 20:37 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 16:46 . 2008-06-15 16:46 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-15 12:44 . 2008-06-15 12:44 <KANSIO> d-------- C:\Users\tomppa\AppData\Roaming\Simply Super Software
2008-06-15 12:44 . 2008-06-15 12:44 <KANSIO> d-------- C:\Users\All Users\Simply Super Software
2008-06-15 12:44 . 2008-06-15 12:44 <KANSIO> d-------- C:\ProgramData\Simply Super Software
2008-06-15 12:44 . 2008-06-15 12:45 <KANSIO> d-------- C:\Program Files\Trojan Remover
2008-06-15 12:44 . 2006-05-25 15:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
2008-06-15 12:44 . 2003-02-02 20:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll
2008-06-15 12:44 . 2005-08-26 01:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2008-06-15 12:44 . 2002-03-06 01:00 75,264 --a------ C:\Windows\System32\unacev2.dll
2008-06-15 12:44 . 2006-06-19 13:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2008-06-15 10:41 . 2008-04-23 07:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-15 10:41 . 2008-04-23 07:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-15 10:41 . 2008-04-23 07:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-15 10:41 . 2008-04-23 07:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 23:54 . 2008-06-15 13:03 402,702,674 --a------ C:\Windows\MEMORY.DMP
2008-06-14 23:46 . 2008-06-14 23:46 <KANSIO> d-------- C:\Users\tomppa\AppData\Roaming\Malwarebytes
2008-06-14 23:46 . 2008-06-14 23:46 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-06-14 23:46 . 2008-06-14 23:46 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-06-14 23:46 . 2008-06-14 23:46 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 23:46 . 2008-06-10 19:02 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-14 23:46 . 2008-06-10 19:02 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-14 23:27 . 2008-06-14 23:27 <KANSIO> d-------- C:\VundoFix Backups
2008-06-14 23:21 . 2008-06-14 23:21 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-14 18:08 . 2008-06-14 18:16 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-14 18:08 . 2008-06-14 18:16 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-14 18:08 . 2008-06-14 18:08 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-14 17:19 . 2008-06-14 17:19 <KANSIO> d-------- C:\PerfLogs
2008-06-14 10:18 . 2008-06-14 10:18 <KANSIO> d-------- C:\Users\Meeri\AppData\Roaming\PC Suite
2008-06-14 00:30 . 2008-06-14 00:30 <KANSIO> d-------- C:\Users\Hanna\AppData\Roaming\PlayFirst
2008-06-14 00:29 . 2008-06-14 00:52 <KANSIO> d-a------ C:\Users\All Users\TEMP
2008-06-14 00:29 . 2008-06-14 00:52 <KANSIO> d-a------ C:\ProgramData\TEMP
2008-06-14 00:28 . 2008-06-14 00:29 <KANSIO> d-------- C:\Program Files\Shockwave.com
2008-06-14 00:17 . 2008-06-14 00:17 <KANSIO> d-------- C:\Users\Hanna\AppData\Roaming\PC Suite
2008-06-14 00:17 . 2008-06-14 00:17 <KANSIO> d-------- C:\Users\Hanna\AppData\Roaming\Nero
2008-06-13 19:29 . 2008-06-13 19:29 <KANSIO> d-------- C:\Users\Meeri\AppData\Roaming\Nero
2008-06-13 19:05 . 2008-06-13 19:05 <KANSIO> d-------- C:\Program Files\NeroInstall.bak
2008-06-13 18:38 . 2008-06-13 18:38 <KANSIO> d-------- C:\Users\tomppa\AppData\Roaming\Nero
2008-06-13 18:34 . 2008-06-13 18:34 <KANSIO> d-------- C:\Users\All Users\Nero
2008-06-13 18:34 . 2008-06-13 18:34 <KANSIO> d-------- C:\ProgramData\Nero
2008-06-13 18:34 . 2008-06-13 18:34 <KANSIO> d-------- C:\Program Files\Nero
2008-06-13 18:34 . 2008-06-13 18:36 <KANSIO> d-------- C:\Program Files\Common Files\Nero
2008-06-13 18:03 . 2008-06-13 18:03 <KANSIO> d-------- C:\puretut
2008-06-12 23:40 . 2008-06-12 23:40 <KANSIO> d-------- C:\Users\tomppa\AppData\Roaming\Nokia Multimedia Player
2008-06-12 21:44 . 2008-06-12 21:44 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-12 21:31 . 2008-06-12 22:40 <KANSIO> d-------- C:\Users\tomppa\AppData\Roaming\PC Suite
2008-06-12 21:31 . 2008-06-12 21:55 <KANSIO> d-------- C:\Users\tomppa\AppData\Roaming\Nokia
2008-06-12 21:31 . 2008-06-12 21:44 <KANSIO> d-------- C:\Users\All Users\PC Suite
2008-06-12 21:31 . 2008-06-12 21:44 <KANSIO> d-------- C:\ProgramData\PC Suite
2008-06-12 21:30 . 2008-06-12 21:30 <KANSIO> d-------- C:\Program Files\DIFX
2008-06-12 21:30 . 2008-06-12 21:30 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2008-06-12 21:30 . 2008-06-12 21:30 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-06-12 21:30 . 2007-09-17 15:53 21,632 --a------ C:\Windows\System32\drivers\pccsmcfd.sys
2008-06-12 21:27 . 2008-06-12 21:30 <KANSIO> d----c--- C:\Windows\System32\DRVSTORE
2008-06-12 21:27 . 2008-06-12 21:27 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2008-06-12 21:23 . 2008-06-12 21:30 <KANSIO> d-------- C:\Program Files\Nokia
2008-06-12 21:23 . 2007-11-29 10:32 48,128 --a------ C:\Windows\System32\nmwcdcls.dll
2008-06-12 21:19 . 2008-06-12 21:23 <KANSIO> d-------- C:\Users\All Users\Installations
2008-06-12 21:19 . 2008-06-12 21:23 <KANSIO> d-------- C:\ProgramData\Installations
2008-06-12 19:14 . 2008-06-12 19:14 <KANSIO> d-------- C:\Users\Hanna\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2008-06-12 09:37 . 2008-04-26 11:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-12 09:37 . 2008-05-10 04:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-12 09:36 . 2008-04-25 05:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-12 09:36 . 2008-04-25 07:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 08:40 . 2008-06-11 08:45 <KANSIO> d-------- C:\Users\Santtu\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2008-06-11 08:39 . 2008-06-11 08:39 <KANSIO> dr------- C:\Users\Santtu\Searches
2008-06-11 08:39 . 2008-06-11 08:39 <KANSIO> d-------- C:\Users\Santtu\AppData\Roaming\Symantec
2008-06-11 08:38 . 2008-06-11 08:39 <KANSIO> dr------- C:\Users\Santtu\Videos
2008-06-11 08:38 . 2008-06-11 08:39 <KANSIO> dr------- C:\Users\Santtu\Saved Games
2008-06-11 08:38 . 2008-06-11 08:44 <KANSIO> dr------- C:\Users\Santtu\Pictures
2008-06-11 08:38 . 2008-06-11 08:39 <KANSIO> dr------- C:\Users\Santtu\Music
2008-06-11 08:38 . 2008-06-11 08:39 <KANSIO> dr------- C:\Users\Santtu\Links
2008-06-11 08:38 . 2008-06-11 08:39 <KANSIO> dr------- C:\Users\Santtu\Downloads
2008-06-11 08:38 . 2008-06-11 08:39 <KANSIO> dr------- C:\Users\Santtu\Documents
2008-06-11 08:38 . 2008-06-11 08:38 <KANSIO> dr------- C:\Users\Santtu\Contacts
2008-06-11 08:38 . 2006-11-02 15:37 <KANSIO> d-------- C:\Users\Santtu\AppData\Roaming\Media Center Programs
2008-06-11 08:38 . 2008-06-11 08:39 <KANSIO> d--h----- C:\Users\Santtu\AppData
2008-06-11 08:38 . 2008-06-12 10:20 <KANSIO> d-------- C:\Users\Santtu
2008-06-10 18:59 . 2008-06-10 18:59 <KANSIO> d-------- C:\Users\All Users\Winamp Toolbar
2008-06-10 18:59 . 2008-06-10 19:00 <KANSIO> d-------- C:\Users\All Users\OrbNetworks
2008-06-10 18:59 . 2008-06-10 18:59 <KANSIO> d-------- C:\ProgramData\Winamp Toolbar
2008-06-10 18:59 . 2008-06-10 19:00 <KANSIO> d-------- C:\ProgramData\OrbNetworks
2008-06-10 18:59 . 2008-06-10 18:59 <KANSIO> d-------- C:\Program Files\Winamp Toolbar
2008-06-10 18:59 . 2008-06-10 18:59 <KANSIO> d-------- C:\Program Files\Winamp Remote
2008-06-10 18:57 . 2008-06-10 19:07 <KANSIO> d-------- C:\Users\tomppa\AppData\Roaming\Winamp
2008-06-10 18:57 . 2008-06-10 19:00 <KANSIO> d-------- C:\Program Files\Winamp
2008-06-10 18:57 . 2007-03-08 02:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-06-10 00:14 . 2008-06-10 00:14 <KANSIO> d--h----- C:\Users\All Users\CanonBJ
2008-06-10 00:14 . 2008-06-10 00:14 <KANSIO> d--h----- C:\ProgramData\CanonBJ
2008-06-09 23:48 . 2008-06-13 17:09 <KANSIO> d-------- C:\Users\Public\CyberLink
2008-06-06 21:52 . 2008-06-13 17:09 <KANSIO> d-------- C:\Users\tomppa\AppData\Roaming\CyberLink
2008-06-05 18:50 . 2008-06-05 18:50 <KANSIO> d-------- C:\Program Files\uTorrent
2008-06-05 18:49 . 2008-06-14 20:13 <KANSIO> d-------- C:\Users\tomppa\AppData\Roaming\uTorrent
2008-06-05 17:19 . 2008-06-05 17:19 <KANSIO> d-------- C:\Program Files\eMule
2008-06-04 16:42 . 2008-06-04 16:46 <KANSIO> d-------- C:\Users\Meeri\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2008-06-04 14:53 . 2008-01-19 10:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-06-04 14:52 . 2008-01-19 10:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-06-04 14:51 . 2008-01-19 10:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-06-04 14:50 . 2008-01-19 10:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-06-04 14:49 . 2008-01-19 09:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-06-04 14:48 . 2008-01-19 10:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-06-04 14:48 . 2008-01-19 10:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-06-04 14:48 . 2008-01-19 10:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-06-04 14:47 . 2008-01-19 10:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-06-04 14:47 . 2008-01-19 10:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-06-04 14:45 . 2008-01-19 10:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-06-04 14:45 . 2008-01-19 10:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-06-04 14:45 . 2008-01-19 10:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-06-04 14:45 . 2008-01-19 10:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-06-04 14:45 . 2006-11-02 12:39 6,656 --a------ C:\Windows\System32\kbd106.dll
2008-06-04 14:33 . 2008-06-04 14:33 <KANSIO> dr------- C:\Users\Meeri\Videos
2008-06-04 14:33 . 2008-06-04 14:33 <KANSIO> dr------- C:\Users\Meeri\Searches
2008-06-04 14:33 . 2008-06-04 14:33 <KANSIO> dr------- C:\Users\Meeri\Saved Games
2008-06-04 14:33 . 2008-06-11 13:13 <KANSIO> dr------- C:\Users\Meeri\Pictures
2008-06-04 14:33 . 2008-06-04 14:33 <KANSIO> dr------- C:\Users\Meeri\Music
2008-06-04 14:33 . 2008-06-04 14:33 <KANSIO> dr------- C:\Users\Meeri\Links
2008-06-04 14:33 . 2008-06-04 14:33 <KANSIO> dr------- C:\Users\Meeri\Downloads
2008-06-04 14:33 . 2008-06-05 13:22 <KANSIO> dr------- C:\Users\Meeri\Documents
2008-06-04 14:33 . 2008-06-05 13:22 <KANSIO> dr------- C:\Users\Meeri\Contacts
2008-06-04 14:33 . 2008-06-04 14:33 <KANSIO> d-------- C:\Users\Meeri\AppData\Roaming\Symantec

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 16:54 --------- d-----w C:\ProgramData\Symantec
2008-06-14 14:33 174 --sha-w C:\Program Files\desktop.ini
2008-06-14 14:25 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-14 14:25 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-14 14:25 --------- d-----w C:\Program Files\Windows Mail
2008-06-14 14:25 --------- d-----w C:\Program Files\Windows Journal
2008-06-14 14:25 --------- d-----w C:\Program Files\Windows Defender
2008-06-14 14:25 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-14 14:25 --------- d-----w C:\Program Files\Windows Calendar
2008-06-14 13:52 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-14 13:52 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-13 14:09 --------- d-----w C:\ProgramData\CyberLink
2008-06-06 18:52 --------- d-----w C:\ProgramData\HP
2008-06-03 08:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 20:24 --------- d-----w C:\Program Files\Norton Internet Security
2008-06-02 20:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-02 20:12 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-02 20:12 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-02 20:12 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-02 20:12 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-02 20:12 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-02 20:04 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-06-02 20:04 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-06-02 20:04 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-06-02 20:04 --------- d-----w C:\Program Files\Symantec
2008-06-02 19:40 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-06-02 19:35 --------- d-sh--w C:\ProgramData\Työpöytä
2008-06-02 19:35 --------- d-sh--w C:\ProgramData\Tiedostot
2008-06-02 19:35 --------- d-sh--w C:\ProgramData\Suosikit
2008-06-02 19:35 --------- d-sh--w C:\ProgramData\Mallit
2008-06-02 19:35 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
.

((((((((((((((((((((((((((((( snapshot_2008-06-15_18.42.38.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-15 15:37:14 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-15 18:39:49 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-15 17:38:25 1,038,336 ----a-r C:\Windows\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-06-15 17:38:25 178,688 ----a-r C:\Windows\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-06-15 17:38:25 171,008 ----a-r C:\Windows\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-06-15 17:38:25 8,704 ----a-r C:\Windows\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2008-06-15 18:39:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-15 18:39:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-15 15:37:48 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-06-15 18:42:27 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-06-15 18:42:27 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-15 15:37:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-15 18:42:27 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-15 18:42:27 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-15 15:06:12 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-15 17:57:52 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-15 15:06:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-15 17:57:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-15 15:06:12 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-15 17:57:52 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-07-11 11:37:26 6,272 ----a-w C:\Windows\System32\drivers\AWRTPD.sys
+ 2007-08-07 10:58:08 8,320 ----a-w C:\Windows\System32\drivers\AWRTRD.sys
+ 2007-08-07 10:56:58 9,344 ----a-w C:\Windows\System32\drivers\NSDriver.sys
+ 2007-12-14 09:32:52 12,632 ----a-w C:\Windows\System32\lsdelete.exe
- 2008-06-15 15:29:19 101,052 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-15 18:20:58 101,052 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-15 15:29:19 80,514 ----a-w C:\Windows\System32\perfc00B.dat
+ 2008-06-15 18:20:58 80,514 ----a-w C:\Windows\System32\perfc00B.dat
- 2008-06-15 15:29:19 586,980 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-15 18:20:58 586,980 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-15 15:29:19 435,392 ----a-w C:\Windows\System32\perfh00B.dat
+ 2008-06-15 18:20:58 435,392 ----a-w C:\Windows\System32\perfh00B.dat
- 2008-06-15 14:34:16 5,920 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3842399725-3064017292-2622520618-1000_UserData.bin
+ 2008-06-15 18:17:04 6,174 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3842399725-3064017292-2622520618-1000_UserData.bin
- 2008-06-15 14:34:16 53,780 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-15 18:35:08 54,216 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-15 14:33:54 34,396 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-15 16:37:51 35,330 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 01:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 16:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-06-02 23:04 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 01:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 01:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6457502C-73A2-41FA-9285-0BBD3F830EF9}"= C:\Program Files\HP\DVDPlay\DVDPlay.exeVD Play
"{9A7DDEEA-C4B5-4DA0-B748-CCEEB35A439A}"= C:\Program Files\HP\DVDPlay\DPService.exeVD Play Resident Program
"{0CBA3B42-C28B-4C81-BD23-1CF090A3184A}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{C63B4E96-904F-4016-80F6-CF0F9AC2E31B}"= UDP:C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"{F79F2456-332B-4977-9114-735D5DB6334B}"= TCP:C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"{747CDC6F-ADFA-45A5-A150-B81E09CCA9FD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{88E51F17-BF4B-4535-8E47-A6E1447A40FD}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{17E68F2A-57EE-437F-A831-79413677361E}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"TCP Query User{F43684A2-20A6-4007-802B-5CED5811BB1C}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{004FF14A-C964-439E-95A8-3A9FB2BB2B22}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{CF86AA10-B742-4F19-8B0E-6952D0EAAE9E}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{477225C5-2758-4166-82DE-F2C9547A14F0}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{BA104C6B-8BD4-44C2-A6CE-2C05499ABB21}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{C5257626-74D1-4D1C-A3E6-4F6EFD4BEF37}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{87B4A079-68ED-4E1E-8A85-F41876978C9D}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{E89A582B-3E8D-4EAC-AF67-310FF10CA95D}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{F979CE27-89FC-4596-80B6-0667F508504B}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{0BFC06A9-5456-4A67-8675-DD1FD8EF1167}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{7A691E6E-1A49-4F44-9FC3-B543AF1CD9DE}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{CF3F2896-016B-441B-B9F7-B6F986378239}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{7488F570-D5A8-4BAD-B193-CEFE1112F50E}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{B1917F52-DDBF-4D48-8992-14DF494FB5EE}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{CD57DCF7-3672-4E30-ABF2-747C2C8D4249}C:\\users\\tomppa\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\tomppa\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{9ACFE51A-9A4F-4655-98D1-3FFD4724471F}C:\\users\\tomppa\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\tomppa\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080613.001\IDSvix86.sys [2008-03-20 23:37]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files\HP\DVDPlay\000.fcl [2008-01-15 01:58]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 15:19]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-10-01 11:21]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-09-24 14:09]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 09:50]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-06-10 19:02]
S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-12-07 18:28]

*Newly Created Service* - COMHOST
.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-06-09 18:11:41 C:\Windows\Tasks\Norton Internet Security - Suorita täysi järjestelmäntarkistus - tomppa.job"Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:51, on 2008-06-15
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 5984 bytes

 

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

 

kone kaatui tarkistaessani malwarella.tarkistus onnistui vikasieMalwarebytes' Anti-Malware 1.17
Tietokantaversio: 857

23:29:05 2008-06-15
mbam-log-6-15-2008 (23-29-05).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|)
Tarkistetut kohteet: 193376
Kulunut aika: 18 minute(s), 53 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)
totilassa?????? Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:41, on 2008-06-15
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL...-jc.cab&File=jinstall-6u6-windows-i586-jc.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6042 bytes

 

moi taas tossa noi uusimmat lokit vaiva tuntuu jatkuvan kiitoksia neuvoista. Malwarebytes' Anti-Malware 1.17
Tietokantaversio: 859

16:52:58 2008-06-16
mbam-log-6-16-2008 (16-52-50).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|F:\|G:\|)
Tarkistetut kohteet: 198142
Kulunut aika: 17 minute(s), 13 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 1

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\Users\tomppa\AppData\Local\Temp(1296)\tmp00033909 (Trojan.Vundo) -> No action taken.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:15, on 16.6.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4024 bytes
ComboFix 08-06-12.2 - tomppa 2008-06-16 17:04:34.6 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.2350 [GMT 3:00]
Running from: C:\Users\tomppa\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Fonts\CALIBRIB.TTF . . . . poisto epäonnistui
.
---- Previous Run -------
.

C:\Windows\Fonts\CALIBRIB.TTF . . . . poisto epäonnistui

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-16 to 2008-06-16 )))))))))))))))))
.

2008-06-16 02:03 . 2008-06-16 02:07 <KANSIO> d-------- C:\Program Files\Windows Live Safety Center
2008-06-15 22:26 . 2008-06-15 22:26 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-06-15 22:20 . 2008-06-15 22:20 <KANSIO> d-------- C:\Users\All Users\Google
2008-06-15 22:20 . 2008-06-15 22:29 <KANSIO> d-------- C:\Program Files\Google
2008-06-15 22:19 . 2008-06-15 22:19 <KANSIO> d-------- C:\Program Files\Java(72)
2008-06-15 22:19 . 2008-06-16 01:28 <KANSIO> d-------- C:\Program Files\Java
2008-06-15 22:17 . 2008-06-15 22:17 <KANSIO> d-------- C:\Program Files\Common Files\Java(5)
2008-06-15 22:17 . 2008-06-16 01:28 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-06-15 20:57 . 2008-06-15 20:57 <KANSIO> d-------- C:\Program Files\IObit
2008-06-15 20:38 . 2008-06-15 20:40 <KANSIO> d-------- C:\Users\All Users\Lavasoft
2008-06-15 20:38 . 2008-06-15 20:40 <KANSIO> d-------- C:\ProgramData\Lavasoft
2008-06-15 20:38 . 2008-06-15 20:38 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-06-15 20:37 . 2008-06-16 01:28 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 16:46 . 2008-06-15 16:46 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-15 12:44 . 2008-06-15 12:44 <KANSIO> d-------- C:\Users\tomppa\AppData\Roaming\Simply Super Software
2008-06-15 12:44 . 2008-06-15 12:44 <KANSIO> d-------- C:\Users\All Users\Simply Super Software
2008-06-15 12:44 . 2008-06-15 12:44 <KANSIO> d-------- C:\ProgramData\Simply Super Software
2008-06-15 12:44 . 2008-06-16 01:28 <KANSIO> d-------- C:\Program Files\Trojan Remover
2008-06-15 12:44 . 2006-05-25 15:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
2008-06-15 12:44 . 2003-02-02 20:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll
2008-06-15 12:44 . 2005-08-26 01:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2008-06-15 12:44 . 2002-03-06 01:00 75,264 --a------ C:\Windows\System32\unacev2.dll
2008-06-15 12:44 . 2006-06-19 13:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2008-06-15 10:41 . 2008-04-23 07:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-15 10:41 . 2008-04-23 07:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-15 10:41 . 2008-04-23 07:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-15 10:41 . 2008-04-23 07:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 23:54 . 2008-06-15 13:03 402,702,674 --a------ C:\Windows\MEMORY.DMP
2008-06-14 23:46 . 2008-06-14 23:46 <KANSIO> d-------- C:\Users\tomppa\AppData\Roaming\Malwarebytes
2008-06-14 23:46 . 2008-06-14 23:46 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-06-14 23:46 . 2008-06-14 23:46 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-06-14 23:46 . 2008-06-16 01:28 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 23:46 . 2008-06-10 19:02 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-14 23:46 . 2008-06-10 19:02 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-14 23:27 . 2008-06-14 23:27 <KANSIO> d-------- C:\VundoFix Backups
2008-06-14 23:21 . 2008-06-14 23:21 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-14 18:08 . 2008-06-15 22:13 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-14 18:08 . 2008-06-15 22:13 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-14 18:08 . 2008-06-15 22:14 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-14 17:19 . 2008-06-14 17:19 <KANSIO> d-------- C:\PerfLogs
2008-06-14 10:18 . 2008-06-14 10:18 <KANSIO> d-------- C:\Users\Meeri\AppData\Roaming\PC Suite
2008-06-14 00:30 . 2008-06-14 00:30 <KANSIO> d-------- C:\Users\Hanna\AppData\Roaming\PlayFirst
2008-06-14 00:29 . 2008-06-14 00:52 <KANSIO> d-a------ C:\Users\All Users\TEMP
2008-06-14 00:29 . 2008-06-14 00:52 <KANSIO> d-a------ C:\ProgramData\TEMP
2008-06-14 00:28 . 2008-06-14 00:29 <KANSIO> d-------- C:\Program Files\Shockwave.com
2008-06-14 00:17 . 2008-06-14 00:17 <KANSIO> d-------- C:\Users\Hanna\AppData\Roaming\PC Suite
2008-06-14 00:17 . 2008-06-14 00:17 <KANSIO> d-------- C:\Users\Hanna\AppData\Roaming\Nero
2008-06-13 19:29 . 2008-06-13 19:29 <KANSIO> d-------- C:\Users\Meeri\AppData\Roaming\Nero
2008-06-13 19:05 . 2008-06-13 19:05 <KANSIO> d-------- C:\Program Files\NeroInstall.bak
2008-06-13 18:38 . 2008-06-13 18:38 <KANSIO> d-------- C:\Users\tomppa\AppData\Roaming\Nero
2008-06-13 18:34 . 2008-06-13 18:34 <KANSIO> d-------- C:\Users\All Users\Nero
2008-06-13 18:34 . 2008-06-13 18:34 <KANSIO> d-------- C:\ProgramData\Nero
2008-06-13 18:34 . 2008-06-13 18:34 <KANSIO> d-------- C:\Program Files\Nero
2008-06-13 18:34 . 2008-06-13 18:36 <KANSIO> d-------- C:\Program Files\Common Files\Nero
2008-06-13 18:03 . 2008-06-13 18:03 <KANSIO> d-------- C:\puretut
2008-06-12 23:40 . 2008-06-12 23:40 <KANSIO> d-------- C:\Users\tomppa\AppData\Roaming\Nokia Multimedia Player
2008-06-12 21:44 . 2008-06-12 21:44 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-12 21:31 . 2008-06-12 22:40 <KANSIO> d-------- C:\Users\tomppa\AppData\Roaming\PC Suite
2008-06-12 21:31 . 2008-06-12 21:55 <KANSIO> d-------- C:\Users\tomppa\AppData\Roaming\Nokia
2008-06-12 21:31 . 2008-06-12 21:44 <KANSIO> d-------- C:\Users\All Users\PC Suite
2008-06-12 21:31 . 2008-06-12 21:44 <KANSIO> d-------- C:\ProgramData\PC Suite
2008-06-12 21:30 . 2008-06-12 21:30 <KANSIO> d-------- C:\Program Files\DIFX
2008-06-12 21:30 . 2008-06-12 21:30 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2008-06-12 21:30 . 2008-06-12 21:30 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-06-12 21:30 . 2007-09-17 15:53 21,632 --a------ C:\Windows\System32\drivers\pccsmcfd.sys
2008-06-12 21:27 . 2008-06-12 21:30 <KANSIO> d----c--- C:\Windows\System32\DRVSTORE
2008-06-12 21:27 . 2008-06-12 21:27 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2008-06-12 21:23 . 2008-06-12 21:30 <KANSIO> d-------- C:\Program Files\Nokia
2008-06-12 21:23 . 2007-11-29 10:32 48,128 --a------ C:\Windows\System32\nmwcdcls.dll
2008-06-12 21:19 . 2008-06-12 21:23 <KANSIO> d-------- C:\Users\All Users\Installations
2008-06-12 21:19 . 2008-06-12 21:23 <KANSIO> d-------- C:\ProgramData\Installations
2008-06-12 19:14 . 2008-06-12 19:14 <KANSIO> d-------- C:\Users\Hanna\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2008-06-12 09:37 . 2008-04-26 11:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-12 09:37 . 2008-05-10 04:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-12 09:36 . 2008-04-25 05:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-12 09:36 . 2008-04-25 07:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 08:40 . 2008-06-11 08:45 <KANSIO> d-------- C:\Users\Santtu\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2008-06-11 08:39 . 2008-06-11 08:39 <KANSIO> dr------- C:\Users\Santtu\Searches
2008-06-11 08:39 . 2008-06-11 08:39 <KANSIO> d-------- C:\Users\Santtu\AppData\Roaming\Symantec
2008-06-11 08:38 . 2008-06-11 08:39 <KANSIO> dr------- C:\Users\Santtu\Videos
2008-06-11 08:38 . 2008-06-11 08:39 <KANSIO> dr------- C:\Users\Santtu\Saved Games
2008-06-11 08:38 . 2008-06-11 08:44 <KANSIO> dr------- C:\Users\Santtu\Pictures
2008-06-11 08:38 . 2008-06-11 08:39 <KANSIO> dr------- C:\Users\Santtu\Music
2008-06-11 08:38 . 2008-06-11 08:39 <KANSIO> dr------- C:\Users\Santtu\Links
2008-06-11 08:38 . 2008-06-11 08:39 <KANSIO> dr------- C:\Users\Santtu\Downloads
2008-06-11 08:38 . 2008-06-11 08:39 <KANSIO> dr------- C:\Users\Santtu\Documents
2008-06-11 08:38 . 2008-06-11 08:38 <KANSIO> dr------- C:\Users\Santtu\Contacts
2008-06-11 08:38 . 2006-11-02 15:37 <KANSIO> d-------- C:\Users\Santtu\AppData\Roaming\Media Center Programs
2008-06-11 08:38 . 2008-06-11 08:39 <KANSIO> d--h----- C:\Users\Santtu\AppData
2008-06-11 08:38 . 2008-06-16 01:30 <KANSIO> d-------- C:\Users\Santtu
2008-06-10 18:59 . 2008-06-10 18:59 <KANSIO> d-------- C:\Users\All Users\Winamp Toolbar
2008-06-10 18:59 . 2008-06-10 19:00 <KANSIO> d-------- C:\Users\All Users\OrbNetworks
2008-06-10 18:59 . 2008-06-10 18:59 <KANSIO> d-------- C:\ProgramData\Winamp Toolbar
2008-06-10 18:59 . 2008-06-10 19:00 <KANSIO> d-------- C:\ProgramData\OrbNetworks
2008-06-10 18:59 . 2008-06-10 18:59 <KANSIO> d-------- C:\Program Files\Winamp Toolbar
2008-06-10 18:59 . 2008-06-10 18:59 <KANSIO> d-------- C:\Program Files\Winamp Remote
2008-06-10 18:57 . 2008-06-16 01:28 <KANSIO> d-------- C:\Users\tomppa\AppData\Roaming\Winamp
2008-06-10 18:57 . 2008-06-10 19:00 <KANSIO> d-------- C:\Program Files\Winamp
2008-06-10 18:57 . 2007-03-08 02:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-06-10 00:14 . 2008-06-10 00:14 <KANSIO> d--h----- C:\Users\All Users\CanonBJ
2008-06-10 00:14 . 2008-06-10 00:14 <KANSIO> d--h----- C:\ProgramData\CanonBJ
2008-06-09 23:48 . 2008-06-13 17:09 <KANSIO> d-------- C:\Users\Public\CyberLink
2008-06-06 21:52 . 2008-06-13 17:09 <KANSIO> d-------- C:\Users\tomppa\AppData\Roaming\CyberLink
2008-06-05 18:50 . 2008-06-05 18:50 <KANSIO> d-------- C:\Program Files\uTorrent
2008-06-05 18:49 . 2008-06-16 01:28 <KANSIO> d-------- C:\Users\tomppa\AppData\Roaming\uTorrent
2008-06-05 17:19 . 2008-06-05 17:19 <KANSIO> d-------- C:\Program Files\eMule
2008-06-04 16:42 . 2008-06-04 16:46 <KANSIO> d-------- C:\Users\Meeri\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2008-06-04 14:53 . 2008-01-19 10:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-06-04 14:52 . 2008-01-19 10:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-06-04 14:51 . 2008-01-19 10:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-06-04 14:50 . 2008-01-19 10:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-06-04 14:49 . 2008-01-19 09:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-06-04 14:48 . 2008-01-19 10:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-06-04 14:48 . 2008-01-19 10:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-06-04 14:48 . 2008-01-19 10:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-06-04 14:47 . 2008-01-19 10:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-06-04 14:47 . 2008-01-19 10:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-06-04 14:45 . 2008-01-19 10:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-06-04 14:45 . 2008-01-19 10:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-06-04 14:45 . 2008-01-19 10:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-06-04 14:45 . 2008-01-19 10:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-06-04 14:45 . 2006-11-02 12:39 6,656 --a------ C:\Windows\System32\kbd106.dll
2008-06-04 14:33 . 2008-06-04 14:33 <KANSIO> dr------- C:\Users\Meeri\Videos
2008-06-04 14:33 . 2008-06-04 14:33 <KANSIO> dr------- C:\Users\Meeri\Searches
2008-06-04 14:33 . 2008-06-04 14:33 <KANSIO> dr------- C:\Users\Meeri\Saved Games

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 22:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-15 22:27 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-15 22:27 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-15 22:27 --------- d-----w C:\Program Files\Windows Mail
2008-06-15 21:49 --------- d-----w C:\ProgramData\Symantec
2008-06-14 14:33 174 --sha-w C:\Program Files\desktop.ini
2008-06-14 14:25 --------- d-----w C:\Program Files\Windows Journal
2008-06-14 14:25 --------- d-----w C:\Program Files\Windows Defender
2008-06-14 14:25 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-14 14:25 --------- d-----w C:\Program Files\Windows Calendar
2008-06-14 13:52 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-14 13:52 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-13 14:09 --------- d-----w C:\ProgramData\CyberLink
2008-06-06 18:52 --------- d-----w C:\ProgramData\HP
2008-06-03 08:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 20:12 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-02 20:12 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-02 20:12 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-02 20:12 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-02 20:12 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-02 19:40 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-06-02 19:35 --------- d-sh--w C:\ProgramData\Työpöytä
2008-06-02 19:35 --------- d-sh--w C:\ProgramData\Tiedostot
2008-06-02 19:35 --------- d-sh--w C:\ProgramData\Suosikit
2008-06-02 19:35 --------- d-sh--w C:\ProgramData\Mallit
2008-06-02 19:35 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
.

((((((((((((((((((((((((((((( snapshot_2008-06-15_21.45.20.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-15 18:39:49 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-16 14:07:47 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-02-27 12:59:28 290,816 ----a-w C:\Windows\Downloaded Program Files\auc_lib.dll
+ 2008-03-07 15:50:50 290,816 ----a-w C:\Windows\Downloaded Program Files\auc_lib.dll
- 2008-02-27 12:59:28 495,616 ----a-w C:\Windows\Downloaded Program Files\daas_s.dll
+ 2008-03-07 15:50:50 495,616 ----a-w C:\Windows\Downloaded Program Files\daas_s.dll
- 2008-02-27 13:00:12 262,144 ----a-w C:\Windows\Downloaded Program Files\fscax.dll
+ 2008-03-07 15:51:48 380,928 ----a-w C:\Windows\Downloaded Program Files\fscax.dll
+ 2008-03-07 15:50:50 159,744 ----a-w C:\Windows\Downloaded Program Files\fsld32.dll
- 2008-02-27 12:59:16 588,392 ----a-w C:\Windows\Downloaded Program Files\gatelauncher.exe
+ 2008-03-07 15:50:32 588,456 ----a-w C:\Windows\Downloaded Program Files\gatelauncher.exe
+ 2008-03-07 15:50:32 588,456 ----a-w C:\Windows\Downloaded Program Files\gatelauncheradmin.exe
- 2008-06-14 14:31:39 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-06-16 13:27:16 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-06-14 14:31:38 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-06-15 19:10:29 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-06-14 14:31:38 143,360 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-06-16 07:32:13 143,360 ----a-w C:\Windows\inf\infstrng.dat
- 2008-06-15 18:39:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-16 14:07:47 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-06-15 18:39:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-06-16 14:07:47 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-14 15:05:00 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-15 21:54:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-14 15:05:00 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-15 21:54:42 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-14 15:05:00 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-15 21:54:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-15 18:42:27 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-06-16 14:10:31 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-06-16 14:10:31 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-15 18:42:27 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-16 14:10:31 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-16 14:10:31 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-15 17:57:52 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-16 10:35:41 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-15 17:57:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-16 10:35:41 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-15 17:57:52 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-16 10:35:41 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-15 14:20:10 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-06-15 22:30:43 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-06-14 14:28:34 293,424 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 2008-06-16 10:32:54 291,288 ----a-w C:\Windows\System32\FNTCACHE.DAT
- 2007-04-06 22:15:26 135,168 ----a-w C:\Windows\System32\java.exe
+ 2008-03-24 22:28:39 135,168 ----a-w C:\Windows\System32\java.exe
- 2007-04-06 22:15:28 135,168 ----a-w C:\Windows\System32\javaw.exe
+ 2008-03-24 22:28:43 135,168 ----a-w C:\Windows\System32\javaw.exe
- 2007-04-06 23:16:26 139,264 ----a-w C:\Windows\System32\javaws.exe
+ 2008-03-24 23:37:01 139,264 ----a-w C:\Windows\System32\javaws.exe
- 2008-06-15 18:20:58 101,052 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-16 13:19:58 100,640 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-15 18:20:58 80,514 ----a-w C:\Windows\System32\perfc00B.dat
+ 2008-06-16 13:19:58 80,136 ----a-w C:\Windows\System32\perfc00B.dat
- 2008-06-15 18:20:58 586,980 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-16 13:19:58 586,568 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-15 18:20:58 435,392 ----a-w C:\Windows\System32\perfh00B.dat
+ 2008-06-16 13:19:58 434,644 ----a-w C:\Windows\System32\perfh00B.dat
- 2008-06-15 18:17:04 6,174 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3842399725-3064017292-2622520618-1000_UserData.bin
+ 2008-06-16 14:04:29 7,200 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3842399725-3064017292-2622520618-1000_UserData.bin
- 2008-06-15 18:35:08 54,216 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-16 14:04:29 55,804 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-15 16:37:51 35,330 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-16 14:04:27 36,614 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-06-15 15:04:25 152,302 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-06-16 13:06:37 177,218 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2008-06-14 18:51:48 76,142 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2008-06-16 07:30:18 101,404 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 01:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 01:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 01:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6457502C-73A2-41FA-9285-0BBD3F830EF9}"= C:\Program Files\HP\DVDPlay\DVDPlay.exeVD Play
"{9A7DDEEA-C4B5-4DA0-B748-CCEEB35A439A}"= C:\Program Files\HP\DVDPlay\DPService.exeVD Play Resident Program
"{0CBA3B42-C28B-4C81-BD23-1CF090A3184A}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{C63B4E96-904F-4016-80F6-CF0F9AC2E31B}"= UDP:C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"{F79F2456-332B-4977-9114-735D5DB6334B}"= TCP:C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"{747CDC6F-ADFA-45A5-A150-B81E09CCA9FD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{88E51F17-BF4B-4535-8E47-A6E1447A40FD}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{17E68F2A-57EE-437F-A831-79413677361E}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"TCP Query User{F43684A2-20A6-4007-802B-5CED5811BB1C}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{004FF14A-C964-439E-95A8-3A9FB2BB2B22}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{CF86AA10-B742-4F19-8B0E-6952D0EAAE9E}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{477225C5-2758-4166-82DE-F2C9547A14F0}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{BA104C6B-8BD4-44C2-A6CE-2C05499ABB21}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{C5257626-74D1-4D1C-A3E6-4F6EFD4BEF37}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{87B4A079-68ED-4E1E-8A85-F41876978C9D}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{E89A582B-3E8D-4EAC-AF67-310FF10CA95D}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{F979CE27-89FC-4596-80B6-0667F508504B}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{0BFC06A9-5456-4A67-8675-DD1FD8EF1167}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{7A691E6E-1A49-4F44-9FC3-B543AF1CD9DE}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{CF3F2896-016B-441B-B9F7-B6F986378239}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{7488F570-D5A8-4BAD-B193-CEFE1112F50E}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{B1917F52-DDBF-4D48-8992-14DF494FB5EE}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{CD57DCF7-3672-4E30-ABF2-747C2C8D4249}C:\\users\\tomppa\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\tomppa\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{9ACFE51A-9A4F-4655-98D1-3FFD4724471F}C:\\users\\tomppa\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\tomppa\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe

R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files\HP\DVDPlay\000.fcl [2008-01-15 01:58]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 15:19]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-10-01 11:21]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-09-24 14:09]
S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-12-07 18:28]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 17:10:38
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\IoctlSvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Windows\ehome\ehrecvr.exe
C:\Windows\System32\conime.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-16 17:12:37 - machine was rebooted [tomppa]
ComboFix-quarantined-files.txt 2008-06-16 14:12:33

Pre-Run: 249,119,653,888 tavua vapaana
Post-Run: 249,073,487,872 tavua vapaana

338 --- E O F --- 2008-06-15 12:29:34