Windowsin uudelleen asennuksen jälkeen poppuppeja.

Eli asensin windowsin uusiks just ja heti kone imas jostain jonkun pöpön. Päivittelin windowsin kaikki päivitykset.
Popuppeja pukkaa ja kone ehkä vähän hidastunut kun esim avaa kansoita tms. F-secure ei mitään ole löytänyt eikä TrojanHunter (taino löysi mutta ja poisti mutte ongelma ei hävinnyt)

Apuja kaipailisin.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:18:15, on 29.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Adobe\Adobe Flash CS3\Flash.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\Wiljami\Työpöytä\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201455271263
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201456745859
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 7020 bytes

 

Yhden neuvon osaan antaa. Päivitä HJT uusimpaa, koska käyttämäsi on beta versio.

 

Kappas!
No mutta tässä uusi. Ei siinä mielestäni ole mitään, mutta edelleen tulee popuppeja. Avaa ne pelkästään IE:hen vaikak olis firefox käytöss.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:30, on 30.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201455271263
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201456745859
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

--
End of file - 5982 bytes

 

Lataa VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

====

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

=======
Nimeä uudelleen skanneriksi

C:\Program Files\Trend Micro\HijackThis\ ==>HijackThis.exe <==

 

VundoFix näytti puhdasta ja tämä eScan tämmösen

File C:\Documents and Settings\Wiljami\Työpöytä\SmitfraudFix.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.

uusi HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:40, on 30.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201455271263
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201456745859
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

--
End of file - 6581 bytes

 

Tuon voit fixsata pois

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

 

Jeps poistin tuon mutta se taitaa olla vaan jotain noita ääni piirin juttuja? Vieläkin tulee popuppeja! Jhälp!

 

Jos Windows on juuri asennettu niin mitäs jos asentaisit sen uudestaan. Tällä kertaa voisit asentaa sen oikein. Eli ei mitään verkkoyhteyksiä ennen kuin on SP2, virustutka ja palomuuri asennettu. XP on sen luokan paskaimuri, että sillä ei tarvii edes tehdä mitään niin tartunta voi tulla jo 5min sisällä.

 

moi
on varmaan tämä mikä häröilee

[*]klikkaa---> Käynnistä
[*]Suorita
[*]Kirjoita services.msc ja paina enter
[*]Ikkuna aukeaa, rullaa seuraavan palvelun kohdalle: Viestinvälitys
[*]Klikkaa sitä hiiren oikealla näppäimellä ja valitse Seis
[*]Klikkaa sitten Ominaisuudet
[*]Valitse Käynnistystapa: Ei käytössä
[*]Klikkaa Käytä ja Ok
[*]Sulje ikkuna

 

Tein Tomaton ohjeiden mukaan mutta en löytänyt kohtaa "Viestinvälitys" mistään.

 

onko suomi xp ?? vai minkä kielinen
wia ja windows audion välis
tässä kuva
http://aloittelija.net/windows-xp/palvelut/

 

Suomi Xp on ja ihan laillinen yms.
tässä kuva! ei oo tommosta juttuu

 

no huh outoa...
vieläkö popupit vaivaa,jos vaivaa niin mitä niissä lukee ??

 

Juu vaivaavat edelleen. Popupeja tulee satunnaisesti tälläisiin osoitteisiin:

linkilink_http://d2.zedo.com/jsc/d4/ff2.html?n=760;c=90/18;s=4;d=15;w=1;h=1
linkilink_http://fi.partypoker.com
linkilink_http://hopelessromantic.com/pop_install.php

 

jaahans.... olisi pitäny kattoo tuota lokia vähän paremmin

Uudelleennimeä C:\Program Files\Trend Micro\HijackThis\HijackThis.exe vaikkapa wiljami.exe :s

1. Lataa combofix.exe työpöydällesi mistä tahansa alla olevasta linkistä:
Linkki 1
Linkki 2
Linkki 3

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi + uusi hjt-loki
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

HJT logi (nimesin kyllä "Wiljami" mutta ei näy ?!?):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:16, on 8.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Wiljami.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201455271263
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201456745859
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

--
End of file - 7349 bytes



Comfix logi:

ComboFix 08-02.05.3 - Wiljami 2008-02-08 10:48:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1521 [GMT 2:00]
Running from: C:\Documents and Settings\Wiljami\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk . . . . poisto epäonnistui

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-01-08 to 2008-02-08 )))))))))))))))))
.

2008-02-05 20:09 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-02-03 14:31 . 2008-02-07 13:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-03 14:31 . 2008-02-03 14:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-02 23:24 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-02 23:14 . 2008-02-02 23:17 <KANSIO> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-02-02 23:12 . 2008-02-02 23:24 <KANSIO> d-------- C:\Program Files\Java
2008-02-02 23:12 . 2008-02-02 23:12 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-02-02 22:41 . 2008-02-02 23:16 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-02-02 22:39 . 2008-02-02 23:17 <KANSIO> d-------- C:\Program Files\Autodesk
2008-01-31 19:05 . 2003-03-19 11:03 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-01-31 19:04 . 2008-01-31 19:06 <KANSIO> d-------- C:\Program Files\Magic Video Converter
2008-01-31 19:04 . 2004-05-26 21:37 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-01-31 19:04 . 2006-09-16 19:44 314,368 --a------ C:\WINDOWS\system32\avisynth.dll
2008-01-31 17:15 . 2008-01-31 17:15 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\Apple Computer
2008-01-31 17:12 . 2008-01-31 17:12 <KANSIO> d-------- C:\Program Files\Apple Software Update
2008-01-31 17:12 . 2008-01-31 17:15 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-31 17:12 . 2008-01-31 17:12 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-31 15:54 . 2008-01-31 15:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-30 18:09 . 2008-01-30 18:09 0 --a------ C:\23990098.$$$
2008-01-30 16:05 . 2008-01-30 16:58 <KANSIO> d-------- C:\Downloads
2008-01-30 16:04 . 2008-01-30 16:58 <KANSIO> d-------- C:\Kaspersky
2008-01-30 15:55 . 2008-01-30 15:55 <KANSIO> d-------- C:\VundoFix Backups
2008-01-30 14:52 . 2008-01-30 14:52 <KANSIO> d-------- C:\Program Files\CCleaner
2008-01-30 14:42 . 2008-01-30 14:42 2,856 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-30 14:41 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-30 14:41 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-30 14:41 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-30 14:41 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-30 14:41 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-30 14:41 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-30 14:35 . 2008-01-30 14:35 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-01-30 14:35 . 2008-01-30 14:35 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-30 14:34 . 2008-01-30 14:34 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-30 14:28 . 2008-01-30 14:29 <KANSIO> d-------- C:\Program Files\Absolute Sound Recorder
2008-01-30 14:28 . 2002-01-05 14:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-01-30 14:13 . 2008-01-30 14:13 <KANSIO> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-01-30 14:13 . 2008-01-30 18:31 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\Audacity
2008-01-30 12:18 . 2008-01-30 14:22 <KANSIO> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-30 12:14 . 2008-01-30 12:14 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-01-29 18:53 . 2008-02-08 10:53 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\WTablet
2008-01-29 18:53 . 2007-09-07 11:31 3,499,304 --a------ C:\WINDOWS\system32\WacomTablet.cpl
2008-01-29 18:53 . 2007-09-05 14:30 1,910,035 --a------ C:\WINDOWS\system32\WacomTablet.znc
2008-01-29 18:53 . 2004-09-14 16:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-29 18:53 . 2004-09-14 16:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-29 18:52 . 2008-01-29 18:52 <KANSIO> d-------- C:\WINDOWS\system32\WTablet
2008-01-29 18:52 . 2008-01-29 18:52 <KANSIO> d-------- C:\Program Files\Tablet
2008-01-29 18:52 . 2007-09-07 11:40 1,373,480 --a------ C:\WINDOWS\system32\Wacom_Tablet.exe
2008-01-29 18:52 . 2007-09-07 11:20 181,544 --a------ C:\WINDOWS\system32\Wintab32.dll
2008-01-29 18:52 . 2007-09-07 11:33 128,296 --a------ C:\WINDOWS\system32\Wacom_Tablet.dll
2008-01-29 18:52 . 2004-09-14 16:07 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-29 18:52 . 2004-09-14 16:07 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-29 18:52 . 2007-02-16 10:30 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2008-01-29 18:52 . 2007-02-15 16:11 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
2008-01-29 18:52 . 2007-02-16 11:12 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2008-01-29 15:51 . 2008-01-29 15:51 <KANSIO> d-------- C:\Program Files\DivX
2008-01-29 13:44 . 2008-01-29 13:44 <KANSIO> d-------- C:\WINDOWS\system32\xlive
2008-01-29 13:04 . 2008-01-29 13:09 <KANSIO> d-------- C:\Program Files\RegCure
2008-01-29 13:04 . 2008-01-29 13:04 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\TrojanHunter
2008-01-29 12:51 . 2008-01-29 12:51 <KANSIO> d-------- C:\Program Files\TrojanHunter 5.0
2008-01-29 12:48 . 2008-01-29 12:48 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\Simply Super Software
2008-01-29 12:48 . 2008-01-29 12:48 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-01-29 12:48 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-01-29 12:48 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-01-29 12:48 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-01-29 12:48 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-01-29 12:48 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-01-28 13:56 . 2008-01-28 13:56 <KANSIO> d-------- C:\Program Files\WinSCP
2008-01-28 13:45 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-28 13:45 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-28 13:39 . 2008-01-28 13:39 <KANSIO> d-------- C:\Program Files\Combined Community Codec Pack
2008-01-28 13:26 . 2008-01-28 13:26 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\F-Secure
2008-01-28 13:24 . 2008-01-28 13:30 <KANSIO> d-------- C:\Program Files\F-Secure Internet Security
2008-01-28 13:24 . 2008-01-28 13:24 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-01-28 13:24 . 2008-01-28 13:24 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-01-28 13:24 . 2007-05-25 15:09 58,128 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-01-28 13:24 . 2007-05-25 15:09 37,008 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-01-28 13:21 . 2008-01-29 13:14 <KANSIO> d-------- C:\Program Files\SpywareBlaster
2008-01-28 13:21 . 2005-08-25 18:19 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-01-28 13:21 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-01-28 13:21 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-01-28 13:07 . 2008-01-28 13:07 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-28 13:07 . 2008-01-28 13:07 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-28 13:06 . 2008-01-28 13:06 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-28 13:06 . 2008-01-28 13:06 86,144 --a------ C:\WINDOWS\system32\drivers\amdagpp.sys
2008-01-27 23:37 . 2008-01-27 23:37 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\Microsoft Games
2008-01-27 23:27 . 2008-01-27 23:27 <KANSIO> d-------- C:\Program Files\uTorrent
2008-01-27 23:27 . 2008-02-02 23:39 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\uTorrent
2008-01-27 22:46 . 2008-01-27 22:49 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-27 22:45 . 2008-01-31 17:13 <KANSIO> d-------- C:\Program Files\QuickTime
2008-01-27 22:45 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-01-27 22:45 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-01-27 22:19 . 2008-01-27 22:19 <KANSIO> d-------- C:\Program Files\Bonjour
2008-01-27 22:13 . 2008-01-27 22:13 <KANSIO> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-27 21:41 . 2008-01-27 21:44 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Contacts
2008-01-27 21:35 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-27 21:33 . 2008-01-27 21:33 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-27 21:27 . 2008-01-27 21:33 <KANSIO> d-------- C:\Program Files\Windows Live
2008-01-27 21:27 . 2008-01-27 21:32 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-27 21:26 . 2008-01-27 21:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-27 21:08 . 2008-01-27 21:08 <KANSIO> d-------- C:\Documents and Settings\LocalService\K„ynnist„-valikko

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 10:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-27 18:19 --------- d-----w C:\Documents and Settings\Wiljami\Application Data\Talkback
2008-01-27 17:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 17:53 --------- d-----w C:\Program Files\Logitech
2008-01-27 17:53 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-27 17:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-27 17:42 --------- d-----w C:\Program Files\Realtek
2008-01-27 17:11 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-14 09:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-05 00:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-04 23:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-04 23:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-04 23:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-04 23:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-04 23:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-04 23:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-04 23:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-04 23:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-12-04 23:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-04 23:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-12-04 23:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-04 23:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-04 23:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-04 23:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-04 23:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-04 23:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-04 23:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-04 23:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-12-04 23:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-12-04 23:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-12-04 23:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-12-04 23:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-12-04 23:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-12-04 23:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-12-04 23:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-12-04 23:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-12-04 23:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-12-04 23:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-12-04 23:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-12-04 23:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-12-04 23:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-04 23:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-12-04 23:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-12-04 23:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-12-04 23:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-12-04 23:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-04 23:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-04 23:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-12-04 23:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-12-04 23:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-12-04 23:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-12-04 23:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-12-04 23:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-12-04 23:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-12-04 23:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-12-04 23:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-12-04 23:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-04 23:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-12-04 23:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-12-04 23:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-12-04 23:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-12-04 23:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-12-04 23:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-12-04 23:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-12-04 23:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-12-04 23:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-12-04 23:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-12-04 23:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-12-04 23:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-12-04 23:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-12-04 23:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-12-04 23:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-12-04 23:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-12-04 23:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-12-04 23:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-12-04 23:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-12-04 23:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-12-04 23:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-12-04 23:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-12-04 23:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-12-04 23:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-12-04 23:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-12-04 23:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-12-04 23:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-04 23:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-12-04 23:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-12-04 23:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-12-04 23:41 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-12-04 23:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-04 23:41 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-12-04 23:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-04 23:41 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-12-04 23:41 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-12-04 23:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-04 23:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-12-04 23:41 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll
2007-12-04 23:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-04 23:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-12-04 23:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-12-04 23:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 14:44 36864]
"JMB36X Configure"="C:\WINDOWS\System32\JMRaidSetup.exe" [2006-10-30 14:44 1953792]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 09:50 20992 C:\WINDOWS\LOGI_MWX.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2007-05-25 15:12 183208]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 15:11 740208]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31 1046688]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-05-25 15:09]
R1 amdagpp;amdagpp;C:\WINDOWS\system32\drivers\amdagpp.sys [2008-01-28 13:06]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2007-05-25 15:12]
R2 TabletServiceWacom;TabletServiceWacom;C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 11:40]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 15:08]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 10:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 16:11]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 15:09]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 15:09]

*Newly Created Service* - HTTPFILTER
.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-01-31 15:12:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-08 08:53:43 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-29 11:13:02 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 10:53:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Completion time: 2008-02-08 10:56:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-08 08:56:00
.
2008-01-27 17:46:58 --- E O F ---

 

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

 

Kun tekee noin tulee tämmönen?

 

tee tuo edellinen vikasietotilassa

 

Nyt tuntuu siltä että tais lähteä popupit

mutta tässä tämä logi vielä:

ComboFix 08-02.05.3 - Järjestelmänvalvoja 2008-02-09 18:49:31.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1789 [GMT 2:00]
Running from: C:\Documents and Settings\Wiljami\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Wiljami\Työpöytä\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\23990098.$$$
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\23990098.$$$
C:\WINDOWS\system32\drivers\amdagpp.sys
C:\WINDOWS\system32\drivers\core.cache.dsk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_AMDAGPP
-------\amdagpp


((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-01-09 to 2008-02-09 )))))))))))))))))
.

2008-02-08 23:40 . 2008-02-08 23:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-08 23:40 . 2008-02-08 23:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-08 10:46 . 2004-09-14 16:12 390,656 --a------ C:\kmd.exe
2008-02-05 20:09 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-02-02 23:24 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-02 23:14 . 2008-02-02 23:17 <KANSIO> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-02-02 23:12 . 2008-02-02 23:24 <KANSIO> d-------- C:\Program Files\Java
2008-02-02 23:12 . 2008-02-02 23:12 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-02-02 22:41 . 2008-02-02 23:16 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-02-02 22:39 . 2008-02-02 23:17 <KANSIO> d-------- C:\Program Files\Autodesk
2008-01-31 19:05 . 2003-03-19 11:03 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-01-31 19:04 . 2008-01-31 19:06 <KANSIO> d-------- C:\Program Files\Magic Video Converter
2008-01-31 19:04 . 2004-05-26 21:37 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-01-31 19:04 . 2006-09-16 19:44 314,368 --a------ C:\WINDOWS\system32\avisynth.dll
2008-01-31 17:15 . 2008-01-31 17:15 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\Apple Computer
2008-01-31 17:12 . 2008-01-31 17:12 <KANSIO> d-------- C:\Program Files\Apple Software Update
2008-01-31 17:12 . 2008-01-31 17:15 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-31 17:12 . 2008-01-31 17:12 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-31 15:54 . 2008-01-31 15:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-30 16:05 . 2008-01-30 16:58 <KANSIO> d-------- C:\Downloads
2008-01-30 16:04 . 2008-01-30 16:58 <KANSIO> d-------- C:\Kaspersky
2008-01-30 15:55 . 2008-01-30 15:55 <KANSIO> d-------- C:\VundoFix Backups
2008-01-30 14:52 . 2008-01-30 14:52 <KANSIO> d-------- C:\Program Files\CCleaner
2008-01-30 14:42 . 2008-01-30 14:42 2,856 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-30 14:41 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-30 14:41 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-30 14:41 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-30 14:41 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-30 14:41 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-30 14:41 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-30 14:35 . 2008-01-30 14:35 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-01-30 14:35 . 2008-01-30 14:35 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-30 14:34 . 2008-01-30 14:34 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-30 14:28 . 2008-01-30 14:29 <KANSIO> d-------- C:\Program Files\Absolute Sound Recorder
2008-01-30 14:28 . 2002-01-05 14:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-01-30 14:13 . 2008-01-30 14:13 <KANSIO> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-01-30 14:13 . 2008-01-30 18:31 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\Audacity
2008-01-30 12:18 . 2008-02-08 12:34 <KANSIO> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-30 12:14 . 2008-01-30 12:14 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-01-29 18:53 . 2008-02-09 18:52 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\WTablet
2008-01-29 18:53 . 2007-09-07 11:31 3,499,304 --a------ C:\WINDOWS\system32\WacomTablet.cpl
2008-01-29 18:53 . 2007-09-05 14:30 1,910,035 --a------ C:\WINDOWS\system32\WacomTablet.znc
2008-01-29 18:53 . 2004-09-14 16:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-29 18:53 . 2004-09-14 16:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-29 18:52 . 2008-01-29 18:52 <KANSIO> d-------- C:\WINDOWS\system32\WTablet
2008-01-29 18:52 . 2008-01-29 18:52 <KANSIO> d-------- C:\Program Files\Tablet
2008-01-29 18:52 . 2007-09-07 11:40 1,373,480 --a------ C:\WINDOWS\system32\Wacom_Tablet.exe
2008-01-29 18:52 . 2007-09-07 11:20 181,544 --a------ C:\WINDOWS\system32\Wintab32.dll
2008-01-29 18:52 . 2007-09-07 11:33 128,296 --a------ C:\WINDOWS\system32\Wacom_Tablet.dll
2008-01-29 18:52 . 2004-09-14 16:07 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-29 18:52 . 2004-09-14 16:07 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-29 18:52 . 2007-02-16 10:30 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2008-01-29 18:52 . 2007-02-15 16:11 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
2008-01-29 18:52 . 2007-02-16 11:12 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2008-01-29 15:51 . 2008-01-29 15:51 <KANSIO> d-------- C:\Program Files\DivX
2008-01-29 13:44 . 2008-01-29 13:44 <KANSIO> d-------- C:\WINDOWS\system32\xlive
2008-01-29 13:04 . 2008-01-29 13:09 <KANSIO> d-------- C:\Program Files\RegCure
2008-01-29 13:04 . 2008-01-29 13:04 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\TrojanHunter
2008-01-29 12:51 . 2008-01-29 12:51 <KANSIO> d-------- C:\Program Files\TrojanHunter 5.0
2008-01-29 12:48 . 2008-01-29 12:48 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\Simply Super Software
2008-01-29 12:48 . 2008-01-29 12:48 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-01-29 12:48 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-01-29 12:48 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-01-29 12:48 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-01-29 12:48 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-01-29 12:48 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-01-28 13:56 . 2008-01-28 13:56 <KANSIO> d-------- C:\Program Files\WinSCP
2008-01-28 13:45 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-28 13:45 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-28 13:39 . 2008-01-28 13:39 <KANSIO> d-------- C:\Program Files\Combined Community Codec Pack
2008-01-28 13:26 . 2008-01-28 13:26 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\F-Secure
2008-01-28 13:24 . 2008-01-28 13:30 <KANSIO> d-------- C:\Program Files\F-Secure Internet Security
2008-01-28 13:24 . 2008-01-28 13:24 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-01-28 13:24 . 2008-01-28 13:24 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-01-28 13:24 . 2007-05-25 15:09 58,128 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-01-28 13:24 . 2007-05-25 15:09 37,008 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-01-28 13:21 . 2008-01-29 13:14 <KANSIO> d-------- C:\Program Files\SpywareBlaster
2008-01-28 13:21 . 2005-08-25 18:19 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-01-28 13:21 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-01-28 13:21 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-01-28 13:07 . 2008-01-28 13:07 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-28 13:07 . 2008-01-28 13:07 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-27 23:37 . 2008-01-27 23:37 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\Microsoft Games
2008-01-27 23:27 . 2008-01-27 23:27 <KANSIO> d-------- C:\Program Files\uTorrent
2008-01-27 23:27 . 2008-02-02 23:39 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\uTorrent
2008-01-27 22:46 . 2008-01-27 22:49 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-27 22:45 . 2008-01-31 17:13 <KANSIO> d-------- C:\Program Files\QuickTime
2008-01-27 22:45 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-01-27 22:45 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-01-27 22:19 . 2008-01-27 22:19 <KANSIO> d-------- C:\Program Files\Bonjour
2008-01-27 22:13 . 2008-01-27 22:13 <KANSIO> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-27 21:41 . 2008-01-27 21:44 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Contacts
2008-01-27 21:35 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-27 21:33 . 2008-01-27 21:33 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-27 21:27 . 2008-01-27 21:33 <KANSIO> d-------- C:\Program Files\Windows Live
2008-01-27 21:27 . 2008-01-27 21:32 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-27 21:26 . 2008-01-27 21:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-27 21:08 . 2008-01-27 21:08 <KANSIO> d-------- C:\Documents and Settings\LocalService\K„ynnist„-valikko
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 10:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-27 18:19 --------- d-----w C:\Documents and Settings\Wiljami\Application Data\Talkback
2008-01-27 17:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 17:53 --------- d-----w C:\Program Files\Logitech
2008-01-27 17:53 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-27 17:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-27 17:42 --------- d-----w C:\Program Files\Realtek
2008-01-27 17:11 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-14 09:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-05 00:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-04 23:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-04 23:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-04 23:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-04 23:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-04 23:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-04 23:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-04 23:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-04 23:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-12-04 23:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-04 23:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-12-04 23:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-04 23:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-04 23:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-04 23:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-04 23:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-04 23:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-04 23:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-04 23:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-12-04 23:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-12-04 23:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-12-04 23:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-12-04 23:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-12-04 23:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-12-04 23:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-12-04 23:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-12-04 23:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-12-04 23:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-12-04 23:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-12-04 23:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-12-04 23:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-12-04 23:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-04 23:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-12-04 23:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-12-04 23:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-12-04 23:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-12-04 23:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-04 23:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-04 23:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-12-04 23:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-12-04 23:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-12-04 23:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-12-04 23:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-12-04 23:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-12-04 23:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-12-04 23:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-12-04 23:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-12-04 23:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-04 23:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-12-04 23:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-12-04 23:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-12-04 23:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-12-04 23:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-12-04 23:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-12-04 23:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-12-04 23:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-12-04 23:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-12-04 23:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-12-04 23:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-12-04 23:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-12-04 23:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-12-04 23:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-12-04 23:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-12-04 23:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-12-04 23:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-12-04 23:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-12-04 23:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-12-04 23:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-12-04 23:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-12-04 23:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-12-04 23:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-12-04 23:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-12-04 23:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-12-04 23:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-12-04 23:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-04 23:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-12-04 23:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-12-04 23:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-12-04 23:41 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-12-04 23:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-04 23:41 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-12-04 23:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-04 23:41 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-12-04 23:41 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-12-04 23:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-04 23:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-12-04 23:41 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll
2007-12-04 23:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-04 23:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-12-04 23:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-12-04 23:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 14:44 36864]
"JMB36X Configure"="C:\WINDOWS\System32\JMRaidSetup.exe" [2006-10-30 14:44 1953792]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 09:50 20992 C:\WINDOWS\LOGI_MWX.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2007-05-25 15:12 183208]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 15:11 740208]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31 1046688]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-05-25 15:09]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2007-05-25 15:12]
R2 TabletServiceWacom;TabletServiceWacom;C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 11:40]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 15:08]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 10:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 16:11]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 15:09]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 15:09]

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-01-31 15:12:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-09 16:52:10 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-29 11:13:02 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 18:52:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Completion time: 2008-02-09 18:53:59 - machine was rebooted [Wiljami]
ComboFix-quarantined-files.txt 2008-02-09 16:53:55
ComboFix2.txt 2008-02-08 08:56:05
.
2008-01-27 17:46:58 --- E O F ---