viruksia kenties?

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by p2pman, Jan 29, 2009.

Page 1 of 2
  1. p2pman

    p2pman Regular member

    Joined:
    Apr 27, 2007
    Messages:
    540
    Likes Received:
    0
    Trophy Points:
    26
    tälläsiä onkelmia konees: http://keskustelu.afterdawn.com/thread_view.cfm/744478

    joten pistän lokin jos sattus jotain löytyyn...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:57:29, on 29.1.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Tietoturvapalvelu\ExploitShield\fsessrv.exe
    C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE
    C:\Program Files\Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Tietoturvapalvelu\Common\FSMB32.EXE
    D:\Työkalut & Ohjelmat\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Tietoturvapalvelu\ExploitShield\fsesgui.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Tietoturvapalvelu\Common\FCH32.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsqh.exe
    C:\Program Files\Tietoturvapalvelu\Common\FAMEH32.EXE
    D:\Työkalut & Ohjelmat\WinSnap\WinSnap.exe
    D:\Työkalut & Ohjelmat\PeerGuardian2\pg2.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Tietoturvapalvelu\FSGUI\fsguidll.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\TUProgSt.exe
    D:\Työkalut & Ohjelmat\VNC4\WinVNC4.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Työkalut & Ohjelmat\Orbitdownloader\orbitdm.exe
    D:\Työkalut & Ohjelmat\Orbitdownloader\orbitnet.exe
    C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Tietoturvapalvelu\FSAUA\program\fsaua.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Tietoturvapalvelu\Anti-Virus\fssm32.exe
    C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Tietoturvapalvelu\FSAUA\program\fsus.exe
    C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\inetsrv\DavCData.exe
    D:\Työkalut & Ohjelmat\4t Tray Minimizer\4t-min.exe
    D:\Työkalut & Ohjelmat\IObit SmartDefrag\IObit SmartDefrag.exe
    C:\hjt\scanner.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Java\jre6\bin\jqsnotify.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Työkalut & Ohjelmat\Orbitdownloader\orbitcth.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Työkalut & Ohjelmat\BitComet\tools\BitCometBHO_1.2.8.7.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\TYKALU~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Työkalut & Ohjelmat\Orbitdownloader\GrabPro.dll
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Tietoturvapalvelu\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Työkalut & Ohjelmat\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [F-Secure ExploitShield] "C:\Program Files\Tietoturvapalvelu\ExploitShield\fsesgui.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [WinSnap] "D:\Työkalut & Ohjelmat\WinSnap\WinSnap.exe" /startup
    O4 - HKCU\..\Run: [PeerGuardian] D:\Työkalut & Ohjelmat\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [BitComet] "D:\Työkalut & Ohjelmat\BitComet\BitComet.exe" /tray
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Orbit.lnk = ?
    O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Työkalut & Ohjelmat\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Työkalut & Ohjelmat\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Työkalut & Ohjelmat\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Työkalut & Ohjelmat\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Työkalut & Ohjelmat\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Työkalut & Ohjelmat\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\TYKALU~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\TYKALU~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - D:\Työkalut & Ohjelmat\Messenger Backup\Messenger Backup (file missing)
    O9 - Extra 'Tools' menuitem: &Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - D:\Työkalut & Ohjelmat\Messenger Backup\Messenger Backup (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe (file missing)
    O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DriveSitterService - Oliver Marr - C:\Program Files\Common Files\DriveSitter\DSSrv.exe
    O23 - Service: F-Secure Exploit Shield Service (ExploitShield) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\ExploitShield\fsessrv.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\ORSP Client\fsorsp.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe (file missing)
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Työkalut & Ohjelmat\VNC4\WinVNC4.exe

    --
    End of file - 15091 bytes
     
    p2pman, Jan 29, 2009
    #1
  2. Hujo

    Hujo Guest

    Suorita -> Kirjoita luukkuun > devmgmt.msc
    Paina ok
    Ide ata tai atapi ohjaimet -> ensisijainen IDE-kanava -> Klikkaa hiiren oikeanpuoleisella napilla Ominaisuudet > lisäasetukset -> siirtotapa .

    Mitä näkyy?
     
    Hujo, Jan 29, 2009
    #2
  3. p2pman

    p2pman Regular member

    Joined:
    Apr 27, 2007
    Messages:
    540
    Likes Received:
    0
    Trophy Points:
    26
    p2pman, Jan 30, 2009
    #3
  4. Hujo

    Hujo Guest

    Lataa Malwarebytes' Anti-Malware työpöydällesi.

    1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
    2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
    Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
    3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
    4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
    5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
    6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
    7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
    löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
    Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    8. Lähetä lokin sisältö seuraavassa viestissäsi

    ============

    lataa ja aja AVG Anti-Spyware v7.5.1.36
     
    Hujo, Jan 30, 2009
    #4
  5. p2pman

    p2pman Regular member

    Joined:
    Apr 27, 2007
    Messages:
    540
    Likes Received:
    0
    Trophy Points:
    26
    malwarebytes ei löytäny mitään.

    Malwarebytes' Anti-Malware 1.33
    Tietokantaversio: 1708
    Windows 5.1.2600 Service Pack 3

    30.1.2009 18:22:40
    mbam-log-2009-01-30 (18-22-40).txt

    Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
    Tarkistetut kohteet: 260282
    Kulunut aika: 1 hour(s), 41 minute(s), 34 second(s)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 0
    Saastuneita rekisteriavaimia: 0
    Saastuneita rekisteriarvoja: 0
    Saastuneita rekisterikohteita: 0
    Saastuneita hakemistoja: 0
    Saastuneita tiedostoja: 0

    Saastuneita muistiprosesseja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita muistimoduuleja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriavaimia:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriarvoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisterikohteita:
    (Haitallisia kohteita ei löydetty)

    Saastuneita hakemistoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita tiedostoja:
    (Haitallisia kohteita ei löydetty)



    eikä toi avg löytäny myöskään mitään vakavaa...



    :mozilla.10:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.63:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.64:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.65:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.66:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.67:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.68:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.8:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.9:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.13:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
    :mozilla.83:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
    :mozilla.75:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
     
    p2pman, Jan 30, 2009
    #5
  6. Hujo

    Hujo Guest

    Last edited by a moderator: Jan 30, 2009
    Hujo, Jan 30, 2009
    #6
  7. p2pman

    p2pman Regular member

    Joined:
    Apr 27, 2007
    Messages:
    540
    Likes Received:
    0
    Trophy Points:
    26
    tällästä löysi:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/31/2009 at 01:26 PM

    Application Version : 4.25.1012

    Core Rules Database Version : 3738
    Trace Rules Database Version: 1707

    Scan type : Complete Scan
    Total Scan Time : 02:12:10

    Memory items scanned : 821
    Memory threats detected : 0
    Registry items scanned : 8401
    Registry threats detected : 0
    File items scanned : 38381
    File threats detected : 16

    Adware.Tracking Cookie
    .kontera.com [ C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt ]
    .kontera.com [ C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt ]
    .kontera.com [ C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt ]
    track.adform.net [ C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt ]
    track.adform.net [ C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt ]
    track.adform.net [ C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt ]
    www.deletedyoutube.ftvteen.com [ C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt ]
    .www.amaena.com [ C:\Documents and Settings\tyu\Application Data\Mozilla\Firefox\Profiles\bayfnjxk.default\cookies.txt ]
    .www.amaena.com [ C:\Documents and Settings\tyu\Application Data\Mozilla\Firefox\Profiles\bayfnjxk.default\cookies.txt ]
    .www.amaena.com [ C:\Documents and Settings\tyu\Application Data\Mozilla\Firefox\Profiles\bayfnjxk.default\cookies.txt ]
    .www.amaena.com [ C:\Documents and Settings\tyu\Application Data\Mozilla\Firefox\Profiles\bayfnjxk.default\cookies.txt ]
    .www.amaena.com [ C:\Documents and Settings\tyu\Application Data\Mozilla\Firefox\Profiles\bayfnjxk.default\cookies.txt ]
    winantivirus.com [ C:\Documents and Settings\tyu\Application Data\Mozilla\Firefox\Profiles\bayfnjxk.default\cookies.txt ]
    www.amaena.com [ C:\Documents and Settings\tyu\Application Data\Mozilla\Firefox\Profiles\bayfnjxk.default\cookies.txt ]

    Adware.Vundo/Variant
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{13008B8B-28EC-4A95-8016-FDFC43DCF295}\RP11\A0039327.DLL
    D:\PELIT\DIABLO II\D2NET.DLL


    poistin kaikki paitsi ton diablohomman..
     
    p2pman, Jan 31, 2009
    #7
  8. Hujo

    Hujo Guest

    Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

    Käynnistä koneesi vikasietotilaan:

    sammuta ja käynnistä
    käynnistyksen yhteydessä hakkaa F8 nappia
    valitse nuolinäppäimellä vikasietotila
    paina enter ja enter
    valitse käyttäjätilisi
    paina kyllä

    Jossakin koneissa hakataan F8:sin sijasta F5:tä

    " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
    " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
    " Paina Y käynnistääksesi skriptin.
    " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
    " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
    " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
    " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
    " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
    " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
     
    Hujo, Jan 31, 2009
    #8
  9. p2pman

    p2pman Regular member

    Joined:
    Apr 27, 2007
    Messages:
    540
    Likes Received:
    0
    Trophy Points:
    26
    tässä olis:


    SDFix: Version 1.240
    Run by Johtaja on ti 03.02.2009 at 15:53

    Microsoft Windows XP [versio 5.1.2600]
    Running From: C:\Documents and Settings\Johtaja\Desktop\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    No Trojan Files Found






    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-03 16:33:34
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "p0"="D:\Työkalut & Ohjelmat\Alcohol 120\"
    "h0"=dword:00000001
    "ujdew"=hex:cf,78,79,2a,6e,65,e4,5b,8f,1e,c4,99,32,ee,41,66,70,cb,8c,ae,9d,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:26,67,62,40,87,f1,f8,d8,01,66,a0,01,39,89,8d,7b,36,a4,a3,08,a3,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,6e,cd,b8,e8,d7,3c,66,9f,0a,f9,0e,c0,4e,7e,f9,4f,80,..
    "khjeh"=hex:48,9e,f5,26,ae,66,7a,82,f8,fb,4e,c8,e3,2b,b2,6e,1f,ce,21,0c,2f,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:66,50,ea,85,e1,b4,3a,9e,fb,2a,08,b4,66,83,56,17,b4,e7,3e,01,ec,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000001
    "ujdew"=hex:81,0f,6f,bc,47,42,be,14,b5,12,09,b0,2e,05,fe,c0,5c,fd,4e,e0,23,..
    "p0"="D:\Työkalut & Ohjelmat\Alcohol 120%\"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:18,94,1a,be,7c,14,62,0b,d1,e6,55,ca,59,53,7c,20,91,73,bc,19,b5,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "p0"="D:\Työkalut & Ohjelmat\Alcohol 120\"
    "h0"=dword:00000001
    "ujdew"=hex:6c,57,52,04,e1,48,b6,f4,79,e0,86,e1,2f,84,37,6c,be,23,9f,cf,41,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:26,67,62,40,87,f1,f8,d8,01,66,a0,01,39,89,8d,7b,36,a4,a3,08,a3,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,6e,cd,b8,e8,d7,3c,66,9f,0a,f9,0e,c0,4e,7e,f9,4f,80,..
    "khjeh"=hex:48,9e,f5,26,ae,66,7a,82,f8,fb,4e,c8,e3,2b,b2,6e,1f,ce,21,0c,2f,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:66,50,ea,85,e1,b4,3a,9e,fb,2a,08,b4,66,83,56,17,b4,e7,3e,01,ec,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000001
    "ujdew"=hex:81,0f,6f,bc,47,42,be,14,b5,12,09,b0,2e,05,fe,c0,5c,fd,4e,e0,23,..
    "p0"="D:\Työkalut & Ohjelmat\Alcohol 120%\"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:18,94,1a,be,7c,14,62,0b,d1,e6,55,ca,59,53,7c,20,91,73,bc,19,b5,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2bb70d58
    "s2"=dword:23bb4873
    "h0"=dword:00000002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000001
    "ujdew"=hex:e8,bd,8f,05,9a,92,76,e9,e8,ab,e2,cf,e6,f1,fd,1b,b2,d0,41,9a,13,..
    "p0"="D:\Työkalut & Ohjelmat\Alcohol 120%\"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:18,94,1a,be,7c,14,62,0b,d1,e6,55,ca,59,53,7c,20,91,73,bc,19,b5,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000001
    "ujdew"=hex:e8,bd,8f,05,9a,92,76,e9,e8,ab,e2,cf,e6,f1,fd,1b,b2,d0,41,9a,13,..
    "p0"="D:\Työkalut & Ohjelmat\Alcohol 120%\"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:18,94,1a,be,7c,14,62,0b,d1,e6,55,ca,59,53,7c,20,91,73,bc,19,b5,..

    scanning hidden registry entries ...

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{36361C48-D9AC-38F4-6A27-2F88212F1EE0}]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A0451CAE-67AB-78A9-646B-B5FCA21810F2}]
    "iadnkcegkgbnklihej"=hex:6a,61,6b,66,6b,69,64,6f,6a,62,70,6b,6e,6a,70,6f,6a,6c,6d,64,00,..
    "hajmpjoolfjicpee"=hex:6a,61,6b,66,6b,69,64,6f,6a,62,70,6b,6e,6a,70,6f,6a,6c,6d,64,00,..
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B6CDABD2-23D9-02D4-F388-16AB1A27033F}]
    "iakpoempjfofgflapa"=hex:6a,61,6c,6b,69,6a,6f,69,6e,6a,6a,65,6d,67,6f,67,6b,61,6c,69,00,..
    "haipeogjcemojbgb"=hex:6b,61,6f,6a,6c,6c,6a,64,66,6e,6e,61,61,67,6c,62,66,6c,6b,6f,6d,..
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7421E15-A93C-283E-E641-B63CD638FD1E}]
    "abbaadapahnfecaapgbpnhgnediiofgaeb"=hex:61,62,70,61,6e,66,6d,64,65,64,6d,66,62,6a,68,66,6e,69,6c,6f,61,..
    "bbbaadapahnfecaapgmpibmkhplgpcackfge"=hex:61,62,67,62,64,66,67,70,6c,65,65,66,61,70,62,69,70,64,63,63,61,..

    scanning hidden files ...

    C:\Documents and Settings\Johtaja\Application Data\Software Informer\cache\icons\EW : Cossacks.ico 4398 bytes hidden from API
    C:\Documents and Settings\Johtaja\Application Data\Software Informer\cache\icons\Cossacks : The Art Of War.ico 4398 bytes hidden from API

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 2


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "D:\\Pelit\\Tom Clancy's rainbow six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"="D:\\Pelit\\Tom Clancy's rainbow six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "D:\\Työkalut & Ohjelmat\\Orbitdownloader\\orbitdm.exe"="D:\\Työkalut & Ohjelmat\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
    "D:\\Työkalut & Ohjelmat\\Orbitdownloader\\orbitnet.exe"="D:\\Työkalut & Ohjelmat\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"
    "D:\\Työkalut & Ohjelmat\\LimeWire\\LimeWire.exe"="D:\\Työkalut & Ohjelmat\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files :



    Files with Hidden Attributes :

    Sat 16 Sep 2006 14,640 A..H. --- "C:\ce4ae7aa35582e0643bff8aa5f07ec\spmsg.dll"
    Sat 16 Sep 2006 221,488 A..H. --- "C:\ce4ae7aa35582e0643bff8aa5f07ec\spuninst.exe"
    Sat 16 Sep 2006 23,856 A..H. --- "C:\ce4ae7aa35582e0643bff8aa5f07ec\spupdsvc.exe"
    Fri 15 Sep 2006 87,040 A..H. --- "C:\ce4ae7aa35582e0643bff8aa5f07ec\wudfcoinstaller.dll"
    Fri 15 Sep 2006 70,656 A..H. --- "C:\ce4ae7aa35582e0643bff8aa5f07ec\wudfcustom.dll"
    Fri 15 Sep 2006 142,848 A..H. --- "C:\ce4ae7aa35582e0643bff8aa5f07ec\wudfhost.exe"
    Fri 15 Sep 2006 76,544 A..H. --- "C:\ce4ae7aa35582e0643bff8aa5f07ec\wudfpf.sys"
    Fri 15 Sep 2006 163,840 A..H. --- "C:\ce4ae7aa35582e0643bff8aa5f07ec\wudfplatform.dll"
    Fri 15 Sep 2006 82,688 A..H. --- "C:\ce4ae7aa35582e0643bff8aa5f07ec\wudfrd.sys"
    Fri 15 Sep 2006 55,296 A..H. --- "C:\ce4ae7aa35582e0643bff8aa5f07ec\wudfsvc.dll"
    Fri 15 Sep 2006 308,224 A..H. --- "C:\ce4ae7aa35582e0643bff8aa5f07ec\wudfx.dll"
    Sat 16 Sep 2006 742,192 A..H. --- "C:\ce4ae7aa35582e0643bff8aa5f07ec\update\update.exe"
    Sat 16 Sep 2006 379,184 A..H. --- "C:\ce4ae7aa35582e0643bff8aa5f07ec\update\updspapi.dll"
    Fri 15 Sep 2006 70,656 A..H. --- "C:\ce4ae7aa35582e0643bff8aa5f07ec\update\wudfcustom.dll"
    Tue 17 Jun 2008 65,536 A.SH. --- "C:\Program Files\MessengerDiscovery\AlertSkinInstaller.exe"
    Sun 22 Jun 2008 40,960 A.SH. --- "C:\Program Files\MessengerDiscovery\SpellCHK.exe"
    Wed 2 Dec 1998 143,360 A.SH. --- "C:\Program Files\MessengerDiscovery\unzip.dll"
    Mon 21 Jan 2008 88 ..SHR --- "C:\WINDOWS\system32\A843755FCC.sys"
    Sat 26 Jan 2008 56 ..SHR --- "C:\WINDOWS\system32\CC5F7543A8.sys"
    Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
    Wed 16 Apr 2008 4,184 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
    Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
    Wed 14 Nov 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
    Sat 20 Jan 2007 2,547 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti9B.tmp"
    Thu 15 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Wed 7 Jan 2009 3,510,048 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\47fac4988ef421d00b79077f7dfbdecb\BIT9BB.tmp"
    Sat 30 Jun 2007 857 ...HR --- "C:\Documents and Settings\ghjf\Application Data\SecuROM\UserData\securom_v7_01.bak"
    Sat 1 Dec 2007 1,326 ...HR --- "C:\Documents and Settings\Johtaja\Application Data\SecuROM\UserData\securom_v7_01.bak"

    Finished!

     
    p2pman, Feb 3, 2009
    #9
  10. Hujo

    Hujo Guest

    laitetaas pikku lakasu väliin

    Lataa OTMoveIt
    OTMoveIt ja tallenna se työpöydällesi.

    Tuplaklikkaa OTMoveIt.exe.
    Klikkaa CleanUp!.
    Valitse Yes kun kysytään "Begin cleanup Process?".
    Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

    HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

    ==============

    1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
    2. Valitse ominaisuudet
    3. Valitse järjestelmän palauttaminen välilehti
    4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
    5. Paina Käytä
    6. Paina ok
    7. Sammuta ja käynnistä
    8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
    9. Käytä ja OK

    ==============

    Lataa Tästä Ccleaner
    CCleaner v 2.14.750.- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
    Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
    Asennuksen jälkeen aukaise CCleaneri.
    Valitse vasemmalta pystyrivistä Options.
    Valitse viereisestä pystyrivistä Settings.
    Language kohtaan valitse Suomi.

    Puhdistaja
    Valitse vasemmalta pystyrivistä Puhdistaja.
    Paina alhaalta Tutki.
    Nyt CCleaneri tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
    Kun tutkiminen on valmis, paina Aja CCleaner.
    Nyt CCleaneri poistaa löydetyt tempit, cookiessit jne.

    Rekisterin virheiden korjaus
    Valitse vasemmalta pystyrivistä Rekisteri.
    Paina alhaalta Etsi rekisterin virheitä.
    Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
    Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
    Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
    Saat vielä varmistus kysymyksen, paina Ok.
    Kun virheet on korjattu, paina Sulje.
    Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.
     
    Hujo, Feb 3, 2009
    #10
  11. p2pman

    p2pman Regular member

    Joined:
    Apr 27, 2007
    Messages:
    540
    Likes Received:
    0
    Trophy Points:
    26
    molemmat ajettu.
     
    p2pman, Feb 3, 2009
    #11
  12. Hujo

    Hujo Guest

    Nyt kun selain on auki klikkaa työkalut > asetukset > Tietosuoja > Kohta yksityisyys tiedot
    laita täppi kohtaan
    Tyhjennä valitut yksityisyystiedot, aina kun firefox suljetaan
    Klikkaa asetukset nappia

    laita kaikkin kohtiin täppi
    jos haluat säilyttää tallennetut salasanat, niin älä laita täppiä
    Ok ok

    ==========

    1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
    Combofix1
    Combofix2

    älä asenna palutus consolia
    2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
     
    Hujo, Feb 3, 2009
    #12
  13. p2pman

    p2pman Regular member

    Joined:
    Apr 27, 2007
    Messages:
    540
    Likes Received:
    0
    Trophy Points:
    26
    ennen homman alkua muuten toi valitti että f-securen ja threatfiren reaaliaikasuojaus on päällä.. suljin f-securen mut threatfiren oon tietääkseni poistanu jo ajat sitten koneelta.. vai oonko?...


    ComboFix 09-02-04.04 - Johtaja 2009-02-05 16:05:07.8 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1359 [GMT 2:00]
    Sijainti: c:\documents and settings\Johtaja\Desktop\ComboFix.exe
    AV: ThreatFire *On-access scanning enabled* (Updated)
    AV: Tietoturvapalvelu 8.00 *On-access scanning enabled* (Updated)
    FW: Tietoturvapalvelu 8.00 *enabled*
    * Uusi palautuspiste luotu

    VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\SrchSTS.exe

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-05 to 2009-02-05 )))))))))))))))))
    .

    2009-01-31 15:08 . 2008-04-14 05:42 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
    2009-01-31 15:08 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
    2009-01-31 15:08 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
    2009-01-31 15:08 . 2008-04-14 05:42 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
    2009-01-31 15:08 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
    2009-01-31 15:07 . 2008-04-13 22:05 154,624 --a--c--- c:\windows\system32\dllcache\wlluc48.sys
    2009-01-31 15:07 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
    2009-01-31 15:07 . 2001-08-17 12:12 34,890 --a--c--- c:\windows\system32\dllcache\wlandrv2.sys
    2009-01-31 15:07 . 2008-04-13 22:04 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
    2009-01-31 15:07 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
    2009-01-31 15:07 . 2008-04-13 22:04 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
    2009-01-31 15:07 . 2008-04-14 00:06 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys
    2009-01-31 15:07 . 2008-04-14 05:42 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
    2009-01-31 15:05 . 2001-08-17 12:13 19,528 --a--c--- c:\windows\system32\dllcache\w840nd.sys
    2009-01-31 15:05 . 2001-08-17 12:13 19,016 --a--c--- c:\windows\system32\dllcache\w926nd.sys
    2009-01-31 15:05 . 2001-08-17 12:13 16,925 --a--c--- c:\windows\system32\dllcache\w940nd.sys
    2009-01-31 15:04 . 2001-08-17 13:28 687,999 --a--c--- c:\windows\system32\dllcache\usrwdxjs.sys
    2009-01-31 15:04 . 2001-08-17 13:28 604,253 --a--c--- c:\windows\system32\dllcache\vmodem.sys
    2009-01-31 15:04 . 2001-08-17 13:28 397,502 --a--c--- c:\windows\system32\dllcache\vpctcom.sys
    2009-01-31 15:04 . 2001-08-17 12:14 249,402 --a--c--- c:\windows\system32\dllcache\vinwm.sys
    2009-01-31 15:04 . 2001-08-17 13:28 64,605 --a--c--- c:\windows\system32\dllcache\vvoice.sys
    2009-01-31 15:04 . 2001-08-17 13:49 24,576 --a--c--- c:\windows\system32\dllcache\viairda.sys
    2009-01-31 15:04 . 2008-04-14 00:10 5,376 --a--c--- c:\windows\system32\dllcache\viaide.sys
    2009-01-31 15:03 . 2001-08-17 13:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys
    2009-01-31 15:03 . 2001-08-17 13:28 794,399 --a--c--- c:\windows\system32\dllcache\usr1806v.sys
    2009-01-31 15:03 . 2001-08-17 13:28 793,598 --a--c--- c:\windows\system32\dllcache\usr1806.sys
    2009-01-31 15:03 . 2001-08-17 13:28 765,884 --a--c--- c:\windows\system32\dllcache\usrti.sys
    2009-01-31 15:03 . 2001-08-17 13:28 224,802 --a--c--- c:\windows\system32\dllcache\usr1807a.sys
    2009-01-31 15:03 . 2001-08-17 13:28 113,762 --a--c--- c:\windows\system32\dllcache\usrpda.sys
    2009-01-31 15:03 . 2001-08-17 22:36 94,720 --a--c--- c:\windows\system32\dllcache\umaxud32.dll
    2009-01-31 15:03 . 2008-04-13 22:05 32,384 --a--c--- c:\windows\system32\dllcache\usb101et.sys
    2009-01-31 15:03 . 2008-04-14 00:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
    2009-01-31 15:03 . 2008-04-14 00:15 17,152 --a--c--- c:\windows\system32\dllcache\usbohci.sys
    2009-01-31 15:03 . 2001-08-17 13:28 7,556 --a--c--- c:\windows\system32\dllcache\usroslba.sys
    2009-01-31 15:02 . 2001-08-17 22:36 69,632 --a--c--- c:\windows\system32\dllcache\umaxu12.dll
    2009-01-31 15:02 . 2001-08-17 22:36 50,688 --a--c--- c:\windows\system32\dllcache\umaxscan.dll
    2009-01-31 15:02 . 2001-08-17 22:36 50,176 --a--c--- c:\windows\system32\dllcache\umaxp60.dll
    2009-01-31 15:02 . 2001-08-17 22:36 28,160 --a--c--- c:\windows\system32\dllcache\umaxu40.dll
    2009-01-31 15:02 . 2001-08-17 22:36 26,624 --a--c--- c:\windows\system32\dllcache\umaxu22.dll
    2009-01-31 15:02 . 2001-08-17 13:58 22,912 --a--c--- c:\windows\system32\dllcache\umaxpcls.sys
    2009-01-31 15:01 . 2001-08-17 22:36 216,064 --a--c--- c:\windows\system32\dllcache\um34scan.dll
    2009-01-31 15:01 . 2001-08-17 22:36 211,968 --a--c--- c:\windows\system32\dllcache\um54scan.dll
    2009-01-31 15:01 . 2001-08-17 12:51 166,784 --a--c--- c:\windows\system32\dllcache\tridxpm.sys
    2009-01-31 15:01 . 2001-08-17 22:36 47,616 --a--c--- c:\windows\system32\dllcache\umaxcam.dll
    2009-01-31 15:01 . 2001-08-17 13:52 36,736 --a--c--- c:\windows\system32\dllcache\ultra.sys
    2009-01-31 15:01 . 2001-08-17 13:48 11,520 --a--c--- c:\windows\system32\dllcache\twotrack.sys
    2009-01-31 15:00 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
    2009-01-31 15:00 . 2001-08-17 14:56 440,576 --a--c--- c:\windows\system32\dllcache\tridkb.dll
    2009-01-31 15:00 . 2001-08-17 14:56 315,520 --a--c--- c:\windows\system32\dllcache\trid3d.dll
    2009-01-31 15:00 . 2001-08-17 12:51 222,336 --a--c--- c:\windows\system32\dllcache\trid3dm.sys
    2009-01-31 15:00 . 2001-08-17 12:51 159,232 --a--c--- c:\windows\system32\dllcache\tridkbm.sys
    2009-01-31 15:00 . 2008-04-14 05:42 82,944 --a--c--- c:\windows\system32\dllcache\tp4mon.exe
    2009-01-31 15:00 . 2001-08-17 22:35 42,496 --a--c--- c:\windows\system32\dllcache\tp4res.dll
    2009-01-31 15:00 . 2001-08-17 12:12 34,375 --a--c--- c:\windows\system32\dllcache\tpro4.sys
    2009-01-31 14:59 . 2001-08-17 14:01 241,664 --a--c--- c:\windows\system32\dllcache\tosdvd02.sys
    2009-01-31 14:59 . 2001-08-17 14:02 230,912 --a--c--- c:\windows\system32\dllcache\tosdvd03.sys
    2009-01-31 14:59 . 2008-04-14 00:10 149,376 --a--c--- c:\windows\system32\dllcache\tffsport.sys
    2009-01-31 14:59 . 2001-08-17 12:51 138,528 --a--c--- c:\windows\system32\dllcache\tgiulnt5.sys
    2009-01-31 14:59 . 2001-08-17 12:14 123,995 --a--c--- c:\windows\system32\dllcache\tjisdn.sys
    2009-01-31 14:59 . 2001-08-17 14:56 81,408 --a--c--- c:\windows\system32\dllcache\tgiul50.dll
    2009-01-31 14:59 . 2001-08-17 22:36 31,744 --a--c--- c:\windows\system32\dllcache\tp4.dll
    2009-01-31 14:59 . 2001-08-17 12:10 28,232 --a--c--- c:\windows\system32\dllcache\tos4mo.sys
    2009-01-31 14:59 . 2001-08-17 13:51 4,992 --a--c--- c:\windows\system32\dllcache\toside.sys
    2009-01-31 14:58 . 2001-08-17 14:56 172,768 --a--c--- c:\windows\system32\dllcache\t2r4disp.dll
    2009-01-31 14:58 . 2001-08-17 12:13 37,961 --a--c--- c:\windows\system32\dllcache\tdk100b.sys
    2009-01-31 14:58 . 2001-08-17 12:50 36,640 --a--c--- c:\windows\system32\dllcache\t2r4mini.sys
    2009-01-31 14:58 . 2001-08-17 14:07 32,640 --a--c--- c:\windows\system32\dllcache\symc8xx.sys
    2009-01-31 14:58 . 2001-08-17 13:49 30,464 --a--c--- c:\windows\system32\dllcache\tbatm155.sys
    2009-01-31 14:58 . 2001-08-17 12:13 17,129 --a--c--- c:\windows\system32\dllcache\tdkcd31.sys
    2009-01-31 14:58 . 2001-08-17 13:52 7,040 --a--c--- c:\windows\system32\dllcache\tandqic.sys
    2009-01-31 14:57 . 2001-08-17 13:50 103,936 --a--c--- c:\windows\system32\dllcache\sx.sys
    2009-01-31 14:57 . 2001-08-17 22:36 94,293 --a--c--- c:\windows\system32\dllcache\sxports.dll
    2009-01-31 14:57 . 2001-08-17 14:07 30,688 --a--c--- c:\windows\system32\dllcache\sym_u3.sys
    2009-01-31 14:57 . 2001-08-17 14:07 28,384 --a--c--- c:\windows\system32\dllcache\sym_hi.sys
    2009-01-31 14:57 . 2001-08-17 14:07 16,256 --a--c--- c:\windows\system32\dllcache\symc810.sys
    2009-01-31 14:57 . 2001-08-17 22:36 10,240 --a--c--- c:\windows\system32\dllcache\swpidflt.dll
    2009-01-31 14:57 . 2001-08-17 22:36 10,240 --a--c--- c:\windows\system32\dllcache\swpdflt2.dll
    2009-01-31 14:57 . 2001-08-17 14:02 3,968 --a--c--- c:\windows\system32\dllcache\swusbflt.sys
    2009-01-31 14:56 . 2001-08-17 12:18 285,760 --a--c--- c:\windows\system32\dllcache\stlnata.sys
    2009-01-31 14:56 . 2001-08-17 22:36 155,648 --a--c--- c:\windows\system32\dllcache\stlnprop.dll
    2009-01-31 14:56 . 2001-08-17 22:36 53,760 --a--c--- c:\windows\system32\dllcache\sw_wheel.dll
    2009-01-31 14:56 . 2001-08-17 22:36 53,248 --a--c--- c:\windows\system32\dllcache\stlncoin.dll
    2009-01-31 14:56 . 2001-08-17 12:11 48,736 --a--c--- c:\windows\system32\dllcache\srwlnd5.sys
    2009-01-31 14:56 . 2001-08-17 22:36 41,472 --a--c--- c:\windows\system32\dllcache\sw_effct.dll
    2009-01-31 14:56 . 2001-08-17 13:51 16,896 --a--c--- c:\windows\system32\dllcache\stcusb.sys
    2009-01-31 14:55 . 2001-08-17 22:36 114,688 --a--c--- c:\windows\system32\dllcache\sonypi.dll
    2009-01-31 14:55 . 2001-08-17 22:36 106,584 --a--c--- c:\windows\system32\dllcache\spdports.dll
    2009-01-31 14:55 . 2001-08-17 22:36 99,328 --a--c--- c:\windows\system32\dllcache\srusd.dll
    2009-01-31 14:55 . 2001-08-17 13:51 61,824 --a--c--- c:\windows\system32\dllcache\speed.sys
    2009-01-31 14:55 . 2001-08-17 12:51 37,040 --a--c--- c:\windows\system32\dllcache\sonypi.sys
    2009-01-31 14:55 . 2001-08-17 22:36 24,660 --a--c--- c:\windows\system32\dllcache\spxupchk.dll
    2009-01-31 14:55 . 2001-08-17 14:07 19,072 --a--c--- c:\windows\system32\dllcache\sparrow.sys
    2009-01-31 14:55 . 2001-08-17 13:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys
    2009-01-31 14:54 . 2001-08-17 14:56 147,200 --a--c--- c:\windows\system32\dllcache\smidispb.dll
    2009-01-31 14:54 . 2001-08-17 12:51 58,368 --a--c--- c:\windows\system32\dllcache\smiminib.sys
    2009-01-31 14:54 . 2001-08-17 12:10 35,913 --a--c--- c:\windows\system32\dllcache\smcirda.sys
    2009-01-31 14:54 . 2001-08-17 12:12 25,034 --a--c--- c:\windows\system32\dllcache\smcpwr2n.sys
    2009-01-31 14:54 . 2001-08-17 12:12 24,576 --a--c--- c:\windows\system32\dllcache\smc8000n.sys
    2009-01-31 14:54 . 2001-08-17 12:51 20,752 --a--c--- c:\windows\system32\dllcache\sonync.sys
    2009-01-31 14:54 . 2001-08-17 13:53 9,600 --a--c--- c:\windows\system32\dllcache\sonymc.sys
    2009-01-31 14:54 . 2008-04-14 00:10 7,552 --a--c--- c:\windows\system32\dllcache\sonyait.sys
    2009-01-31 14:54 . 2001-08-17 13:53 7,040 --a--c--- c:\windows\system32\dllcache\snyaitmc.sys
    2009-01-31 14:53 . 2001-08-17 12:12 94,698 --a--c--- c:\windows\system32\dllcache\sk98xwin.sys
    2009-01-31 14:53 . 2001-08-17 12:12 91,294 --a--c--- c:\windows\system32\dllcache\skfpwin.sys
    2009-01-31 14:53 . 2008-04-13 22:05 63,547 --a--c--- c:\windows\system32\dllcache\sla30nd5.sys
    2009-01-31 14:53 . 2001-08-17 22:36 45,568 --a--c--- c:\windows\system32\dllcache\smb3w.dll
    2009-01-31 14:53 . 2001-08-17 22:36 33,792 --a--c--- c:\windows\system32\dllcache\smb0w.dll
    2009-01-31 14:53 . 2001-08-17 22:36 28,672 --a--c--- c:\windows\system32\dllcache\sma0w.dll
    2009-01-31 14:53 . 2001-08-17 22:36 28,160 --a--c--- c:\windows\system32\dllcache\sm91w.dll
    2009-01-31 14:53 . 2008-04-14 00:06 16,000 --a--c--- c:\windows\system32\dllcache\smbbatt.sys
    2009-01-31 14:53 . 2008-04-14 00:06 6,912 --a--c--- c:\windows\system32\dllcache\smbclass.sys
    2009-01-31 14:53 . 2001-08-17 13:57 6,784 --a--c--- c:\windows\system32\dllcache\smbhc.sys
    2009-01-31 14:52 . 2001-08-17 14:56 252,032 --a--c--- c:\windows\system32\dllcache\sis300iv.dll
    2009-01-31 14:52 . 2001-08-17 22:36 238,592 --a--c--- c:\windows\system32\dllcache\sisgrv.dll
    2009-01-31 14:52 . 2001-08-17 14:56 157,696 --a--c--- c:\windows\system32\dllcache\sisv256.dll
    2009-01-31 14:52 . 2001-08-17 14:56 150,144 --a--c--- c:\windows\system32\dllcache\sis6306v.dll
    2009-01-31 14:52 . 2001-08-17 12:50 104,064 --a--c--- c:\windows\system32\dllcache\sisgrp.sys
    2009-01-31 14:52 . 2001-08-17 12:50 68,608 --a--c--- c:\windows\system32\dllcache\sis6306p.sys
    2009-01-31 14:52 . 2001-08-17 12:50 50,432 --a--c--- c:\windows\system32\dllcache\sisv.sys
    2009-01-31 14:52 . 2008-04-13 22:05 32,768 --a--c--- c:\windows\system32\dllcache\sisnic.sys
    2009-01-31 14:51 . 2001-08-17 22:36 386,560 --a--c--- c:\windows\system32\dllcache\sgiul50.dll
    2009-01-31 14:51 . 2001-07-21 14:29 161,568 --a--c--- c:\windows\system32\dllcache\sgsmusb.sys
    2009-01-31 14:51 . 2001-08-17 12:50 101,760 --a--c--- c:\windows\system32\dllcache\sis300ip.sys
    2009-01-31 14:51 . 2001-08-17 12:51 98,080 --a--c--- c:\windows\system32\dllcache\sgiulnt5.sys
    2009-01-31 14:51 . 2001-08-17 12:19 36,480 --a--c--- c:\windows\system32\dllcache\sfmanm.sys

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-05 12:46 --------- d-----w c:\program files\Tietoturvapalvelu
    2009-02-05 10:43 --------- d-----w c:\documents and settings\Johtaja\Application Data\Orbit
    2009-02-05 02:57 --------- d-----w c:\documents and settings\Johtaja\Application Data\TeraCopy
    2009-02-03 20:40 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
    2009-02-03 17:34 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2009-01-31 15:48 2,285,056 ----a-w c:\windows\system32\TUKernel.exe
    2009-01-31 15:29 --------- d-----w c:\documents and settings\Johtaja\Application Data\OpenOffice.org2
    2009-01-31 02:01 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2009-01-30 23:09 --------- d-----w c:\documents and settings\Johtaja\Application Data\dvdcss
    2009-01-28 14:39 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
    2009-01-27 18:55 --------- d-----w c:\program files\Cossacks - The Art Of War
    2009-01-25 10:26 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\X-Setup Pro
    2009-01-24 01:27 --------- d-----w c:\program files\DivX
    2009-01-23 18:23 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\fssg
    2009-01-23 10:39 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\F-Secure
    2009-01-20 06:09 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-01-19 17:32 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Installations
    2009-01-19 13:44 --------- d-----w c:\program files\Messenger Plus! Live
    2009-01-18 09:03 --------- d-----w c:\program files\Common Files\Download Manager
    2009-01-17 00:44 --------- d-----w c:\documents and settings\Johtaja\Application Data\LimeWire
    2009-01-14 14:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-14 14:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-01-11 08:19 410,984 ----a-w c:\windows\system32\deploytk.dll
    2009-01-11 08:19 --------- d-----w c:\program files\Java
    2009-01-10 20:21 --------- d-----w c:\program files\WinPcap
    2009-01-10 16:11 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\SecTaskMan
    2009-01-10 09:59 --------- d-----w c:\program files\Common Files\Nokia
    2009-01-09 14:09 --------- d-----w c:\program files\QuickTime
    2009-01-09 13:20 --------- d-----w c:\documents and settings\Johtaja\Application Data\Software Informer
    2009-01-09 12:31 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
    2009-01-09 11:31 --------- d-----w c:\program files\Nokia
    2009-01-09 05:48 --------- d-----w c:\program files\PC Connectivity Solution
    2009-01-08 13:25 --------- d-----w c:\program files\Heart Of Darkness
    2009-01-05 16:41 --------- d-----w c:\program files\ATI
    2009-01-05 16:04 --------- d-----w c:\program files\TuneUp Utilities 2008
    2009-01-05 09:24 --------- d-----w c:\program files\Common Files\Logitech
    2008-12-31 15:01 --------- d-----w c:\program files\Common Files\Nero
    2008-12-29 14:36 --------- d-----w c:\documents and settings\Johtaja\Application Data\uTorrent
    2008-12-28 22:48 2,330,643 ----a-w c:\windows\system32\x264vfw.dll
    2008-12-28 13:51 --------- d-----w c:\documents and settings\Johtaja\Application Data\GrabIt
    2008-12-28 13:18 --------- d-----w c:\documents and settings\Johtaja\Application Data\NewsLeecher
    2008-12-27 15:25 --------- d-----w c:\documents and settings\Johtaja\Application Data\AVSMedia
    2008-12-23 14:38 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\ATI
    2008-12-23 13:56 --------- d-----w c:\program files\ATI Technologies
    2008-12-23 13:36 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\DriverScanner
    2008-12-23 13:34 --------- dc-h--w c:\documents and settings\All Users.WINDOWS\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
    2008-12-23 13:34 --------- d-----w c:\program files\Uniblue
    2008-12-23 10:28 --------- d-----w c:\documents and settings\Johtaja\Application Data\NeroDigital(TM)
    2008-12-23 10:23 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Nero
    2008-12-22 16:09 --------- d-----w c:\documents and settings\Johtaja\Application Data\EditPlus 3
    2008-12-22 16:08 --------- d-----w c:\documents and settings\Johtaja\Application Data\Vso
    2008-12-22 16:07 --------- d-----w c:\documents and settings\Johtaja\Application Data\BSplayer Pro
    2008-12-21 19:31 --------- d-----w c:\program files\Common Files\AVSMedia
    2008-12-21 12:35 --------- d-----w c:\documents and settings\Johtaja\Application Data\.wyzo
    2008-12-21 08:11 --------- d-----w c:\documents and settings\Johtaja\Application Data\PC Suite
    2008-12-18 13:57 --------- d-----w c:\documents and settings\Johtaja\Application Data\vlc
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
    2008-12-10 14:17 7,808 ----a-w c:\windows\system32\drivers\psi_mf.sys
    2008-12-09 17:40 --------- d-----w c:\documents and settings\Johtaja\Application Data\Nero
    2008-12-09 15:30 --------- d-----w c:\program files\Nero
    2008-12-09 15:27 --------- d-----w c:\program files\Windows Sidebar
    2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll
    2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll
    2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll
    2008-12-06 09:44 --------- d-----w c:\program files\ReClock
    2008-12-05 21:24 --------- d-----w c:\documents and settings\Johtaja\Application Data\r2 Studios
    2008-12-05 21:24 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\r2 Studios
    2008-12-05 18:18 --------- d-----w c:\program files\iTunes
    2008-12-05 15:05 --------- d-----w c:\program files\OpenOffice.org 2.4
    2008-12-05 15:02 --------- d-----w c:\program files\OpenOffice.org 2.2
    2008-12-05 14:55 --------- d-----w c:\program files\OpenOffice
    2008-12-05 11:46 --------- d-----w c:\program files\Common Files\Adobe AIR
    2008-11-06 16:37 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
    2008-11-06 16:33 684,032 ----a-w c:\windows\system32\divx.dll
    2008-06-14 11:00 47,360 ----a-w c:\documents and settings\Johtaja\Application Data\pcouffin.sys
    2008-06-05 19:59 22,328 ----a-w c:\documents and settings\Johtaja\Application Data\PnkBstrK.sys
    2007-08-10 20:33 47,360 ----a-w c:\documents and settings\ghjf\Application Data\pcouffin.sys
    2007-08-05 14:09 94,208 ----a-w c:\documents and settings\ghjf\Application Data\ezplay.sys
    2007-08-04 12:00 81,920 ----a-w c:\documents and settings\ghjf\Application Data\ezpinst.exe
    2007-06-08 21:18 60,488,734 ----a-w c:\program files\openofficeorg3.cab
    2007-06-08 21:18 3,107,691 ----a-w c:\program files\openofficeorg4.cab
    2007-06-08 21:15 15,241,445 ----a-w c:\program files\openofficeorg2.cab
    2007-06-08 21:14 4,849,664 ----a-w c:\program files\openofficeorg22.msi
    2007-06-08 21:14 217 ----a-w c:\program files\setup.ini
    2007-06-08 21:14 17,937,115 ----a-w c:\program files\openofficeorg1.cab
    2007-06-08 21:14 1,821,008 ----a-w c:\program files\instmsiw.exe
    2007-06-08 21:14 1,707,856 ----a-w c:\program files\instmsia.exe
    2007-02-02 20:36 21,822,168 ----a-w c:\program files\AdbeRdr80_en_US.exe
    2007-01-27 15:48 1,951,432 ----a-w c:\program files\ppviewer.exe
    2007-01-18 16:18 87,608 ----a-w c:\documents and settings\Administrator\Application Data\ezpinst.exe
    2007-01-18 16:18 47,360 ----a-w c:\documents and settings\Administrator\Application Data\pcouffin.sys
    2008-01-21 16:49 88 --sh--r c:\windows\system32\A843755FCC.sys
    2008-01-26 12:41 56 --sh--r c:\windows\system32\CC5F7543A8.sys
    2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
    2008-04-16 19:35 4,184 --sha-w c:\windows\system32\KGyGaAvL.sys
    2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{FEEA54B4-D80F-41C7-87B9-DC08E6D3255F}"= "d:\tykalu~1\NetWorx\deskband.dll" [2009-01-13 491520]

    [HKEY_CLASSES_ROOT\clsid\{feea54b4-d80f-41c7-87b9-dc08e6d3255f}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinSnap"="d:\työkalut & ohjelmat\WinSnap\WinSnap.exe" [2008-08-22 386456]
    "PeerGuardian"="d:\työkalut & ohjelmat\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-09-05 5724184]
    "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "AlcoholAutomount"="d:\työkalut & ohjelmat\Alcohol 120%\axcmd.exe" [2008-07-09 4608]
    "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-11-10 1253376]
    "BitComet"="d:\työkalut & ohjelmat\BitComet\BitComet.exe" [2008-08-22 2567992]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "F-Secure Manager"="c:\program files\Tietoturvapalvelu\Common\FSM32.EXE" [2008-09-23 182936]
    "F-Secure TNB"="c:\program files\Tietoturvapalvelu\FSGUI\TNBUtil.exe" [2008-09-23 957024]
    "News Service"="c:\program files\Tietoturvapalvelu\FSGUI\ispnews.exe" [2005-05-31 356352]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
    "UnlockerAssistant"="d:\työkalut & ohjelmat\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
    "F-Secure ExploitShield"="c:\program files\Tietoturvapalvelu\ExploitShield\fsesgui.exe" [2008-12-17 678528]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-11 136600]
    "NetWorx"="d:\työkalut & ohjelmat\NetWorx\networx.exe" [2009-01-13 1114624]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]

    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Orbit.lnk - d:\ty”kalut & ohjelmat\Orbitdownloader\orbitdm.exe [2007-09-29 1707208]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsNetHood"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\työkalut & ohjelmat\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="c:\documents and settings\All Users.WINDOWS\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 11:05 356352 d:\työkalut & ohjelmat\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.tscc"= d:\tykalu~1\MpcStar\Codecs\tscc\tsccvid.dll
    "msacm.divxa32"= divxa32.acm
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcohol.bin]
    --a------ 2008-02-22 13:30 1589704 d:\työkalut & ohjelmat\Alcohol 120%\Alcohol.bin

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
    --a------ 2008-08-22 08:07 2567992 d:\työkalut & ohjelmat\BitComet\BitComet.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    --a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    --a------ 2009-01-15 16:17 1830128 d:\työkalut & ohjelmat\SUPERAntiSpyware\SUPERAntiSpyware.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "swg"=c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
    "Alcohol.bin Autorun"=d:\työkalut & ohjelmat\Alcohol 120%\Alcohol.bin /startup
    "_Alcohol.exe Autorun"=d:\työkalut & ohjelmat\Alcohol 120\_Alcohol.exe /startup
    "AlcoholAutomount"="d:\työkalut & ohjelmat\Alcohol 120%\axcmd.exe" /automount
    "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "d:\\Pelit\\Tom Clancy's rainbow six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "d:\\Työkalut & Ohjelmat\\Orbitdownloader\\orbitdm.exe"=
    "d:\\Työkalut & Ohjelmat\\Orbitdownloader\\orbitnet.exe"=
    "d:\\Työkalut & Ohjelmat\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:Windowsin vertaisjärjestelmäryhmittely
    "3540:UDP"= 3540:UDP:pNRP (Peer Name Resolution Protocol)
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "27453:TCP"= 27453:TCP:BitComet 27453 TCP
    "27453:UDP"= 27453:UDP:BitComet 27453 UDP
    "21683:TCP"= 21683:TCP:BitComet 21683 TCP
    "21683:UDP"= 21683:UDP:BitComet 21683 UDP
    "27328:TCP"= 27328:TCP:BitComet 27328 TCP
    "27328:UDP"= 27328:UDP:BitComet 27328 UDP

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-01-23 33408]
    R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2007-08-19 79904]
    R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Tietoturvapalvelu\HIPS\drivers\fshs.sys [2009-01-23 66720]
    R1 SASDIFSV;SASDIFSV;d:\työkalut & ohjelmat\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
    R1 SASKUTIL;SASKUTIL;d:\työkalut & ohjelmat\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
    R2 ExploitShield;F-Secure Exploit Shield Service;c:\program files\Tietoturvapalvelu\ExploitShield\fsessrv.exe [2008-12-18 257152]
    R2 FSORSPClient;F-Secure ORSP Client;c:\program files\Tietoturvapalvelu\ORSP Client\fsorsp.exe [2008-12-18 49152]
    R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-05 603904]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Tietoturvapalvelu\Anti-Virus\minifilter\fsgk.sys [2007-05-30 84096]
    S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2008-07-18 219136]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-01-19 138112]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-01-19 8320]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-12-10 7808]
    S3 SASENUM;SASENUM;d:\työkalut & ohjelmat\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Tietoturvapalvelu\Anti-Virus\win2k\fsfilter.sys [2007-01-18 39776]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Tietoturvapalvelu\Anti-Virus\win2k\fsrec.sys [2007-01-18 25184]
    S4 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    'Ajoitetut tehtävät'-kansion sisältö

    2009-02-05 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]

    2009-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-02-05 c:\windows\Tasks\ktwlstvc.job
    - c:\windows\system32\awttqrRk.dll []

    2009-02-05 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

    2009-02-03 c:\windows\Tasks\SmartDefrag.job
    - D:\Ty []

    2009-02-03 c:\windows\Tasks\SmartDefrag.job
    - D:\Ty []
    .
    - - - - POISTETUT JÄMÄRIVIT - - - -

    WebBrowser-{C3CD744D-2FAE-4640-8297-16B5DA423104} - (no file)
    MSConfigStartUp-DriveSitter Pro - d:\työkalut & ohjelmat\DriveSitter\DriveSitter.exe


    .
    ------- Täydentävä tarkistus -------
    .
    uStart Page = hxxp://www.google.fi/
    uInternet Settings,ProxyServer = 127.0.0.1:8080
    uInternet Settings,ProxyOverride = local;*.local
    IE: &D&ownload &with BitComet - d:\työkalut & ohjelmat\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - d:\työkalut & ohjelmat\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - d:\työkalut & ohjelmat\BitComet\BitComet.exe/AddAllLink.htm
    IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - d:\työkalut & ohjelmat\Messenger Backup\Messenger Backup
    FF - ProfilePath - c:\documents and settings\Johtaja\Application Data\Mozilla\Firefox\Profiles\bq9j7446.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi/
    FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
    FF - component: c:\documents and settings\Johtaja\Application Data\Mozilla\Firefox\Profiles\bq9j7446.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
    FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

    ---- FIREFOXIN KÄYTÄNNÖT ----
    FF - user.js: network.proxy.type - 0
    FF - user.js: network.proxy.http -
    user_pref(network.proxy.http_port,);
    FF - user.js: network.proxy.no_proxies_on -
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-05 16:06:33
    Windows 5.1.2600 Service Pack 3 NTFS

    tarkistaa piilotettuja prosesseja ...

    tarkistaa piilotettuja käynnistysarvoja ...

    tarkistaa piilotettuja tiedostoja ...


    c:\documents and settings\Johtaja\Application Data\Software Informer\cache\icons\EW : Cossacks.ico 4398 bytes hidden from API
    c:\documents and settings\Johtaja\Application Data\Software Informer\cache\icons\Cossacks : The Art Of War.ico 4398 bytes hidden from API

    tarkistus on valmis
    piilotetut tiedostot: 2

    **************************************************************************
    .
    --------------------- LUKITUT REKISTERIAVAIMET ---------------------

    [HKEY_USERS\S-1-5-21-527237240-764733703-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{36361C48-D9AC-38F4-6A27-2F88212F1EE0}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-527237240-764733703-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A0451CAE-67AB-78A9-646B-B5FCA21810F2}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "iadnkcegkgbnklihej"=hex:6a,61,6b,66,6b,69,64,6f,6a,62,70,6b,6e,6a,70,6f,6a,6c,
    6d,64,00,f0
    "hajmpjoolfjicpee"=hex:6a,61,6b,66,6b,69,64,6f,6a,62,70,6b,6e,6a,70,6f,6a,6c,
    6d,64,00,f0

    [HKEY_USERS\S-1-5-21-527237240-764733703-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B6CDABD2-23D9-02D4-F388-16AB1A27033F}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "iakpoempjfofgflapa"=hex:6a,61,6c,6b,69,6a,6f,69,6e,6a,6a,65,6d,67,6f,67,6b,61,
    6c,69,00,00
    "haipeogjcemojbgb"=hex:6b,61,6f,6a,6c,6c,6a,64,66,6e,6e,61,61,67,6c,62,66,6c,
    6b,6f,6d,6f,00,00

    [HKEY_USERS\S-1-5-21-527237240-764733703-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7421E15-A93C-283E-E641-B63CD638FD1E}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "abbaadapahnfecaapgbpnhgnediiofgaeb"=hex:61,62,70,61,6e,66,6d,64,65,64,6d,66,
    62,6a,68,66,6e,69,6c,6f,61,61,6b,64,6b,6f,65,6e,65,61,69,68,68,6f,00,77
    "bbbaadapahnfecaapgmpibmkhplgpcackfge"=hex:61,62,67,62,64,66,67,70,6c,65,65,66,
    61,70,62,69,70,64,63,63,61,6c,62,6c,6d,63,6c,68,65,6c,67,6b,62,64,00,77

    [HKEY_USERS\S-1-5-21-527237240-764733703-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:b9,f9,b2,65,74,0c,29,b8,8b,c1,55,f3,5b,a8,50,7e,ee,8e,3f,16,eb,88,90,
    f7,ae,44,d4,24,82,ba,75,74,30,15,f2,33,74,c6,5f,3d,0f,f2,07,88,68,5d,ed,5e,\
    "??"=hex:0e,5d,e1,30,1f,6e,1a,7c,98,2e,98,05,31,03,79,83

    [HKEY_USERS\S-1-5-21-527237240-764733703-682003330-1003\Software\YourCompanyName\YourProductName\Version*]
    "VersionData"=hex:bf,41,6e,38,2e,1a,4a,92,9f,0e,10,3a,95,b4,49,66,97,38,6d,ee,
    b6,1b,ce,47,49,57,bc,c3,0f,ca,10,9b,58,8e,62,16,f8,f6,58,c2,a6,75,70,1c,75,\
    .
    --------------------- Prosesseihin ladatut DLLt ---------------------

    - - - - - - - > 'winlogon.exe'(1140)
    d:\työkalut & ohjelmat\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\Ati2evxx.dll
    c:\program files\Tietoturvapalvelu\FWES\Program\fsdc32.dll

    - - - - - - - > 'lsass.exe'(1212)
    c:\program files\Tietoturvapalvelu\FWES\Program\fsdc32.dll

    - - - - - - - > 'csrss.exe'(940)
    c:\program files\Tietoturvapalvelu\FWES\Program\fsdc32.dll
    .
    Valmistumisajankohta: 2009-02-05 16:09:03
    ComboFix-quarantined-files.txt 2009-02-05 14:09:00

    Ennen ajoa: 3 844 149 248 bytes free
    Ajon jälkeen: 3,822,141,440 tavua vapaana

    Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
    470 --- E O F --- 2009-02-03 23:38:46
     
    p2pman, Feb 5, 2009
    #13
  14. Hujo

    Hujo Guest

    scannaa uusi hjt:n loki

    ==========

    Luo poistolista:
    • Avaa HiJackThis
    • Klikkaa "Configure" valintaa oikealla alhaalla
    • Klikkaa "Misc Tools"
    • Klikkaa boxia joka sanoo "Uninstall Manager"
    • Klikkaa valintaa "Save list"
    • Kopioi ja liitä kyseinen lista muistiosta ketjuusi
     
    Hujo, Feb 5, 2009
    #14
  15. p2pman

    p2pman Regular member

    Joined:
    Apr 27, 2007
    Messages:
    540
    Likes Received:
    0
    Trophy Points:
    26
    loki

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:00:07, on 5.2.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Tietoturvapalvelu\ExploitShield\fsesgui.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    D:\Työkalut & Ohjelmat\NetWorx\networx.exe
    D:\Työkalut & Ohjelmat\WinSnap\WinSnap.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    D:\Työkalut & Ohjelmat\PeerGuardian2\pg2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Tietoturvapalvelu\ExploitShield\fsessrv.exe
    C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE
    C:\Program Files\Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
    C:\Program Files\Tietoturvapalvelu\Common\FSMB32.EXE
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Tietoturvapalvelu\Common\FCH32.EXE
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\Tietoturvapalvelu\Common\FAMEH32.EXE
    C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsqh.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\TUProgSt.exe
    C:\Program Files\Tietoturvapalvelu\FSGUI\fsguidll.exe
    D:\Työkalut & Ohjelmat\VNC4\WinVNC4.exe
    D:\Työkalut & Ohjelmat\Orbitdownloader\orbitdm.exe
    D:\Työkalut & Ohjelmat\Orbitdownloader\orbitnet.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Tietoturvapalvelu\Anti-Virus\fssm32.exe
    C:\Program Files\Tietoturvapalvelu\FSAUA\program\fsaua.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    C:\Program Files\Tietoturvapalvelu\FSAUA\program\fsus.exe
    C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsav32.exe
    C:\WINDOWS\explorer.exe
    D:\Työkalut & Ohjelmat\Smartin konvertteri\smartmovie.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\hjt\scanner.exe
    C:\WINDOWS\system32\rundll32.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Työkalut & Ohjelmat\Orbitdownloader\orbitcth.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Työkalut & Ohjelmat\BitComet\tools\BitCometBHO_1.2.8.7.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\TYKALU~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Työkalut & Ohjelmat\Orbitdownloader\GrabPro.dll
    O3 - Toolbar: &NetWorx Desk Band - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - D:\TYKALU~1\NetWorx\deskband.dll
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Tietoturvapalvelu\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Työkalut & Ohjelmat\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [F-Secure ExploitShield] "C:\Program Files\Tietoturvapalvelu\ExploitShield\fsesgui.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NetWorx] "D:\Työkalut & Ohjelmat\NetWorx\networx.exe" /auto
    O4 - HKCU\..\Run: [WinSnap] "D:\Työkalut & Ohjelmat\WinSnap\WinSnap.exe" /startup
    O4 - HKCU\..\Run: [PeerGuardian] D:\Työkalut & Ohjelmat\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Työkalut & Ohjelmat\Alcohol 120%\axcmd.exe" /automount
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [BitComet] "D:\Työkalut & Ohjelmat\BitComet\BitComet.exe" /tray
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Orbit.lnk = ?
    O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Työkalut & Ohjelmat\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Työkalut & Ohjelmat\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Työkalut & Ohjelmat\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Työkalut & Ohjelmat\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Työkalut & Ohjelmat\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Työkalut & Ohjelmat\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\TYKALU~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\TYKALU~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - D:\Työkalut & Ohjelmat\Messenger Backup\Messenger Backup (file missing)
    O9 - Extra 'Tools' menuitem: &Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - D:\Työkalut & Ohjelmat\Messenger Backup\Messenger Backup (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - Winlogon Notify: !SASWinLogon - D:\Työkalut & Ohjelmat\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe (file missing)
    O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: F-Secure Exploit Shield Service (ExploitShield) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\ExploitShield\fsessrv.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\ORSP Client\fsorsp.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe (file missing)
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Työkalut & Ohjelmat\VNC4\WinVNC4.exe

    --
    End of file - 14884 bytes






    tässä se lista

    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    4 Search w google search
    4t Tray Minimizer Free 4.40
    4U WMA MP3 Converter 6.2.6
    Acrobat.com
    Acrobat.com
    ActiveState ActivePython 2.5.1.1
    Adobe AIR
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9
    Adobe Shockwave Player 11
    All Media Fixer 9.11
    AoA Audio Extractor 1.0
    Apple Mobile Device Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Catalyst Registration
    ATI Display Driver
    ATI Parental Control & Encoder
    AviSynth 2.5
    AVS DVDMenu Editor 1.2.1.19
    AVS Video Tools 5.6
    Bonjour
    Cartman's Authoritah 1.3
    Catalyst Control Center - Branding
    CCleaner (remove only)
    Cinema Craft Encoder SP
    Command & Conquer 3
    CommuniCrypt Mail
    Compare It!
    ConvertXtoDVD 3.2.1.55b
    CoreAVC Professional Edition
    Cossacks - The Art Of War
    Crimsonland
    Crysis(R)
    DC++ 0.7091
    Diablo II
    DVD Rebuilder
    DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.2.0
    DVDFab Multi Setup
    DVDFab Platinum
    DVD-lab PRO 2.5
    Easy Symbian Suite
    EW : Cossacks
    EVEREST Ultimate Edition v4.60
    F-Secure ExploitShield
    F-Secure ORSP Client
    Google Toolbar for Internet Explorer
    GrabIt 1.7.2 Beta 3 (build 996)
    GrabPro - Toolbar
    Heart Of Darkness
    Hellfire
    Hero Editor V0.90
    HexEdit
    HijackThis 2.0.2
    Hitman Blood Money
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Internet Cyclone 1.96
    iTunes
    IZArc 3.81
    Java DB 10.3.1.4
    Java(TM) 6 Update 11
    Java(TM) 6 Update 7
    Java(TM) SE Development Kit 6 Update 7
    K-Lite Codec Pack 4.5.3 (Full)
    LimeWire PRO 4.18.3
    Little Fighter 2 version 2.0
    Logitech Legacy USB Camera Driver Package
    Logitech QuickCam
    Logitech QuickCam Driver Package
    Logitech Updater
    Malwarebytes' Anti-Malware
    Messenger Plus! Live
    MessengerDiscovery 1.5.0800
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FIN
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 1
    Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FIN
    Microsoft .NET Framework 3.5
    Microsoft .NET Framework 3.5
    Microsoft .NET Framework 3.5 Language Pack - fin
    Microsoft .NET Framework 3.5:n kielitukipaketti - FI
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access MUI (Finnish) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel MUI (Finnish) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove MUI (Finnish) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office InfoPath MUI (Finnish) 2007
    Microsoft Office Language Pack 2007 - Finnish/suomi
    Microsoft Office O MUI (Finnish) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office OneNote MUI (Finnish) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office Outlook MUI (Finnish) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint MUI (Finnish) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (Finnish) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Swedish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (Finnish) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Publisher MUI (Finnish) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (Finnish) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
    Microsoft Office SharePoint Designer MUI (Finnish) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word MUI (Finnish) 2007
    Microsoft Office X MUI (Finnish) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    MobileMe Control Panel
    Mozilla Firefox (3.0.5)
    Mp3tag v2.42
    MpcStar 3.3
    MSN Content Adder
    MSVC80_x86
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6.0 Parser
    Nero 9 Trial
    neroxml
    NetWorx 4.6.2
    Nokia Connectivity Cable Driver
    Nokia Flashing Cable Driver
    Nokia PC Suite
    Nokia PC Suite
    Nokia Software Updater
    Oblivion
    Oblivion - Horse Armor Pack
    Oblivion - Knights of the Nine
    Oblivion - Mehrunes Razor
    Oblivion - Orrery
    Oblivion - Spell Tomes
    Oblivion - The Fighter's Stronghold
    Oblivion - Thieves Den
    Oblivion - Vile Lair
    Oblivion - Wizard's Tower
    OpenOffice.org 2.4
    Orbit Downloader
    PC Connectivity Solution
    PeerGuardian 2.0
    Photo-Brush 4.4
    Proxy Finder Enterprise Edition
    PunkBuster Services
    Python 2.5 pyserial-2.2
    Python 2.5.2
    QuickTime
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    ReClock
    Revo Uninstaller 1.75
    Secunia PSI
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB958439)
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB958437)
    Security Update for Microsoft Office OneNote 2007 (KB950130)
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)
    Security Update for Microsoft Office Publisher 2007 (KB950114)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office system 2007 (KB956828)
    Security Update for Microsoft Office Word 2007 (KB956358)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB958687)
    Sierra Utilities
    SimpPro 2.2
    Smart Defrag 1.10
    SmartMovie Converter
    Software Informer 1.0 BETA
    SoundMAX
    Spybot - Search & Destroy
    SpywareBlaster 4.1
    StuffPlug 3
    Subtitle Workshop 2.51
    SUPER © Version 2007.bld.23 (July 4, 2007)
    SUPERAntiSpyware Free Edition
    SWF Opener
    System Requirements Lab
    TeraCopy 1.22 Pro
    Tietoturvapalvelu
    Tom Clancy's Rainbow Six Vegas 2
    TuneUp Utilities 2009
    Uniblue DriverScanner 2009
    Uniblue DriverScanner 2009
    Unlocker 1.8.7
    Unofficial Official Mods Patch v12
    Unofficial Shivering Isles Patch v1.2.0
    Update for Microsoft Office Outlook 2007 (KB952142)
    Update for Office 2007 (KB946691)
    Update for Outlook 2007 Junk Email Filter (kb959141)
    Win IP Config 2.7
    Windows Defender
    Windows Internet Explorer 7 Multilingual User Interface (MUI)
    Windows Live installer
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Liven kirjautumisavustaja
    Windows Media Format Runtime
    Windowsin ohjainpaketti - Nokia Modem (10/27/2008 3.9)
    Windowsin ohjainpaketti - Nokia Modem (10/27/2008 7.01.0.1)
    Windowsin ohjainpaketti - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    WinHTTrack Website Copier 3.43
    WinPcap 4.0.2
    WinRAR archiver
    WinSnap
    Visual USB
    VLC media player 0.9.8a
    WM Recorder 12.1
    VNC Enterprise Edition E4.4.2
    VNC Mirror Driver 1.8.0
    VobSub v2.23
    Wolfenstein - Enemy Territory
    Worms World Party
    wxPython 2.8.7.1 (ansi) for Python 2.5
    xp-AntiSpy 3.96-8
    XQDC X-Setup Pro 9.0.100
    XviD MPEG4 Video Codec

     
    p2pman, Feb 5, 2009
    #15
  16. Hujo

    Hujo Guest

    Poista lisää poista sovelutuksesta

    Java(TM) 6 Update 7
    xp-AntiSpy 3.96-8

    Poista kansio vikasiedossa

    c:\program files\ThreatFire

    ================

    katso että ei ole windowsin palomuuri päällä

    ============

    Päivitä Malwarebytes' Anti-Malware aja täysi scannaus

    ===========

    Lataa Atribunen ATF Cleaner

    Ohjeet;

    Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
    Klikkaa Empty Selected valintaa.
    Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa taas.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
    Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)
     
    Last edited by a moderator: Feb 5, 2009
    Hujo, Feb 5, 2009
    #16
  17. p2pman

    p2pman Regular member

    Joined:
    Apr 27, 2007
    Messages:
    540
    Likes Received:
    0
    Trophy Points:
    26
    ei löytäny malwarebytes mitään. tein noi muut mutten en löytäny koneelta tuota threatfiren kansiota!... en mistään
     
    p2pman, Feb 9, 2009
    #17
  18. Hujo

    Hujo Guest

    Mikäs on koneen toiminta
     
    Hujo, Feb 9, 2009
    #18
  19. p2pman

    p2pman Regular member

    Joined:
    Apr 27, 2007
    Messages:
    540
    Likes Received:
    0
    Trophy Points:
    26
    toimii se nyt ihan hyvin muuten paitsi että siinä on edelleen se että kun käynnistää koneen uudelleen nii se alapalkki muuttuu edelleen harmaaks. Ja sit äänet ei kuulu.. Meniskö se johonkin vikasietotilaan ehkä.. Kun nimittäin kun menee vikasietotilaan nii se alapalkki muuttuu myös silloin harmaaksi. Mut en usko että se enää viruksista johtuu kun on tässä sen verran jo putsailtu..
     
    p2pman, Feb 10, 2009
    #19
  20. Hujo

    Hujo Guest

    Joo,,, sille vois tehä sen korjausasennuksen.
    Ei sen nyt pitäs harmaaksi muuttua.
    tuntuis että siellä olis niinkuin kaksi käyttöjärjestelmää sisällä.
    Löytyykö sieltä resusinhallinasta

    C:\windows
    C:\windows.0000
    jotakin tuohon tyyliin
     
    Last edited by a moderator: Feb 10, 2009
    Hujo, Feb 10, 2009
    #20
Page 1 of 2

Share This Page