Ongelmia on... HJT-logi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20:12, on 14.4.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Cobian Backup 8\Cobian.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Samurize\Client.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {286a6b56-b3a6-40fb-d654-3a61f7788cb9} - {9bc8877f-16a3-456d-bf04-6a3b65b6a682} - C:\Windows\system32\nbwujgdf.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C19F066D-FE1E-40DB-81FB-B0E19B1AB51C} - C:\Windows\system32\urstq.dll
O2 - BHO: (no name) - {D318119E-CB62-4039-AE9B-CF9575BCAA7F} - C:\Windows\system32\ursrs.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Cobian Backup 8] "C:\Program Files\Cobian Backup 8\Cobian.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ursrs.dll,#1
O4 - HKLM\..\Run: [b011b3b3] rundll32.exe "C:\Windows\system32\bswrfuwa.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BMb322802f] Rundll32.exe "C:\Windows\system32\ivfwgtan.dll",s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL...-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95CFEB66-C02E-468E-A765-688FF47FCB75}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\Windows\system32\r_server.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10888 bytes

 

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

===========

Lataa TÄSTÄ VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

 

ComboFix 08-04-14.2 - Pasi 2008-04-15 11:18:42.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1035.18.1157 [GMT 3:00]
Running from: C:\Users\Pasi\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Windows\system32\ayblqbku.dll
C:\Windows\system32\cpfosqal.dll
C:\Windows\System32\kmnpo.ini
C:\Windows\System32\kmnpo.ini2
C:\Windows\System32\laqsofpc.ini
C:\Windows\System32\lmoqr.ini
C:\Windows\System32\lmoqr.ini2
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\nbwujgdf.dll
C:\Windows\system32\opnmk.dll
C:\Windows\System32\qtsru.ini
C:\Windows\System32\qtsru.ini2
C:\Windows\system32\rqoml.dll
C:\Windows\system32\texluhmx.dll
C:\Windows\system32\urstq.dll
C:\Windows\system32\vneoecch.dll
C:\Windows\system32\yabcd.dll
C:\Windows\system32\yfkfxjat.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-03-15 to 2008-04-15 )))))))))))))))))
.

2008-04-15 10:27 . 2008-04-15 10:28 261,520,064 --a------ C:\Windows\MEMORY.DMP
2008-04-14 22:14 . 2008-04-14 22:14 <KANSIO> d-------- C:\HijackThis
2008-04-14 12:49 . 2008-04-14 12:49 0 --a------ C:\Windows\nsreg.dat
2008-04-14 11:30 . 2008-04-14 11:30 <KANSIO> d-------- C:\Users\Pasi\AppData\Roaming\Grisoft
2008-04-14 11:29 . 2008-04-14 11:29 <KANSIO> d-------- C:\Users\All Users\Grisoft
2008-04-14 11:29 . 2008-04-14 11:29 <KANSIO> d-------- C:\ProgramData\Grisoft
2008-04-14 11:29 . 2007-05-30 15:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-04-14 09:23 . 2008-04-14 22:18 878 ---hs---- C:\Windows\System32\awufrwsb.ini
2008-04-13 20:14 . 2008-04-13 20:14 <KANSIO> d-------- C:\Users\Pasi\AppData\Roaming\SmartFTP
2008-04-13 20:14 . 2008-04-15 09:06 <KANSIO> d-------- C:\Program Files\SmartFTP Client
2008-04-13 18:37 . 2008-03-06 21:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-04-13 18:37 . 2008-03-06 21:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-04-13 18:37 . 2008-03-06 21:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-04-13 17:00 . 2008-04-13 17:00 <KANSIO> d-------- C:\Program Files\Cobian Backup 8
2008-04-12 21:37 . 2008-04-15 10:07 12 --a------ C:\Windows\bthservsdp.dat
2008-04-11 22:30 . 2008-04-11 22:32 <KANSIO> d-------- C:\Program Files\PAFPoker
2008-04-10 21:33 . 2008-04-10 21:33 <KANSIO> d-------- C:\Windows\Sun
2008-04-10 21:33 . 2008-04-11 21:51 <KANSIO> d-------- C:\Users\Pasi\.onnet
2008-04-09 16:02 . 2006-12-08 09:50 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-04-09 16:02 . 2006-12-08 09:50 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-04-09 16:02 . 2006-12-08 09:45 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-04-09 16:02 . 2006-12-08 09:43 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-04-09 16:02 . 2006-12-08 09:43 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-04-08 19:42 . 2008-04-08 19:43 <KANSIO> d-------- C:\Program Files\Java
2008-04-08 19:41 . 2008-04-08 19:41 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-04-08 18:14 . 2008-04-08 18:14 <KANSIO> d-------- C:\Users\All Users\TerraTec
2008-04-08 18:14 . 2008-04-08 18:14 <KANSIO> d-------- C:\ProgramData\TerraTec
2008-04-08 18:13 . 2008-04-08 18:13 <KANSIO> d-------- C:\Program Files\TerraTec
2008-04-08 18:11 . 2008-04-08 18:11 <KANSIO> d-------- C:\Users\Pasi\AppData\Roaming\TerraTec
2008-04-08 17:11 . 2008-04-08 17:52 <KANSIO> d-------- C:\Users\Pasi\AppData\Roaming\BSplayer PRO
2008-04-08 17:11 . 2008-04-08 17:11 <KANSIO> d-------- C:\Program Files\Webteh
2008-04-07 22:11 . 2008-04-07 22:11 <KANSIO> d-------- C:\Users\Pasi\Program Files
2008-04-07 21:03 . 2008-04-07 21:03 <KANSIO> d-------- C:\DestinatorApps
2008-04-07 19:17 . 2008-04-07 19:17 <KANSIO> d-------- C:\Users\All Users\FLEXnet
2008-04-07 19:17 . 2008-04-07 19:17 <KANSIO> d-------- C:\ProgramData\FLEXnet
2008-04-07 19:16 . 2008-04-07 19:16 <KANSIO> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-07 19:16 . 2007-03-23 04:05 29,272 -ra------ C:\Windows\System32\AdobePDF.dll
2008-04-07 19:05 . 2008-04-07 19:16 <KANSIO> d-------- C:\Users\All Users\Adobe
2008-04-07 19:05 . 2008-04-07 19:17 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-04-07 17:49 . 2008-04-15 11:20 <KANSIO> d-------- C:\Users\Pasi\AppData\Roaming\DNA
2008-04-07 17:49 . 2008-04-08 17:08 <KANSIO> d-------- C:\Users\Pasi\AppData\Roaming\BitTorrent
2008-04-07 17:49 . 2008-04-07 17:49 <KANSIO> d-------- C:\Program Files\DNA
2008-04-07 17:49 . 2008-04-07 17:49 <KANSIO> d-------- C:\Program Files\BitTorrent
2008-04-05 13:09 . 2008-04-11 21:37 <KANSIO> d-------- C:\Users\Pasi\AppData\Roaming\ZoomBrowser EX
2008-04-05 12:49 . 2008-04-05 12:49 <KANSIO> d-------- C:\Users\All Users\eMule
2008-04-05 12:49 . 2008-04-05 12:49 <KANSIO> d-------- C:\ProgramData\eMule
2008-04-04 18:09 . 2008-04-04 18:09 <KANSIO> d-------- C:\Program Files\Jasc Software Inc
2008-04-04 18:05 . 2008-04-13 11:29 <KANSIO> d-------- C:\Program Files\Euroword2004
2008-04-04 18:05 . 2008-04-04 18:05 389,120 --------- C:\Windows\Setup1.exe
2008-04-04 18:05 . 2008-04-04 18:05 73,216 --a------ C:\Windows\ST6UNST.EXE
2008-04-04 12:29 . 2007-03-15 04:52 1,152,000 --a------ C:\Windows\System32\themecpl.dll
2008-04-04 12:29 . 2007-07-20 02:55 233,888 --a------ C:\Windows\System32\DreamScene.dll
2008-04-04 12:28 . 2008-04-04 12:28 <KANSIO> d-------- C:\Program Files\BitLocker
2008-04-04 12:27 . 2007-02-22 05:26 1,171,848 --a------ C:\Windows\System32\SecureKeyBackupCPL.dll
2008-04-04 12:27 . 2008-03-12 23:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll
2008-04-04 12:27 . 2006-12-21 03:58 711 --a------ C:\Windows\System32\CPSOKBTasks.xml
2008-04-04 12:25 . 2006-12-20 09:03 229,888 --a------ C:\Windows\System32\msshsq.dll
2008-04-04 12:22 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-04-04 12:21 . 2008-04-04 12:21 <KANSIO> d-------- C:\Program Files\Microsoft Works
2008-04-04 12:20 . 2008-04-04 12:20 <KANSIO> d-------- C:\Program Files\Microsoft.NET
2008-04-04 12:18 . 2008-04-04 12:18 <KANSIO> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-04 12:17 . 2008-04-08 21:42 <KANSIO> d-------- C:\Users\All Users\Microsoft Help
2008-04-04 12:17 . 2008-04-08 21:42 <KANSIO> d-------- C:\ProgramData\Microsoft Help
2008-04-04 12:13 . 2008-04-04 12:13 <KANSIO> dr-h----- C:\MSOCache
2008-04-04 11:04 . 2008-04-11 21:37 <KANSIO> d-------- C:\Users\All Users\ZoomBrowser
2008-04-04 11:04 . 2008-04-11 21:37 <KANSIO> d-------- C:\ProgramData\ZoomBrowser
2008-04-03 21:19 . 2008-04-03 21:19 <KANSIO> d-------- C:\Program Files\Microsoft Silverlight
2008-04-03 21:18 . 2008-04-03 21:18 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-04-03 12:16 . 2008-04-04 18:44 <KANSIO> d-------- C:\Program Files\Samurize
2008-04-03 12:08 . 2008-04-04 11:05 <KANSIO> d-------- C:\Program Files\Canon
2008-04-03 12:07 . 2008-04-04 10:55 <KANSIO> d-------- C:\Program Files\Common Files\Canon
2008-04-03 11:02 . 2008-04-03 11:02 <KANSIO> d-------- C:\Users\All Users\Genimap
2008-04-03 11:02 . 2008-04-03 11:02 <KANSIO> d-------- C:\ProgramData\Genimap
2008-04-03 11:02 . 2008-04-03 11:04 <KANSIO> d-------- C:\Program Files\GmRekGTP
2008-04-03 10:14 . 2008-04-03 10:14 <KANSIO> d-------- C:\Users\All Users\Logitech
2008-04-03 10:14 . 2008-04-03 11:55 <KANSIO> d-------- C:\Users\All Users\Logishrd
2008-04-03 10:14 . 2008-04-03 10:14 <KANSIO> d-------- C:\ProgramData\Logitech
2008-04-03 10:14 . 2008-04-03 11:55 <KANSIO> d-------- C:\ProgramData\Logishrd
2008-04-03 05:49 . 2008-04-02 18:56 <KANSIO> d-------- C:\Windows\Panther
2008-04-03 05:49 . 2008-04-02 21:29 443,912 -rahs---- C:\bootmgr
2008-04-03 05:49 . 2008-04-03 05:49 8,192 -ra-s---- C:\BOOTSECT.BAK
2008-04-03 05:48 . 2008-04-15 10:46 462,588 --a------ C:\Windows\System32\perfh00B.dat
2008-04-03 05:48 . 2008-04-03 05:47 274,158 --a------ C:\Windows\System32\perfi00B.dat
2008-04-03 05:48 . 2008-04-15 10:46 84,816 --a------ C:\Windows\System32\perfc00B.dat
2008-04-03 05:48 . 2008-04-03 05:47 36,790 --a------ C:\Windows\System32\perfd00B.dat
2008-04-03 05:47 . 2008-04-03 05:47 <KANSIO> d-------- C:\Windows\System32\fi
2008-04-03 05:47 . 2008-04-04 03:05 <KANSIO> d-------- C:\Windows\System32\drivers\fi-FI
2008-04-03 05:47 . 2008-04-03 05:47 <KANSIO> d-------- C:\Windows\System32\040B
2008-04-03 05:47 . 2008-04-03 05:47 <KANSIO> d-------- C:\Windows\fi-FI
2008-04-02 22:08 . 2008-04-09 15:00 <KANSIO> d-------- C:\Users\All Users\OrbNetworks
2008-04-02 22:08 . 2008-04-09 15:00 <KANSIO> d-------- C:\ProgramData\OrbNetworks
2008-04-02 22:08 . 2008-04-02 22:08 <KANSIO> d-------- C:\Program Files\Orb Networks
2008-04-02 22:01 . 2008-04-02 22:01 2,923,520 --a------ C:\Windows\explorer.exe
2008-04-02 22:00 . 2008-04-02 22:00 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-04-02 22:00 . 2008-04-02 22:00 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-04-02 21:59 . 2008-04-02 21:59 376,320 --a------ C:\Windows\System32\winsrv.dll
2008-04-02 21:59 . 2008-04-02 21:59 49,664 --a------ C:\Windows\System32\csrsrv.dll
2008-04-02 21:58 . 2008-04-02 21:58 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-04-02 21:58 . 2008-04-02 21:58 414,208 --a------ C:\Windows\System32\msscp.dll
2008-04-02 21:58 . 2008-04-02 21:58 41,984 --a------ C:\Windows\System32\drivers\monitor.sys

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 18:52 --------- d-----w C:\Program Files\Windows Mail
2008-04-04 09:21 --------- d-----w C:\Program Files\MSBuild
2008-04-03 02:47 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-03 02:47 --------- d-----w C:\Program Files\Windows Journal
2008-04-03 02:47 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-02 19:17 --------- d-----w C:\Program Files\Windows Defender
2008-04-02 19:17 --------- d-----w C:\Program Files\Windows Calendar
2008-04-02 19:01 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-04-02 19:01 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-04-02 19:01 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-04-02 19:01 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-04-02 19:01 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-04-02 19:01 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-04-02 19:01 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-04-02 19:01 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-04-02 19:01 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-04-02 19:01 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-04-02 19:01 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-04-02 19:01 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-04-02 19:01 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2008-04-02 18:55 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-04-02 18:42 174 --sha-w C:\Program Files\desktop.ini
2008-04-02 18:37 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-02 18:37 --------- d-----w C:\Program Files\Microsoft Games
2008-04-02 18:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-04-02 18:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-04-02 18:34 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-04-02 18:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-04-02 18:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-04-02 16:02 --------- d-sh--w C:\ProgramData\Työpöytä
2008-04-02 16:02 --------- d-sh--w C:\ProgramData\Tiedostot
2008-04-02 16:02 --------- d-sh--w C:\ProgramData\Suosikit
2008-04-02 16:02 --------- d-sh--w C:\ProgramData\Mallit
2008-04-02 16:02 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-15_10.37.54.63 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-15 07:27:59 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-15 07:40:13 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-15 07:40:13 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-15 07:40:13 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-15 07:28:48 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-15 07:42:38 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-15 07:42:38 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-15 07:28:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-15 07:45:07 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-15 07:45:07 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-15 07:21:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-15 08:17:15 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-15 07:21:53 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-15 08:17:15 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-15 07:21:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-15 08:17:15 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-15 07:17:01 104,570 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-15 07:46:19 104,570 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-15 07:17:01 612,848 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-15 07:46:20 612,848 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-15 07:12:43 5,836 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1341521275-4005641430-2762272556-1000_UserData.bin
+ 2008-04-15 07:43:07 5,852 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1341521275-4005641430-2762272556-1000_UserData.bin
- 2008-04-15 07:12:42 55,264 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-15 07:43:06 55,472 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-15 07:12:40 31,242 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-15 07:43:03 31,402 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{AD6E6555-FB2C-47D4-8339-3E2965509877}"= "C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL" [2007-11-07 10:20 527360]

[HKEY_CLASSES_ROOT\clsid\{ad6e6555-fb2c-47d4-8339-3e2965509877}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Orb"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" [2008-02-29 01:15 503808]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-11 16:32 288576]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:34 125440]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-02 21:33 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 08:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 08:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 08:15 81920]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-04-02 21:58 1006264]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"Cobian Backup 8"="C:\Program Files\Cobian Backup 8\Cobian.exe" [2007-09-27 12:37 501248]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25 6731312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D7BFF4AD-E4D2-4FEB-9C66-D7FAA4FE82D3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9EE018EA-6FD2-4DF6-94DA-F387DE57927E}"= UDP:C:\Users\Pasi\AppData\Local\Temp\{E346FD66-9FC2-4E9B-A8D6-CB7AE5FC207E}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)
"{DAB6DE13-39A1-4858-8FE3-07D7394B03C5}"= TCP:C:\Users\Pasi\AppData\Local\Temp\{E346FD66-9FC2-4E9B-A8D6-CB7AE5FC207E}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)
"{7212519B-15B9-4C01-BB79-1CF029BC006F}"= UDP:C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)
"{517791E1-1806-4C9A-9AC6-9C3DB9C6ADE7}"= TCP:C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)
"{B8D32461-6017-4F44-8E2F-75992667029C}"= UDP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"{E632D500-F1CF-439D-892D-B22B31B9303C}"= TCP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"{511960D1-E540-493E-99D6-15D0299FD170}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{DB1C3934-AFF7-440D-882D-AFB0E8B177A2}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{D7BAFECE-68D2-45BD-B9FD-B8485CFD5203}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{10B4EEDF-3922-4698-9254-D13EE0CC3C0D}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{005504B6-5B48-4AA2-A269-91ADA74F0D37}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{51231B85-571A-462A-897F-FC01F4E747F5}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{E114DCB9-7760-4A22-AE6A-917DF0744FEC}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"{CE72E9A4-104A-4AE1-A462-416004F52054}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"{14F85F0B-6F9A-46DA-9B6E-675BC13D35A9}"= UDP:C:\Users\Pasi\AppData\Local\Temp\{959762A3-03E0-4827-AA38-4CB6876C288A}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)
"{3CD12185-08E3-4786-9E51-689F5A7C4E48}"= TCP:C:\Users\Pasi\AppData\Local\Temp\{959762A3-03E0-4827-AA38-4CB6876C288A}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)
"{EBAFCD7E-0489-46C0-931C-4BF20539A886}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B41B64E7-07BC-4305-9243-011D5BE5F876}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F0CDB2F6-E4A7-4F77-AFC8-970654487505}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E7F2FE36-D2D0-4E76-804A-7AE531CD3523}"= UDP:C:\Program Files\DNA\btdna.exeNA
"{09845C07-6582-4BBB-8B55-9913D06762FC}"= TCP:C:\Program Files\DNA\btdna.exeNA
"{166D82EA-973F-4D41-B993-56413B6A4A96}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{2C34E30B-0D94-4E94-847C-614931D9EA00}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{DAC59DE7-4F68-47D8-B7AA-198DEC0947F7}"= UDP:C:\Users\Pasi\AppData\Local\Temp\{8D1F409E-4047-4D48-A719-D193E7D1A2EB}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)
"{AD08CC89-52A0-46CC-9551-526D3DADDB2C}"= TCP:C:\Users\Pasi\AppData\Local\Temp\{8D1F409E-4047-4D48-A719-D193E7D1A2EB}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\CinergyDvrHelper.exe:TerraTec Home Cinema (Setup)
"{B18D079A-3EC5-4A2F-98FE-30A18727B3F4}"= UDP:C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:TerraTec Home Cinema
"{17C80585-BC0B-4EAA-9E7F-6C3A45A75034}"= TCP:C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:TerraTec Home Cinema
"{A74ADB64-6D17-4895-91A4-5F270A61DA1D}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{534EE8C7-0DEE-41AF-BAFD-67337DD906EF}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{E517EEF6-4F78-4028-BAA3-C126E742A719}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{E5125253-3BEC-4485-A63C-899FE86DA2BE}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys [2008-03-12 08:30]
R2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 12:53]
R2 r_server;Remote Administrator Service;"C:\Windows\system32\r_server.exe" /service []
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 12:45]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 12:45]
R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2006-11-30 13:14]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2007-07-16 06:38]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 17:32]
S3 TTCinergyT2;TerraTec Cinergy T² (BDA);C:\Windows\system32\DRIVERS\TTCinergyT2BDA.sys [2007-07-12 21:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76d42d9b-00cc-11dd-a193-806e6f6e6963}]
\shell\AutoRun\command - F:\CDSTART.EXE

*Newly Created Service* - COMHOST
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-04-14 18:46:02 C:\Windows\Tasks\Norton Internet Security - Suorita täyd. järj.tarkistus - Pasi.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-04-14 08:53:25 C:\Windows\Tasks\User_Feed_Synchronization-{D23EB867-22FD-4A11-8443-87850B979B70}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 11:21:50
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 231

**************************************************************************
.
Completion time: 2008-04-15 11:23:11
ComboFix-quarantined-files.txt 2008-04-15 08:22:39

Pre-Run: 58,385,948,672 tavua vapaana
Post-Run: 58,356,862,976 tavua vapaana
.
2008-04-09 13:03:26 --- E O F ---



VundoFix V7.0.3

Scan started at 11:28:20 15.4.2008

Listing files found while scanning....

No infected files were found.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:36, on 15.4.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Cobian Backup 8\Cobian.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Samurize\Client.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Cobian Backup 8] "C:\Program Files\Cobian Backup 8\Cobian.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL...-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\Windows\system32\r_server.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9906 bytes


Malwarebytes' Anti-Malware 1.11
Tietokantaversio: 630

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|)
Tarkistetut kohteet: 137300
Kulunut aika: 40 minute(s), 30 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 3
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)



Nyt kone tuntuisi toimivan normaalisti!! KIITOS!!