Tässä hjt loki...Viiruksia!!!

Zippaz · Aug 27, 2009

Viruksen torjunta ohjelma havaitsi viiruksia, mutta miten ne filut saa korjattua. Tässä hjt-loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:42, on 27.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TEMP\vtrntkvoie.exe
C:\WINDOWS\TEMP\vtrntkvoie.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdateBeta.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Elisa Tietoturvapalvelu\ORSP Client\fsorsp.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsus.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Temp\_ex-68.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: precisead - {8623e086-2cc1-5e4b-4d72-3b674ebde885} - C:\WINDOWS\system32\nss19.dll
O2 - BHO: TBSB09835 - {D97FC677-694D-4A75-AC89-A5B85C2BCFED} - C:\Program Files\IEToolbar\Bullseye Tool Bar\lw.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Bullseye Tool Bar - {6226BA26-C017-4007-928C-DE9715C6FA67} - C:\Program Files\IEToolbar\Bullseye Tool Bar\lw.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MSxmlHpr] RUNDLL32.EXE C:\WINDOWS\system32\msxm192z.dll,w
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-68.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [RollerCoasterTycoon.exe] C:\DOWNLO~1\ROLLER~1.EXE /r
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: runit_32.lnk = C:\Program Files\runit\runit_32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Officen käynnistys.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} (ChatRepublicPlayer ActiveX) - http://www.superstarracing.net/ChatRepublicPlayer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: rgadtm - rgadtm.dll (file missing)
O23 - Service: Hälytys AlerterAlerterAlerterAlerterALG (AlerterAlerterAlerterAlerterALG) - Unknown owner - C:\WINDOWS\TEMP\vtrntkvoie.exe
O23 - Service: Hälytys AlerterAlerterAlerterALG (AlerterAlerterAlerterALG) - Unknown owner - C:\WINDOWS\TEMP\oyeixyncsf.exe
O23 - Service: Hälytys AlerterAlerterALG (AlerterAlerterALG) - Unknown owner - C:\WINDOWS\TEMP\srdbwutsqe.exe
O23 - Service: Hälytys AlerterALG (AlerterALG) - Unknown owner - C:\WINDOWS\TEMP\unbdievmew.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32WudfSvc (clr_optimization_v2.0.50727_32WudfSvc) - Unknown owner - C:\WINDOWS\system32\12520437c.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (GoogleUpdateBeta) - Google Corporation - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdateBeta.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O24 - Desktop Component 0: (no name) - http://www.finalfantasyworld.co.uk/khextreme/kh2/images/artwork/KH2_Artwork_Anti_Sora.jpg

--
End of file - 10198 bytes

kalminen · Aug 27, 2009

Monenlaista täällä on HI

Ole hyvä ja lataa Combofix yhdestä alla olevista linkeistä:

Linkki 1
Linkki 2
Linkki 3

* TÄRKEÄÄ !!! Tallenna ComboFix.exe työpöydällesi

* Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa.

* Tuplaklikkaa Combofix.exe ja noudata ohjeita.

* Osana skannausta Combofix tarkistaa onko palautuskonsoli asennettuna. Nykypäivän haittaohjelmien takia on erittäin suositeltua olla asennettuna palautuskonsoli ennen haittaohjelmien poistoa. Windowsin palautuskonsoli mahdollistaa käynnistyksen erityiseen palautustilaan. Palautuskonsolin kautta voimme auttaa sinua helpommin mikäli haittaohjelmien poiston yhteydessä ilmenee ongelmia.

* Seuraa ohjeita ja salli Combofixin ladata ja asentaa Microsoftin palautuskonsoli, ja kun pyydetään, hyväksy ohjelman takuuehdot asentaaksesi palautuskonsolin.

**Huomaa: Jos palautuskonsoli on jo asennettuna, Combofix jatkaa eteenpäin.

Kun Microsoftin palautuskonsoli on asennettu, sinun pitäisi nähdä seuraava viesti:

Klikkaa Kyllä jatkaaksesi skannausta.

Kun ComboFix on valmis, se luo raportin. Ole hyvä ja kopioi/liitä seuraavat raportit vastaukseesi:
C:\ComboFix.txt
Uusi HijackThis-loki

Varoitus: ÄLÄ aja ComboFixia ilman valvontaa. Se ei ole lelu ja sitä ei tule käyttää rutiininomaisesti päivittäin.

Jos tarvitset apua, katso yksityiskohtaisempi ohje:
http://www.bleepingcomputer.com/combofix/fi/combofixin-kayttoohje

.

Zippaz · Aug 27, 2009

ComboFix 09-08-26.05 - Omistaja 27.08.2009 14:20.1.2 - NTFSx86
Running from: c:\documents and settings\Omistaja\Työpöytä\ComboFix.exe
AV: Elisa Tietoturvapalvelu 8.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Elisa Tietoturvapalvelu 8.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\IEToolbar
c:\program files\Mozilla Firefox\Components\6a3817d3-300d-d725-b079-97d8a98dfe8d.dll
c:\program files\runit
c:\program files\runit\config.txt
c:\program files\runit\runit_32.exe
c:\program files\runit\runitu_32.exe
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
C:\setup.exe
c:\windows\Installer\105f1dd.msp
c:\windows\Installer\105f1de.msp
c:\windows\Installer\105f1df.msp
c:\windows\Installer\105f1e0.msp
c:\windows\Installer\105f1e1.msp
c:\windows\Installer\105f1e2.msp
c:\windows\Installer\105f1e3.msp
c:\windows\Installer\105f1e4.msp
c:\windows\Installer\105f1e5.msp
c:\windows\Installer\10e2faa.msp
c:\windows\Installer\10e2fab.msp
c:\windows\Installer\10e2fac.msp
c:\windows\Installer\10e2fad.msp
c:\windows\Installer\10e2fae.msp
c:\windows\Installer\10e2faf.msp
c:\windows\Installer\10e2fb0.msp
c:\windows\Installer\10e2fb1.msp
c:\windows\Installer\10e2fb2.msp
c:\windows\Installer\11effb.msp
c:\windows\Installer\11effc.msp
c:\windows\Installer\11effd.msp
c:\windows\Installer\11effe.msp
c:\windows\Installer\11efff.msp
c:\windows\Installer\11f000.msp
c:\windows\Installer\11f001.msp
c:\windows\Installer\11f002.msp
c:\windows\Installer\11f003.msp
c:\windows\Installer\13f80ca.msp
c:\windows\Installer\13f80cb.msp
c:\windows\Installer\13f80cc.msp
c:\windows\Installer\13f80cd.msp
c:\windows\Installer\13f80ce.msp
c:\windows\Installer\13f80cf.msp
c:\windows\Installer\13f80d0.msp
c:\windows\Installer\13f80d1.msp
c:\windows\Installer\13f80d2.msp
c:\windows\Installer\153441d.msp
c:\windows\Installer\153441e.msp
c:\windows\Installer\153441f.msp
c:\windows\Installer\1534420.msp
c:\windows\Installer\1534421.msp
c:\windows\Installer\1534422.msp
c:\windows\Installer\1534423.msp
c:\windows\Installer\1534424.msp
c:\windows\Installer\1534425.msp
c:\windows\Installer\18e8166.msp
c:\windows\Installer\18e8167.msp
c:\windows\Installer\18e8168.msp
c:\windows\Installer\18e8169.msp
c:\windows\Installer\18e816a.msp
c:\windows\Installer\18e816b.msp
c:\windows\Installer\18e816c.msp
c:\windows\Installer\18e816d.msp
c:\windows\Installer\18e816e.msp
c:\windows\Installer\19b22cc.msp
c:\windows\Installer\19b22cd.msp
c:\windows\Installer\19b22ce.msp
c:\windows\Installer\19b22cf.msp
c:\windows\Installer\19b22d0.msp
c:\windows\Installer\19b22d1.msp
c:\windows\Installer\19b22d2.msp
c:\windows\Installer\19b22d3.msp
c:\windows\Installer\19b22d4.msp
c:\windows\Installer\19caa95.msp
c:\windows\Installer\19caa96.msp
c:\windows\Installer\19caa97.msp
c:\windows\Installer\19caa98.msp
c:\windows\Installer\19caa99.msp
c:\windows\Installer\19caa9a.msp
c:\windows\Installer\19caa9b.msp
c:\windows\Installer\19caa9c.msp
c:\windows\Installer\19caa9d.msp
c:\windows\Installer\1a7552c.msp
c:\windows\Installer\1a7552d.msp
c:\windows\Installer\1a7552e.msp
c:\windows\Installer\1a7552f.msp
c:\windows\Installer\1a75530.msp
c:\windows\Installer\1a75531.msp
c:\windows\Installer\1a75532.msp
c:\windows\Installer\1a75533.msp
c:\windows\Installer\1a75534.msp
c:\windows\Installer\1af7a03.msp
c:\windows\Installer\1af7a04.msp
c:\windows\Installer\1af7a05.msp
c:\windows\Installer\1af7a06.msp
c:\windows\Installer\1af7a07.msp
c:\windows\Installer\1af7a08.msp
c:\windows\Installer\1af7a09.msp
c:\windows\Installer\1af7a0a.msp
c:\windows\Installer\1af7a0b.msp
c:\windows\Installer\1e97ebb.msp
c:\windows\Installer\1e97ebc.msp
c:\windows\Installer\1e97ebd.msp
c:\windows\Installer\1e97ebe.msp
c:\windows\Installer\1e97ebf.msp
c:\windows\Installer\1e97ec0.msp
c:\windows\Installer\1e97ec1.msp
c:\windows\Installer\1e97ec2.msp
c:\windows\Installer\1e97ec3.msp
c:\windows\Installer\2174a4e.msp
c:\windows\Installer\2174a4f.msp
c:\windows\Installer\2174a50.msp
c:\windows\Installer\2174a51.msp
c:\windows\Installer\2174a52.msp
c:\windows\Installer\2174a53.msp
c:\windows\Installer\2174a54.msp
c:\windows\Installer\2174a55.msp
c:\windows\Installer\2174a56.msp
c:\windows\Installer\229cbcb.msp
c:\windows\Installer\229cbcc.msp
c:\windows\Installer\229cbcd.msp
c:\windows\Installer\229cbce.msp
c:\windows\Installer\229cbcf.msp
c:\windows\Installer\229cbd0.msp
c:\windows\Installer\229cbd1.msp
c:\windows\Installer\229cbd2.msp
c:\windows\Installer\229cbd3.msp
c:\windows\Installer\22e83bd.msp
c:\windows\Installer\22e83be.msp
c:\windows\Installer\22e83bf.msp
c:\windows\Installer\22e83c0.msp
c:\windows\Installer\22e83c1.msp
c:\windows\Installer\22e83c2.msp
c:\windows\Installer\22e83c3.msp
c:\windows\Installer\22e83c4.msp
c:\windows\Installer\22e83c5.msp
c:\windows\Installer\24ea0fe.msp
c:\windows\Installer\24ea0ff.msp
c:\windows\Installer\24ea100.msp
c:\windows\Installer\24ea101.msp
c:\windows\Installer\24ea102.msp
c:\windows\Installer\24ea103.msp
c:\windows\Installer\24ea104.msp
c:\windows\Installer\24ea105.msp
c:\windows\Installer\24ea106.msp
c:\windows\Installer\260bdd5.msp
c:\windows\Installer\260bdd6.msp
c:\windows\Installer\260bdd7.msp
c:\windows\Installer\260bdd8.msp
c:\windows\Installer\260bdd9.msp
c:\windows\Installer\260bdda.msp
c:\windows\Installer\260bddb.msp
c:\windows\Installer\260bddc.msp
c:\windows\Installer\260bddd.msp
c:\windows\Installer\27239f8.msp
c:\windows\Installer\27239f9.msp
c:\windows\Installer\27239fa.msp
c:\windows\Installer\27239fb.msp
c:\windows\Installer\27239fc.msp
c:\windows\Installer\27239fd.msp
c:\windows\Installer\27239fe.msp
c:\windows\Installer\27239ff.msp
c:\windows\Installer\2723a00.msp
c:\windows\Installer\2869c.msp
c:\windows\Installer\2869d.msp
c:\windows\Installer\2869e.msp
c:\windows\Installer\2869f.msp
c:\windows\Installer\286a0.msp
c:\windows\Installer\286a1.msp
c:\windows\Installer\286a2.msp
c:\windows\Installer\286a3.msp
c:\windows\Installer\286a4.msp
c:\windows\Installer\286ea.msp
c:\windows\Installer\286eb.msp
c:\windows\Installer\286ec.msp
c:\windows\Installer\286ed.msp
c:\windows\Installer\286ee.msp
c:\windows\Installer\286ef.msp
c:\windows\Installer\286f0.msp
c:\windows\Installer\286f1.msp
c:\windows\Installer\286f2.msp
c:\windows\Installer\29502.msi
c:\windows\Installer\29503.msp
c:\windows\Installer\29504.msp
c:\windows\Installer\29505.msp
c:\windows\Installer\29506.msp
c:\windows\Installer\29507.msp
c:\windows\Installer\29508.msp
c:\windows\Installer\29509.msp
c:\windows\Installer\2950a.msp
c:\windows\Installer\2950b.msp
c:\windows\Installer\297ff28.msp
c:\windows\Installer\297ff29.msp
c:\windows\Installer\297ff2a.msp
c:\windows\Installer\297ff2b.msp
c:\windows\Installer\297ff2c.msp
c:\windows\Installer\297ff2d.msp
c:\windows\Installer\297ff2e.msp
c:\windows\Installer\297ff2f.msp
c:\windows\Installer\297ff30.msp
c:\windows\Installer\29ab688.msp
c:\windows\Installer\29ab689.msp
c:\windows\Installer\29ab68a.msp
c:\windows\Installer\29ab68b.msp
c:\windows\Installer\29ab68c.msp
c:\windows\Installer\29ab68d.msp
c:\windows\Installer\29ab68e.msp
c:\windows\Installer\29ab68f.msp
c:\windows\Installer\29ab690.msp
c:\windows\Installer\2a186.msp
c:\windows\Installer\2a187.msp
c:\windows\Installer\2a188.msp
c:\windows\Installer\2a189.msp
c:\windows\Installer\2a18a.msp
c:\windows\Installer\2a18b.msp
c:\windows\Installer\2a18c.msp
c:\windows\Installer\2a18d.msp
c:\windows\Installer\2a18e.msp
c:\windows\Installer\2b32eef.msp
c:\windows\Installer\2b32ef0.msp
c:\windows\Installer\2b32ef1.msp
c:\windows\Installer\2b32ef2.msp
c:\windows\Installer\2b32ef3.msp
c:\windows\Installer\2b32ef4.msp
c:\windows\Installer\2b32ef5.msp
c:\windows\Installer\2b32ef6.msp
c:\windows\Installer\2b32ef7.msp
c:\windows\Installer\2b7ab50.msp
c:\windows\Installer\2b7ab51.msp
c:\windows\Installer\2b7ab52.msp
c:\windows\Installer\2b7ab53.msp
c:\windows\Installer\2b7ab54.msp
c:\windows\Installer\2b7ab55.msp
c:\windows\Installer\2b7ab56.msp
c:\windows\Installer\2b7ab57.msp
c:\windows\Installer\2b7ab58.msp
c:\windows\Installer\2b81c.msp
c:\windows\Installer\2b81d.msp
c:\windows\Installer\2b81e.msp
c:\windows\Installer\2b81f.msp
c:\windows\Installer\2b820.msp
c:\windows\Installer\2b821.msp
c:\windows\Installer\2b822.msp
c:\windows\Installer\2b823.msp
c:\windows\Installer\2b824.msp
c:\windows\Installer\2ba3815.msp
c:\windows\Installer\2ba3816.msp
c:\windows\Installer\2ba3817.msp
c:\windows\Installer\2ba3818.msp
c:\windows\Installer\2ba3819.msp
c:\windows\Installer\2ba381a.msp
c:\windows\Installer\2ba381b.msp
c:\windows\Installer\2ba381c.msp
c:\windows\Installer\2ba381d.msp
c:\windows\Installer\2bf1d03.msp
c:\windows\Installer\2bf1d04.msp
c:\windows\Installer\2bf1d05.msp
c:\windows\Installer\2bf1d06.msp
c:\windows\Installer\2bf1d07.msp
c:\windows\Installer\2bf1d08.msp
c:\windows\Installer\2bf1d09.msp
c:\windows\Installer\2bf1d0a.msp
c:\windows\Installer\2bf1d0b.msp
c:\windows\Installer\2cb65.msp
c:\windows\Installer\2cb66.msp
c:\windows\Installer\2cb67.msp
c:\windows\Installer\2cb68.msp
c:\windows\Installer\2cb69.msp
c:\windows\Installer\2cb6a.msp
c:\windows\Installer\2cb6b.msp
c:\windows\Installer\2cb6c.msp
c:\windows\Installer\2cb6d.msp
c:\windows\Installer\2d32157.msp
c:\windows\Installer\2d32158.msp
c:\windows\Installer\2d32159.msp
c:\windows\Installer\2d3215a.msp
c:\windows\Installer\2d3215b.msp
c:\windows\Installer\2d3215c.msp
c:\windows\Installer\2d3215d.msp
c:\windows\Installer\2d3215e.msp
c:\windows\Installer\2d3215f.msp
c:\windows\Installer\2ddc4.msp
c:\windows\Installer\2ddc5.msp
c:\windows\Installer\2ddc6.msp
c:\windows\Installer\2ddc7.msp
c:\windows\Installer\2ddc8.msp
c:\windows\Installer\2ddc9.msp
c:\windows\Installer\2ddca.msp
c:\windows\Installer\2ddcb.msp
c:\windows\Installer\2ddcc.msp
c:\windows\Installer\2de2d48.msp
c:\windows\Installer\2de2d49.msp
c:\windows\Installer\2de2d4a.msp
c:\windows\Installer\2de2d4b.msp
c:\windows\Installer\2de2d4c.msp
c:\windows\Installer\2de2d4d.msp
c:\windows\Installer\2de2d4e.msp
c:\windows\Installer\2de2d4f.msp
c:\windows\Installer\2de2d50.msp
c:\windows\Installer\2e3b0.msp
c:\windows\Installer\2e3b1.msp
c:\windows\Installer\2e3b2.msp
c:\windows\Installer\2e3b3.msp
c:\windows\Installer\2e3b4.msp
c:\windows\Installer\2e3b5.msp
c:\windows\Installer\2e3b6.msp
c:\windows\Installer\2e3b7.msp
c:\windows\Installer\2e3b8.msp
c:\windows\Installer\2e4131c.msp
c:\windows\Installer\2e4131d.msp
c:\windows\Installer\2e4131e.msp
c:\windows\Installer\2e4131f.msp
c:\windows\Installer\2e41320.msp
c:\windows\Installer\2e41321.msp
c:\windows\Installer\2e41322.msp
c:\windows\Installer\2e41323.msp
c:\windows\Installer\2e41324.msp
c:\windows\Installer\2e4b613.msp
c:\windows\Installer\2e4b614.msp
c:\windows\Installer\2e4b615.msp
c:\windows\Installer\2e4b616.msp
c:\windows\Installer\2e4b617.msp
c:\windows\Installer\2e4b618.msp
c:\windows\Installer\2e4b619.msp
c:\windows\Installer\2e4b61a.msp
c:\windows\Installer\2e4b61b.msp
c:\windows\Installer\2e763fc.msp
c:\windows\Installer\2e763fd.msp
c:\windows\Installer\2e763fe.msp
c:\windows\Installer\2e763ff.msp
c:\windows\Installer\2e76400.msp
c:\windows\Installer\2e76401.msp
c:\windows\Installer\2e76402.msp
c:\windows\Installer\2e76403.msp
c:\windows\Installer\2e76404.msp
c:\windows\Installer\2e8d0fa.msp
c:\windows\Installer\2e8d0fb.msp
c:\windows\Installer\2e8d0fc.msp
c:\windows\Installer\2e8d0fd.msp
c:\windows\Installer\2e8d0fe.msp
c:\windows\Installer\2e8d0ff.msp
c:\windows\Installer\2e8d100.msp
c:\windows\Installer\2e8d101.msp
c:\windows\Installer\2e8d102.msp
c:\windows\Installer\2e8d8ca.msp
c:\windows\Installer\2e8d8cb.msp
c:\windows\Installer\2e8d8cc.msp
c:\windows\Installer\2e8d8cd.msp
c:\windows\Installer\2e8d8ce.msp
c:\windows\Installer\2e8d8cf.msp
c:\windows\Installer\2e8d8d0.msp
c:\windows\Installer\2e8d8d1.msp
c:\windows\Installer\2e8d8d2.msp
c:\windows\Installer\2ecee52.msp
c:\windows\Installer\2ecee53.msp
c:\windows\Installer\2ecee54.msp
c:\windows\Installer\2ecee55.msp
c:\windows\Installer\2ecee56.msp
c:\windows\Installer\2ecee57.msp
c:\windows\Installer\2ecee58.msp
c:\windows\Installer\2ecee59.msp
c:\windows\Installer\2ecee5a.msp
c:\windows\Installer\2f22642.msp
c:\windows\Installer\2f22643.msp
c:\windows\Installer\2f22644.msp
c:\windows\Installer\2f22645.msp
c:\windows\Installer\2f22646.msp
c:\windows\Installer\2f22647.msp
c:\windows\Installer\2f22648.msp
c:\windows\Installer\2f22649.msp
c:\windows\Installer\2f2264a.msp
c:\windows\Installer\31318d4.msp
c:\windows\Installer\31318d5.msp
c:\windows\Installer\31318d6.msp
c:\windows\Installer\31318d7.msp
c:\windows\Installer\31318d8.msp
c:\windows\Installer\31318d9.msp
c:\windows\Installer\31318da.msp
c:\windows\Installer\31318db.msp
c:\windows\Installer\31318dc.msp
c:\windows\Installer\331ff.msp
c:\windows\Installer\33200.msp
c:\windows\Installer\33201.msp
c:\windows\Installer\33202.msp
c:\windows\Installer\33203.msp
c:\windows\Installer\33204.msp
c:\windows\Installer\33205.msp
c:\windows\Installer\33206.msp
c:\windows\Installer\33207.msp
c:\windows\Installer\364b009.msp
c:\windows\Installer\364b00a.msp
c:\windows\Installer\364b00b.msp
c:\windows\Installer\364b00c.msp
c:\windows\Installer\364b00d.msp
c:\windows\Installer\364b00e.msp
c:\windows\Installer\364b00f.msp
c:\windows\Installer\364b010.msp
c:\windows\Installer\364b011.msp
c:\windows\Installer\399e1.msp
c:\windows\Installer\399e2.msp
c:\windows\Installer\399e3.msp
c:\windows\Installer\399e4.msp
c:\windows\Installer\399e5.msp
c:\windows\Installer\399e6.msp
c:\windows\Installer\399e7.msp
c:\windows\Installer\399e8.msp
c:\windows\Installer\399e9.msp
c:\windows\Installer\3c7be02.msp
c:\windows\Installer\3c7be03.msp
c:\windows\Installer\3c7be04.msp
c:\windows\Installer\3c7be05.msp
c:\windows\Installer\3c7be06.msp
c:\windows\Installer\3c7be07.msp
c:\windows\Installer\3c7be08.msp
c:\windows\Installer\3c7be09.msp
c:\windows\Installer\3c7be0a.msp
c:\windows\Installer\4348721.msp
c:\windows\Installer\4348722.msp
c:\windows\Installer\4348723.msp
c:\windows\Installer\4348724.msp
c:\windows\Installer\4348725.msp
c:\windows\Installer\4348726.msp
c:\windows\Installer\4348727.msp
c:\windows\Installer\4348728.msp
c:\windows\Installer\4348729.msp
c:\windows\Installer\44572.msp
c:\windows\Installer\44573.msp
c:\windows\Installer\44574.msp
c:\windows\Installer\44575.msp
c:\windows\Installer\44576.msp
c:\windows\Installer\44577.msp
c:\windows\Installer\44578.msp
c:\windows\Installer\44579.msp
c:\windows\Installer\4457a.msp
c:\windows\Installer\4602e.msp
c:\windows\Installer\4602f.msp
c:\windows\Installer\46030.msp
c:\windows\Installer\46031.msp
c:\windows\Installer\46032.msp
c:\windows\Installer\46033.msp
c:\windows\Installer\46034.msp
c:\windows\Installer\46035.msp
c:\windows\Installer\46036.msp
c:\windows\Installer\4aa949.msp
c:\windows\Installer\4aa94a.msp
c:\windows\Installer\4aa94b.msp
c:\windows\Installer\4aa94c.msp
c:\windows\Installer\4aa94d.msp
c:\windows\Installer\4aa94e.msp
c:\windows\Installer\4aa94f.msp
c:\windows\Installer\4aa950.msp
c:\windows\Installer\4aa951.msp
c:\windows\Installer\4ccb3.msp
c:\windows\Installer\4ccb4.msp
c:\windows\Installer\4ccb5.msp
c:\windows\Installer\4ccb6.msp
c:\windows\Installer\4ccb7.msp
c:\windows\Installer\4ccb8.msp
c:\windows\Installer\4ccb9.msp
c:\windows\Installer\4ccba.msp
c:\windows\Installer\4ccbb.msp
c:\windows\Installer\4e2fffc.msp
c:\windows\Installer\4e2fffd.msp
c:\windows\Installer\4e2fffe.msp
c:\windows\Installer\4e2ffff.msp
c:\windows\Installer\4e30000.msp
c:\windows\Installer\4e30001.msp
c:\windows\Installer\4e30002.msp
c:\windows\Installer\4e30003.msp
c:\windows\Installer\4e30004.msp
c:\windows\Installer\5236b2.msp
c:\windows\Installer\5236b3.msp
c:\windows\Installer\5236b4.msp
c:\windows\Installer\5236b5.msp
c:\windows\Installer\5236b6.msp
c:\windows\Installer\5236b7.msp
c:\windows\Installer\5236b8.msp
c:\windows\Installer\5236b9.msp
c:\windows\Installer\5236ba.msp
c:\windows\Installer\57bc74.msp
c:\windows\Installer\57bc75.msp
c:\windows\Installer\57bc76.msp
c:\windows\Installer\57bc77.msp
c:\windows\Installer\57bc78.msp
c:\windows\Installer\57bc79.msp
c:\windows\Installer\57bc7a.msp
c:\windows\Installer\57bc7b.msp
c:\windows\Installer\57bc7c.msp
c:\windows\Installer\57eec.msp
c:\windows\Installer\57eed.msp
c:\windows\Installer\57eee.msp
c:\windows\Installer\57eef.msp
c:\windows\Installer\57ef0.msp
c:\windows\Installer\57ef1.msp
c:\windows\Installer\57ef2.msp
c:\windows\Installer\57ef3.msp
c:\windows\Installer\57ef4.msp
c:\windows\Installer\584a9a.msp
c:\windows\Installer\584a9b.msp
c:\windows\Installer\584a9c.msp
c:\windows\Installer\584a9d.msp
c:\windows\Installer\584a9e.msp
c:\windows\Installer\584a9f.msp
c:\windows\Installer\584aa0.msp
c:\windows\Installer\584aa1.msp
c:\windows\Installer\584aa2.msp
c:\windows\Installer\61291.msp
c:\windows\Installer\61292.msp
c:\windows\Installer\61293.msp
c:\windows\Installer\61294.msp
c:\windows\Installer\61295.msp
c:\windows\Installer\61296.msp
c:\windows\Installer\61297.msp
c:\windows\Installer\61298.msp
c:\windows\Installer\61299.msp
c:\windows\Installer\627ec9.msp
c:\windows\Installer\627eca.msp
c:\windows\Installer\627ecb.msp
c:\windows\Installer\627ecc.msp
c:\windows\Installer\627ecd.msp
c:\windows\Installer\627ece.msp
c:\windows\Installer\627ecf.msp
c:\windows\Installer\627ed0.msp
c:\windows\Installer\627ed1.msp
c:\windows\Installer\6cb14.msp
c:\windows\Installer\6cb15.msp
c:\windows\Installer\6cb16.msp
c:\windows\Installer\6cb17.msp
c:\windows\Installer\6cb18.msp
c:\windows\Installer\6cb19.msp
c:\windows\Installer\6cb1a.msp
c:\windows\Installer\6cb1b.msp
c:\windows\Installer\6cb1c.msp
c:\windows\Installer\725c61f.msp
c:\windows\Installer\725c620.msp
c:\windows\Installer\725c621.msp
c:\windows\Installer\725c622.msp
c:\windows\Installer\725c623.msp
c:\windows\Installer\725c624.msp
c:\windows\Installer\725c625.msp
c:\windows\Installer\725c626.msp
c:\windows\Installer\725c627.msp
c:\windows\Installer\77e85.msp
c:\windows\Installer\77e86.msp
c:\windows\Installer\77e87.msp
c:\windows\Installer\77e88.msp
c:\windows\Installer\77e89.msp
c:\windows\Installer\77e8a.msp
c:\windows\Installer\77e8b.msp
c:\windows\Installer\77e8c.msp
c:\windows\Installer\77e8d.msp
c:\windows\Installer\78b465.msp
c:\windows\Installer\78b466.msp
c:\windows\Installer\78b467.msp
c:\windows\Installer\78b468.msp
c:\windows\Installer\78b469.msp
c:\windows\Installer\78b46a.msp
c:\windows\Installer\78b46b.msp
c:\windows\Installer\78b46c.msp
c:\windows\Installer\78b46d.msp
c:\windows\Installer\80152.msp
c:\windows\Installer\80153.msp
c:\windows\Installer\80154.msp
c:\windows\Installer\80155.msp
c:\windows\Installer\80156.msp
c:\windows\Installer\80157.msp
c:\windows\Installer\80158.msp
c:\windows\Installer\80159.msp
c:\windows\Installer\8015a.msp
c:\windows\Installer\8b03d5.msp
c:\windows\Installer\8b03d6.msp
c:\windows\Installer\8b03d7.msp
c:\windows\Installer\8b03d8.msp
c:\windows\Installer\8b03d9.msp
c:\windows\Installer\8b03da.msp
c:\windows\Installer\8b03db.msp
c:\windows\Installer\8b03dc.msp
c:\windows\Installer\8b03dd.msp
c:\windows\Installer\a75b5e.msp
c:\windows\Installer\a75b5f.msp
c:\windows\Installer\a75b60.msp
c:\windows\Installer\a75b61.msp
c:\windows\Installer\a75b62.msp
c:\windows\Installer\a75b63.msp
c:\windows\Installer\a75b64.msp
c:\windows\Installer\a75b65.msp
c:\windows\Installer\a75b66.msp
c:\windows\Installer\b139f0.msp
c:\windows\Installer\b139f1.msp
c:\windows\Installer\b139f2.msp
c:\windows\Installer\b139f3.msp
c:\windows\Installer\b139f4.msp
c:\windows\Installer\b139f5.msp
c:\windows\Installer\b139f6.msp
c:\windows\Installer\b139f7.msp
c:\windows\Installer\b139f8.msp
c:\windows\Installer\b16e2f.msp
c:\windows\Installer\b16e30.msp
c:\windows\Installer\b16e31.msp
c:\windows\Installer\b16e32.msp
c:\windows\Installer\b16e33.msp
c:\windows\Installer\b16e34.msp
c:\windows\Installer\b16e35.msp
c:\windows\Installer\b16e36.msp
c:\windows\Installer\b16e37.msp
c:\windows\Installer\b72b72b.msi
c:\windows\Installer\b759de.msp
c:\windows\Installer\b759df.msp
c:\windows\Installer\b759e0.msp
c:\windows\Installer\b759e1.msp
c:\windows\Installer\b759e2.msp
c:\windows\Installer\b759e3.msp
c:\windows\Installer\b759e4.msp
c:\windows\Installer\b759e5.msp
c:\windows\Installer\b759e6.msp
c:\windows\Installer\b8151.msp
c:\windows\Installer\b8152.msp
c:\windows\Installer\b8153.msp
c:\windows\Installer\b8154.msp
c:\windows\Installer\b8155.msp
c:\windows\Installer\b8156.msp
c:\windows\Installer\b8157.msp
c:\windows\Installer\b8158.msp
c:\windows\Installer\b8159.msp
c:\windows\Installer\be78fd.msp
c:\windows\Installer\be78fe.msp
c:\windows\Installer\be78ff.msp
c:\windows\Installer\be7900.msp
c:\windows\Installer\be7901.msp
c:\windows\Installer\be7902.msp
c:\windows\Installer\be7903.msp
c:\windows\Installer\be7904.msp
c:\windows\Installer\be7905.msp
c:\windows\Installer\d13754.msp
c:\windows\Installer\d13755.msp
c:\windows\Installer\d13756.msp
c:\windows\Installer\d13757.msp
c:\windows\Installer\d13758.msp
c:\windows\Installer\d13759.msp
c:\windows\Installer\d1375a.msp
c:\windows\Installer\d1375b.msp
c:\windows\Installer\d1375c.msp
c:\windows\Installer\d35591.msp
c:\windows\Installer\d35592.msp
c:\windows\Installer\d35593.msp
c:\windows\Installer\d35594.msp
c:\windows\Installer\d35595.msp
c:\windows\Installer\d35596.msp
c:\windows\Installer\d35597.msp
c:\windows\Installer\d35598.msp
c:\windows\Installer\d35599.msp
c:\windows\Installer\df734f.msp
c:\windows\Installer\df7350.msp
c:\windows\Installer\df7351.msp
c:\windows\Installer\df7352.msp
c:\windows\Installer\df7353.msp
c:\windows\Installer\df7354.msp
c:\windows\Installer\df7355.msp
c:\windows\Installer\df7356.msp
c:\windows\Installer\df7357.msp
c:\windows\Installer\f6d8ef.msp
c:\windows\Installer\f6d8f0.msp
c:\windows\Installer\f6d8f1.msp
c:\windows\Installer\f6d8f2.msp
c:\windows\Installer\f6d8f3.msp
c:\windows\Installer\f6d8f4.msp
c:\windows\Installer\f6d8f5.msp
c:\windows\Installer\f6d8f6.msp
c:\windows\Installer\f6d8f7.msp
c:\windows\Installer\fc8a16.msp
c:\windows\Installer\fc8a17.msp
c:\windows\Installer\fc8a18.msp
c:\windows\Installer\fc8a19.msp
c:\windows\Installer\fc8a1a.msp
c:\windows\Installer\fc8a1b.msp
c:\windows\Installer\fc8a1c.msp
c:\windows\Installer\fc8a1d.msp
c:\windows\Installer\fc8a1e.msp
c:\windows\ofjji1016.exe
c:\windows\system32\12520437c.exe
c:\windows\system32\153684380.dat
c:\windows\system32\a22e724a-77ac-1a46-233b-7453fc1fd3b4.exe
c:\windows\system32\a99k.bin
c:\windows\system32\drivers\geyekrtxjbvmtv.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\ealregsnapshot1.reg
c:\windows\system32\fpimatemqq.exe
c:\windows\system32\geyekregaoyrsn.dll
c:\windows\system32\geyekrlrjkylkm.dll
c:\windows\system32\geyekrpsbabont.dat
c:\windows\system32\geyekrtyqilmlr.dat
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\sdra64.exe
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_geyekroqxmuydo
-------\Legacy_geyekroqxmuydo
-------\Legacy_CLR_OPTIMIZATION_V2.0.50727_32WUDFSVC
-------\Legacy_NPF
-------\Service_clr_optimization_v2.0.50727_32WudfSvc
-------\Service_npf

((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
.

2009-08-27 07:57 . 2009-08-27 07:57 -------- d-----w- c:\program files\CCleaner
2009-08-27 07:38 . 2009-08-27 07:38 -------- d-----w- c:\program files\Trend Micro
2009-08-26 16:31 . 2009-08-26 16:31 -------- d-----w- c:\documents and settings\Omistaja\Application Data\Media Player Classic
2009-08-26 16:28 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-08-26 16:28 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-08-26 16:28 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-08-26 16:28 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-08-26 16:28 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-08-26 16:28 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll
2009-08-26 16:28 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-08-26 16:28 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-08-26 16:28 . 2009-08-26 16:30 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-08-26 15:16 . 2009-08-26 15:16 -------- d-----r- c:\documents and settings\LocalService\Suosikit
2009-08-26 04:27 . 2009-08-26 04:27 -------- d-----w- c:\program files\uTorrent
2009-08-26 04:26 . 2009-08-27 03:25 -------- d-----w- c:\documents and settings\Omistaja\Application Data\uTorrent
2009-08-24 03:47 . 2009-08-24 03:47 -------- d-----w- c:\documents and settings\Omistaja\Local Settings\Application Data\Lucasarts
2009-08-23 16:24 . 2009-08-26 16:41 -------- d-----w- c:\documents and settings\Omistaja\Application Data\DAEMON Tools
2009-08-23 06:44 . 2009-08-23 06:45 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-08-23 06:41 . 2009-08-23 06:41 715248 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-21 20:03 . 2009-08-21 20:03 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-21 20:03 . 2009-08-21 20:03 -------- d-----w- c:\program files\MSBuild
2009-08-21 20:02 . 2009-08-21 20:02 -------- d-----w- c:\program files\Reference Assemblies
2009-08-21 20:02 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-21 20:02 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-21 20:02 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-21 20:02 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-21 20:02 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-21 20:02 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-21 20:02 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-20 04:11 . 2009-08-20 04:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-20 04:11 . 2009-08-20 04:11 152576 ----a-w- c:\documents and settings\Omistaja\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-17 14:34 . 2009-08-17 14:34 13312 --sha-w- c:\windows\system32\activedsi.dll
2009-08-15 11:55 . 2009-08-15 11:55 13312 --sha-w- c:\windows\system32\1025op.dll
2009-08-13 19:13 . 2009-08-21 17:38 -------- d-----w- c:\documents and settings\Omistaja\Application Data\SPORE
2009-08-13 14:54 . 2009-08-13 14:54 47978 ----a-w- c:\windows\system32\1054e.sys
2009-08-12 15:57 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-06 19:03 . 2009-08-07 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-06 17:12 . 2009-08-07 07:40 -------- d-----w- c:\program files\NOS
2009-08-06 16:22 . 2009-08-23 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-08-06 16:04 . 2009-08-06 16:04 4096 ----a-w- c:\windows\system32\drivers\nocashio.sys
2009-08-06 14:12 . 2009-08-06 14:12 -------- d-----w- c:\documents and settings\Omistaja\Application Data\Activision
2009-08-06 10:32 . 2009-08-06 10:32 -------- d-----w- c:\documents and settings\Omistaja\Local Settings\Application Data\Microsoft Game Studios
2009-08-06 10:32 . 2009-08-06 10:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Games
2009-08-06 10:32 . 2007-04-04 15:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-08-06 10:32 . 2006-09-28 13:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-08-06 10:03 . 2009-08-06 10:03 -------- d-----w- C:\ProgramData
2009-08-06 10:02 . 2009-08-06 10:02 -------- d-----w- c:\documents and settings\Omistaja\Local Settings\Application Data\Downloaded Installations
2009-08-06 09:58 . 2009-08-06 13:59 -------- d-----w- c:\program files\PowerISO
2009-08-05 20:00 . 2009-08-05 20:00 -------- d-----w- c:\documents and settings\Omistaja\Application Data\DAEMON Tools Lite
2009-08-02 09:01 . 2009-08-02 09:01 -------- d-----w- c:\program files\Smart Projects
2009-07-31 13:58 . 2009-07-31 13:58 -------- d-----w- c:\program files\GameSpy Arcade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 10:31 . 2008-09-03 09:52 -------- d-----w- c:\program files\Spyware Doctor
2009-08-27 08:03 . 2008-09-03 09:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-27 08:02 . 2008-08-29 12:19 -------- d-----w- c:\program files\Norton Security Scan
2009-08-27 07:59 . 2006-11-08 13:40 19768 ----a-w- c:\documents and settings\Omistaja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-27 04:31 . 2006-10-16 11:27 -------- d-----w- c:\program files\Elisa Tietoturvapalvelu
2009-08-26 04:24 . 2008-04-14 18:23 -------- d-----w- c:\documents and settings\Omistaja\Application Data\LimeWire
2009-08-24 03:42 . 2006-10-11 10:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-23 07:35 . 2006-12-29 21:29 -------- d-----w- c:\program files\Electronic Arts
2009-08-21 20:07 . 2006-03-02 12:00 454470 ----a-w- c:\windows\system32\perfh00B.dat
2009-08-21 20:07 . 2006-03-02 12:00 104020 ----a-w- c:\windows\system32\perfc00B.dat
2009-08-20 04:11 . 2006-10-11 11:15 -------- d-----w- c:\program files\Java
2009-08-18 04:13 . 2006-10-16 18:18 -------- d-----w- c:\program files\Microsoft Games
2009-08-13 18:53 . 2006-10-11 11:21 -------- d-----w- c:\documents and settings\Omistaja\Application Data\OpenOffice.org2
2009-08-07 20:17 . 2009-07-18 21:31 -------- d-----w- c:\program files\Counter-Strike 1.6 V40
2009-08-05 17:13 . 2008-04-20 14:55 -------- d-----w- c:\program files\LimeWire
2009-08-05 09:00 . 2006-03-02 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-23 17:29 . 2009-07-23 17:29 -------- d-----w- c:\documents and settings\Omistaja\Application Data\Atari
2009-07-23 17:24 . 2009-07-23 17:24 -------- d-----w- c:\documents and settings\Omistaja\Application Data\Leadertech
2009-07-23 17:24 . 2009-07-23 17:24 -------- d-----w- c:\program files\Common Files\PocketSoft
2009-07-23 17:22 . 2009-07-23 17:22 -------- d-----w- c:\program files\Atari
2009-07-18 21:07 . 2009-07-18 21:04 375486377 ----a-w- C:\CS16_full-V40_DiGiTALZONE.exe
2009-07-17 19:02 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 20:43 . 2006-03-02 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 19:14 . 2006-11-27 12:26 -------- d-----w- c:\program files\World of Warcraft
2009-07-08 09:10 . 2009-01-30 11:39 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-07-02 12:52 . 2009-07-02 12:52 1339392 ----a-w- c:\windows\system32\nscB1.dll
2009-06-29 15:59 . 2006-03-02 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:59 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:59 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-28 12:22 . 2009-06-28 12:12 -------- d-----w- c:\documents and settings\Omistaja\Application Data\My Battle for Middle-earth(tm) II Files
2009-06-25 08:26 . 2006-03-02 12:00 730624 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2006-03-02 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2006-03-02 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2006-03-02 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2006-03-02 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2006-03-02 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2006-03-02 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:39 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:39 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:44 . 2006-03-02 12:00 76800 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:15 . 2006-03-02 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:21 . 2006-10-11 09:41 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2006-03-02 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2006-03-02 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 16:34 . 2009-06-03 16:34 716800 ----a-w- c:\windows\iun6002ev.exe
2009-06-02 09:26 . 2009-06-02 09:26 13316052 ----a-w- C:\lf2_v19c_Setup.exe
2009-06-01 19:41 . 2008-08-15 09:37 34 ----a-w- c:\documents and settings\Omistaja\jagex_runescape_preferences.dat
2009-05-31 21:38 . 2009-05-31 21:38 5793 ----a-w- C:\paavo.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8623e086-2cc1-5e4b-4d72-3b674ebde885}]
2009-07-02 12:52 1339392 ----a-w- c:\windows\system32\nscB1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-13 7557120]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-02-13 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-20 149280]
"F-Secure Manager"="c:\program files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"News Service"="c:\program files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe" [2005-05-31 356352]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-05-30 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-02-13 1519616]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
runit_32.lnk - c:\qoobox\Quarantine\C\Program Files\runit\runit_32.exe.vir [2009-1-13 24576]

c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BTTray.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2003-9-16 499779]
Microsoft Office Pikahaku.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-9-22 111376]
Officen k„ynnistys.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-9-22 51984]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\DigitalJesters\\Savage\\silverback.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [30.1.2009 14:39 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [16.10.2006 14:30 79872]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Elisa Tietoturvapalvelu\HIPS\drivers\fshs.sys [30.1.2009 14:39 67808]
R2 GoogleUpdateBeta;Google Update Service;c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdateBeta.exe [17.8.2009 18:23 49152]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsgk.sys [22.11.2006 19:18 100472]
R3 V0330VID;WebCam Vista;c:\windows\system32\drivers\V0330Vid.sys [16.4.2007 15:37 173632]
S2 AlerterAlerterAlerterAlerterALG;Hälytys AlerterAlerterAlerterAlerterALG;c:\windows\TEMP\vtrntkvoie.exe service --> c:\windows\TEMP\vtrntkvoie.exe service [?]
S2 AlerterAlerterAlerterALG;Hälytys AlerterAlerterAlerterALG;c:\windows\TEMP\oyeixyncsf.exe service --> c:\windows\TEMP\oyeixyncsf.exe service [?]
S2 AlerterAlerterALG;Hälytys AlerterAlerterALG;c:\windows\TEMP\srdbwutsqe.exe service --> c:\windows\TEMP\srdbwutsqe.exe service [?]
S2 AlerterALG;Hälytys AlerterALG;c:\windows\TEMP\unbdievmew.exe service --> c:\windows\TEMP\unbdievmew.exe service [?]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Elisa Tietoturvapalvelu\ORSP Client\fsorsp.exe [30.1.2009 14:39 55904]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Elisa Tietoturvapalvelu\Anti-Virus\win2k\fsfilter.sys [16.10.2006 14:30 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Elisa Tietoturvapalvelu\Anti-Virus\win2k\fsrec.sys [16.10.2006 14:30 25184]
.
Contents of the 'Scheduled Tasks' folder

2009-08-27 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\ELISAT~1\ANTI-V~1\fsav.exe [2006-10-16 13:57]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-rgadtm - rgadtm.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fi/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Send To &Bluetooth - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\program files\Elisa Tietoturvapalvelu\FSPS\program\FSLSP.DLL
DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} - hxxp://www.superstarracing.net/ChatRepublicPlayer.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\on8grpxw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.blackle.com
FF - prefs.js: keyword.URL -

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-27 14:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1788223648-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:28,4c,4f,3c,4c,3e,5a,87,1b,b0,aa,d5,99,03,6a,7a,a8,ad,3b,c0,10,
5e,16,48,99,90,40,ab,83,c5,d3,45,a0,7b,9e,42,1b,6e,51,a0,7d,9b,8c,c2,04,54,\
"rkeysecu"=hex:61,a5,cb,78,48,c3,3f,f8,74,78,ae,36,54,4d,17,89

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\�•€|ÿÿÿÿ"•€|þ»Ów*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(812)
c:\program files\Elisa Tietoturvapalvelu\FSPS\program\FSLSP.DLL

- - - - - - - > 'explorer.exe'(2760)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ATKKBService.exe
c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe
c:\program files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
c:\program files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
c:\program files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Elisa Tietoturvapalvelu\Common\FSLAUNCHER0.EXE
.
**************************************************************************
.
Completion time: 2009-08-27 14:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-27 11:42

Pre-Run: 8 348 655 616 tavua vapaana
Post-Run: 8 620 933 120 tavua vapaana

978 --- E O F --- 2009-08-27 00:00

ja tässä hjt-loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:46:37, on 27.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdateBeta.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSLAUNCHER0.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: precisead - {8623e086-2cc1-5e4b-4d72-3b674ebde885} - C:\WINDOWS\system32\nscB1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: runit_32.lnk = C:\Qoobox\Quarantine\C\Program Files\runit\runit_32.exe.vir
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Officen käynnistys.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} (ChatRepublicPlayer ActiveX) - http://www.superstarracing.net/ChatRepublicPlayer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Hälytys AlerterAlerterAlerterAlerterALG (AlerterAlerterAlerterAlerterALG) - Unknown owner - C:\WINDOWS\TEMP\vtrntkvoie.exe (file missing)
O23 - Service: Hälytys AlerterAlerterAlerterALG (AlerterAlerterAlerterALG) - Unknown owner - C:\WINDOWS\TEMP\oyeixyncsf.exe (file missing)
O23 - Service: Hälytys AlerterAlerterALG (AlerterAlerterALG) - Unknown owner - C:\WINDOWS\TEMP\srdbwutsqe.exe (file missing)
O23 - Service: Hälytys AlerterALG (AlerterALG) - Unknown owner - C:\WINDOWS\TEMP\unbdievmew.exe (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (GoogleUpdateBeta) - Google Corporation - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdateBeta.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://www.finalfantasyworld.co.uk/khextreme/kh2/images/artwork/KH2_Artwork_Anti_Sora.jpg

--
End of file - 7520 bytes

kalminen · Aug 27, 2009

Reippaasti oli ja vielä jäi !!!

Onko tämä jotain tärkeää ????
Hälytys AlerterAlerterAlerterAlerterALG (AlerterAlerterAlerterAlerterALG)

-------------------------------------------------------------------------------------

* Lataa OTM by OldTimer.
* Tallenna se työpöydällesi.
* Tuplaklikkaa OTM.exe käynnistääksesi sen.
* Kopioi (CTRL+C) alla olevasta laatikosta kaikki teksti.
Code:
:files
C:\WINDOWS\system32\nscB1.dll
:commands 
[emptytemp] 
* Palaa takaisin OtmoveIt3, paina oikeanpuoleista hiiren nappia Paste Instructions for Items to be Move-ikkunassa (Keltaisen palkin alla) ja paina Liitä.
* Paina punaista MoveIt! -nappia.
* Kopioi (CTRL+C) ja liitä (CTRL+V) Results-ikkunaan (Vihreän palkin alla) tullut teksti seuraavaan viestiisi.
* Sulje OTM.

Jos jotain tiedostoa/kansiota ei voitu siirtää heti, ohjelma ehdottaa koneen uudelleenkäynnistystä. Vastaa ehdotukseen Yes, jolloin OtMoveIt käynnistää koneesi uudelleen.

*********************************************************

Poista ne rivit jotka ovat vielä jäljellä:

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot
(HJT sammuttaa ohjelman ei poista)

O2 - BHO: precisead - {8623e086-2cc1-5e4b-4d72-3b674ebde885} - C:\WINDOWS\system32\nscB1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - Startup: runit_32.lnk = C:\Qoobox\Quarantine\C\Program Files\runit\runit_32.exe.vir
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Officen käynnistys.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

sekä poista ne.(fix Chekked) napista.

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* OTMoveIt logi. raportti
*
* Kerro mikä on tilanne ???
*

Zippaz · Aug 27, 2009

ei se tiedosto ole tärkeä...noista tiedostoista joita piti ruksia tuohon hjt:n niin ei olluyt kaikkia enää olemassa. Tarkalleen ottaen sitä ensimmästä ei siis ollu, muut viisi oli. Tässä nyt pyytämänne logit:

All processes killed
========== FILES ==========
File/Folder C:\WINDOWS\system32\nscB1.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Järjestelmänvalvoja
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Omistaja
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3468858 bytes

User: Vieras
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 12893 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,42 mb

OTM by OldTimer - Version 3.0.0.6 log created on 08272009_183949

Files moved on Reboot...

Registry entries deleted on Reboot...

ja sit hjt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:55:04, on 27.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdateBeta.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsus.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: runit_32.lnk = C:\Qoobox\Quarantine\C\Program Files\runit\runit_32.exe.vir
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Officen käynnistys.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} (ChatRepublicPlayer ActiveX) - http://www.superstarracing.net/ChatRepublicPlayer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Hälytys AlerterAlerterAlerterAlerterALG (AlerterAlerterAlerterAlerterALG) - Unknown owner - C:\WINDOWS\TEMP\vtrntkvoie.exe (file missing)
O23 - Service: Hälytys AlerterAlerterAlerterALG (AlerterAlerterAlerterALG) - Unknown owner - C:\WINDOWS\TEMP\oyeixyncsf.exe (file missing)
O23 - Service: Hälytys AlerterAlerterALG (AlerterAlerterALG) - Unknown owner - C:\WINDOWS\TEMP\srdbwutsqe.exe (file missing)
O23 - Service: Hälytys AlerterALG (AlerterALG) - Unknown owner - C:\WINDOWS\TEMP\unbdievmew.exe (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (GoogleUpdateBeta) - Google Corporation - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdateBeta.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://www.finalfantasyworld.co.uk/khextreme/kh2/images/artwork/KH2_Artwork_Anti_Sora.jpg

--
End of file - 8113 bytes

kalminen · Aug 28, 2009

Mene alapalkista KÄYNNISTÄ ==> SUORITA valikkoon ja kirjoita services.msc OK
Klikkaa Avautuva ikkuna suureksi ja ohjelma saraketta levität niin että näkyy kaikki.

Etsi
Kaikki rivit joissa on
Hälytys AlerterALG......

Klikkaa rivi aktiiviseksi ja
Hiiren oikealla napilla pääset ko. riviltä valikkoon ==> Ominaisuudet/Propertiers
josta muutat Käynnistystapa Ei käytössä. => Oikeasta alakulmasta Klikkaa käytä ja OK Tämän lisäksi klikkaat vasemmalla
puolella olevaa linkkiä Pysäytä palvelu . Poistu ohjelmasta.

----------------------------------------------------------------------------------

Poista ne rivit jotka ovat vielä jäljellä:

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot
(HJT sammuttaa ohjelman ei poista)

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Officen käynnistys.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O23 - Service: Hälytys AlerterAlerterAlerterAlerterALG (AlerterAlerterAlerterAlerterALG) - Unknown owner - C:\WINDOWS\TEMP\vtrntkvoie.exe (file missing)
O23 - Service: Hälytys AlerterAlerterAlerterALG (AlerterAlerterAlerterALG) - Unknown owner - C:\WINDOWS\TEMP\oyeixyncsf.exe (file missing)
O23 - Service: Hälytys AlerterAlerterALG (AlerterAlerterALG) - Unknown owner - C:\WINDOWS\TEMP\srdbwutsqe.exe (file missing)
O23 - Service: Hälytys AlerterALG (AlerterALG) - Unknown owner - C:\WINDOWS\TEMP\unbdievmew.exe (file missing)

sekä poista ne.(fix Chekked) napista.

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
*
* Toimiiko kone OK ???
*

Zippaz · Aug 28, 2009

Paljon paremmin jo. Kiitos paljon. Tavoite ois kuitenkin saada tää masiina niin puhtaaksi kun vain voi

Zippaz · Aug 28, 2009

Taaskaan ei kaikkia tiedostoja löytynyt koneelta. 7/11 löyty

tässä loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:35:50, on 28.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdateBeta.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsus.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} (ChatRepublicPlayer ActiveX) - http://www.superstarracing.net/ChatRepublicPlayer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Hälytys AlerterAlerterAlerterAlerterALG (AlerterAlerterAlerterAlerterALG) - Unknown owner - C:\WINDOWS\TEMP\vtrntkvoie.exe (file missing)
O23 - Service: Hälytys AlerterAlerterAlerterALG (AlerterAlerterAlerterALG) - Unknown owner - C:\WINDOWS\TEMP\oyeixyncsf.exe (file missing)
O23 - Service: Hälytys AlerterAlerterALG (AlerterAlerterALG) - Unknown owner - C:\WINDOWS\TEMP\srdbwutsqe.exe (file missing)
O23 - Service: Hälytys AlerterALG (AlerterALG) - Unknown owner - C:\WINDOWS\TEMP\unbdievmew.exe (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (GoogleUpdateBeta) - Google Corporation - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdateBeta.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://www.finalfantasyworld.co.uk/khextreme/kh2/images/artwork/KH2_Artwork_Anti_Sora.jpg

--
End of file - 7415 bytes

kalminen · Aug 28, 2009

Tämä ei mennyt putkeen

Oliko jotain ongelmia ???

Mene alapalkista KÄYNNISTÄ ==> SUORITA valikkoon ja kirjoita services.msc OK
Klikkaa Avautuva ikkuna suureksi ja ohjelma saraketta levität niin että näkyy kaikki.

Etsi
Kaikki rivit joissa on
Hälytys AlerterALG......

Klikkaa rivi aktiiviseksi ja
Hiiren oikealla napilla pääset ko. riviltä valikkoon ==> Ominaisuudet/Propertiers
josta muutat Käynnistystapa Ei käytössä. => Oikeasta alakulmasta Klikkaa käytä ja OK Tämän lisäksi klikkaat vasemmalla
puolella olevaa linkkiä Pysäytä palvelu . Poistu ohjelmasta.

----------------------------------------------------------------------------------

Poista ne rivit jotka ovat vielä jäljellä:

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot
(HJT sammuttaa ohjelman ei poista)

O23 - Service: Hälytys AlerterAlerterAlerterAlerterALG (AlerterAlerterAlerterAlerterALG) - Unknown owner - C:\WINDOWS\TEMP\vtrntkvoie.exe (file missing)
O23 - Service: Hälytys AlerterAlerterAlerterALG (AlerterAlerterAlerterALG) - Unknown owner - C:\WINDOWS\TEMP\oyeixyncsf.exe (file missing)
O23 - Service: Hälytys AlerterAlerterALG (AlerterAlerterALG) - Unknown owner - C:\WINDOWS\TEMP\srdbwutsqe.exe (file missing)
O23 - Service: Hälytys AlerterALG (AlerterALG) - Unknown owner - C:\WINDOWS\TEMP\unbdievmew.exe (file missing)

sekä poista ne.(fix Chekked) napista.

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
*
* Toimiiko kone OK ???
*

Zippaz · Aug 28, 2009

Mitään noista tiedostoista ei enää näy hjt:ssä sen scannin yhteydessä.

Tässä kuitenkin se loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:52:41, on 28.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdateBeta.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsus.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} (ChatRepublicPlayer ActiveX) - http://www.superstarracing.net/ChatRepublicPlayer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (GoogleUpdateBeta) - Google Corporation - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdateBeta.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://www.finalfantasyworld.co.uk/khextreme/kh2/images/artwork/KH2_Artwork_Anti_Sora.jpg

--
End of file - 6635 bytes

kalminen · Aug 28, 2009

Logi näyttää nyt oikein hyvältä !!!

Seuraavaksi poistamme kaikki käytetyt työkalut roskineen.

* TuplaklikkaaOTM.exe.
* Klikkaa CleanUp!.
* Valitse Yes kun kysytään "Begin cleanup Process?".
* Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.
* OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

.

Zippaz · Aug 29, 2009

Kiitoksia oikein paljon!

On hienoa, että täältä löytyy auttamishaluista porukkaa aina kun apua tarvitaan

Log in or Sign up

Tässä hjt loki...Viiruksia!!!

Zippaz Member

kalminen Regular member

Zippaz Member

kalminen Regular member

Zippaz Member

kalminen Regular member

Zippaz Member

Zippaz Member

kalminen Regular member

Zippaz Member

kalminen Regular member

Zippaz Member

Share This Page

Log in or Sign up

Tässä hjt loki...Viiruksia!!!

Zippaz Member

kalminen Regular member

Zippaz Member

kalminen Regular member

Zippaz Member

kalminen Regular member

Zippaz Member

Zippaz Member

kalminen Regular member

Zippaz Member

kalminen Regular member

Zippaz Member

Share This Page

Useful Searches