joku uusi virus iskeny...

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

maanantai 13.1.2025 / 10:47

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > joku uusi virus iskeny...

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

joku uusi virus iskeny...

Siirry:

Kirjoittaja

Viesti

krizu7

Junior Member

22. lokakuuta 2008 @ 20:14

Linkki tähän viestiin

mun kone lähettelee muille jotai linkkiä johoki ikemtuxm.mobi sivulle ja saan niitä muilta koko ajan ja sitten se vanha riesa, että ne paska jutut hyppii on taas tässä. nyt jumalauta apua!!

[ + lainaa]

yaht

Senior Member

4 tuotearviota

22. lokakuuta 2008 @ 23:03

Linkki tähän viestiin

Moi

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

[ + lainaa]

krizu7

Junior Member

23. lokakuuta 2008 @ 17:42

Linkki tähän viestiin

Malware loki:

Malwarebytes' Anti-Malware 1.30
Tietokantaversio: 1308
Windows 5.1.2600 Service Pack 3

23.10.2008 17:37:14
mbam-log-2008-10-23 (17-37-14).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 303805
Kulunut aika: 2 hour(s), 5 minute(s), 50 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

HJT loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:41:33, on 23.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Elisa\Avustaja\Elisa.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vista Rainbar\Rainmeter.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\WinFlip\WinFlip.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Fast.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Elisa Avustaja] "C:\Program Files\Elisa\Avustaja\Elisa.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [NetFxUpdate_v1.1.4322] "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 0 v1.1.4322 GAC + NI NID
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vista Rainbar] C:\Program Files\Vista Rainbar\Rainmeter.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: WinFlip.lnk = C:\Program Files\WinFlip\WinFlip.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Latauslinkki käyttäen Mega Manageria... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~4\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1170431845328
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) - - c:\progra~1\pinnacle\mediac~1\epgspo~2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp WinStyler\WinStylerThemeSvc.exe (file missing)

--
End of file - 10187 bytes

[ + lainaa]

yaht

Senior Member

4 tuotearviota

23. lokakuuta 2008 @ 18:40

Linkki tähän viestiin

1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

Skannaa koneesi Kaspersky Online Skannerilla

* Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
* Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
* Kun lataus on valmis, klikkaa Settings.
* Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
* Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
* Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
* Näet listan saastuneista kohteista. Klikkaa Save Report As....
* Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.
* Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera

[ + lainaa]

krizu7

Junior Member

30. lokakuuta 2008 @ 11:42

Linkki tähän viestiin

teen nuo skannit viikonloppuna, tuossa kasperskyn skannissa kestää kauan kuitenkin

[ + lainaa]

warwas

Suspended permanently

30. lokakuuta 2008 @ 16:44

Linkki tähän viestiin

*Sori et tuun toisen ketjuun mutta tuo taitaa olla pelkkä Phishing sivusto.

Vaihda sen sähköpostiosoitteen salasana mitä käytät messengerissäsi.
Mesen salasana määräytyy sähköpostin salasanan mukaan.

Mutta muuten tee sitä mitä sulle neuvotaan täällä.

[ + lainaa]

krizu7

Junior Member

1. marraskuuta 2008 @ 19:27

Linkki tähän viestiin

salasana on vaihdettu useampaan kertaan ja teen kyllä nää skannit mitä täällä käsketään... mutta ComboFix loki:

ComboFix 08-10-31.02 - Kristian 2008-11-01 14:00:16.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.561 [GMT 2:00]
Sijainti: C:\Documents and Settings\Kristian\Omat tiedostot\viruspoisto\ComboFix.exe
* Uusi palautuspiste luotu

VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-10-01 to 2008-11-01 )))))))))))))))))
.

2008-11-01 13:32 . 2008-11-01 13:32 84 --a------ C:\WINDOWS\phd2dll.INI
2008-10-26 19:41 . 2008-11-01 13:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-26 19:41 . 2008-10-26 19:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-25 17:53 . 2008-10-25 17:56 5,376 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-10-24 19:55 . 2008-10-24 19:55 <KANSIO> d-------- C:\Documents and Settings\Kristian\Application Data\GTA Finland Team
2008-10-24 19:30 . 2008-10-24 19:30 <KANSIO> d-------- C:\WINDOWS\San Andreas Mod Installer
2008-10-24 19:30 . 2008-10-24 19:32 <KANSIO> d-------- C:\Program Files\San Andreas Mod Installer
2008-10-24 15:27 . 2008-10-26 17:04 25 --a------ C:\WINDOWS\TICTAC.INI
2008-10-24 10:54 . 2008-10-15 18:37 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-20 18:04 . 2008-10-20 18:05 <KANSIO> d-------- C:\Documents and Settings\Kristian\Application Data\MailWasherPro
2008-10-15 14:02 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 14:01 . 2008-08-14 15:25 2,191,488 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 14:01 . 2008-08-14 15:25 2,147,840 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 14:01 . 2008-08-14 15:25 2,068,352 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 14:01 . 2008-08-14 15:24 2,026,496 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 14:01 . 2008-09-15 17:27 1,846,656 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-13 15:06 . 2008-10-13 15:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-10-11 16:10 . 2008-10-11 16:10 <KANSIO> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-10-08 18:32 . 2008-10-11 15:57 <KANSIO> d-------- C:\Documents and Settings\Kristian\Tracing
2008-10-08 18:26 . 2008-10-08 18:26 <KANSIO> d-------- C:\Program Files\Microsoft
2008-10-08 18:16 . 2008-10-08 18:16 <KANSIO> d-------- C:\Program Files\Common Files\Windows Live
2008-10-08 16:08 . 2008-10-08 16:08 30,526 --a------ C:\lvdm.amx
2008-10-08 16:04 . 2008-10-08 16:04 7,611 --a------ C:\cng.amx
2008-10-08 15:35 . 2008-10-08 15:35 1,565 --a------ C:\new.amx
2008-10-04 11:18 . 2008-10-04 11:18 <KANSIO> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-10-03 22:06 . 2008-10-03 22:06 <KANSIO> d-------- C:\_OTMoveIt
2008-10-03 21:55 . 2008-10-22 19:42 <KANSIO> d-------- C:\fixwareout
2008-10-03 17:09 . 2008-10-03 17:09 244 --ah----- C:\sqmnoopt19.sqm
2008-10-03 17:09 . 2008-10-03 17:09 244 --ah----- C:\sqmnoopt18.sqm
2008-10-03 17:09 . 2008-10-03 17:09 232 --ah----- C:\sqmdata19.sqm
2008-10-03 17:09 . 2008-10-03 17:09 232 --ah----- C:\sqmdata18.sqm
2008-10-01 16:59 . 2008-10-01 16:59 244 --ah----- C:\sqmnoopt17.sqm
2008-10-01 16:59 . 2008-10-01 16:59 244 --ah----- C:\sqmnoopt16.sqm
2008-10-01 16:59 . 2008-10-01 16:59 232 --ah----- C:\sqmdata17.sqm
2008-10-01 16:59 . 2008-10-01 16:59 232 --ah----- C:\sqmdata16.sqm
2008-10-01 14:37 . 2008-10-01 14:37 <KANSIO> d-------- C:\Program Files\Elisa

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 10:20 --------- d-----w C:\Program Files\WinFlip
2008-10-31 20:10 99,856 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
2008-10-31 20:10 31,504 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-10-31 20:10 143,096 ----a-w C:\WINDOWS\system32\guard32.dll
2008-10-31 10:32 --------- d-----w C:\Documents and Settings\Kristian\Application Data\wsInspector
2008-10-30 08:54 30 ----a-w C:\Documents and Settings\Kristian\jagex_runescape_preferences.dat
2008-10-26 15:12 --------- d-----w C:\Program Files\Pacman Worlds
2008-10-26 13:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-25 15:56 70,306 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-10-24 17:56 --------- d-----w C:\Documents and Settings\Kristian\Application Data\uTorrent
2008-10-24 08:50 --------- d-----w C:\Program Files\Apple Software Update
2008-10-23 12:30 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 13:10 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 13:10 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 09:54 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-16 15:24 --------- d-----w C:\Program Files\Steam
2008-10-12 16:24 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-10-11 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-11 14:25 --------- d-----w C:\Program Files\Windows Live
2008-10-08 16:29 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-10-08 13:36 --------- d-----w C:\Program Files\Google
2008-10-07 14:49 --------- d-----w C:\Documents and Settings\Kristian\Application Data\LimeWire
2008-10-01 14:24 --------- d-----w C:\Program Files\Cheat Engine
2008-10-01 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Elisa
2008-09-26 17:07 --------- d-----w C:\Program Files\MTA San Andreas
2008-09-24 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-09-24 15:10 --------- d-----w C:\Program Files\MSBuild
2008-09-22 13:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-09-22 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-09-21 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo
2008-09-21 18:04 249,592 ----a-w C:\WINDOWS\system32\cssdll32.dll
2008-09-21 18:04 --------- d-----w C:\Program Files\COMODO
2008-09-21 18:04 --------- d-----w C:\Program Files\AskSBar
2008-09-21 18:03 --------- d-----w C:\Documents and Settings\Kristian\Application Data\Comodo
2008-09-20 14:39 --------- d-----w C:\Program Files\Tetron4
2008-09-20 14:38 --------- d-----w C:\Program Files\Frode Holthe
2008-09-20 14:37 --------- d-----w C:\Program Files\Bomberman vs Digger
2008-09-20 14:36 --------- d-----w C:\Program Files\Knockin
2008-09-20 14:36 --------- d-----w C:\Program Files\cowtossing
2008-09-20 14:33 --------- d-----w C:\Program Files\TuxRacer
2008-09-20 14:23 164,352 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-09-20 14:17 --------- d-----w C:\Program Files\Charlie II
2008-09-20 14:14 --------- d-----w C:\Program Files\Twilight
2008-09-20 14:14 --------- d-----w C:\Program Files\TicTacToe
2008-09-20 14:13 --------- d-----w C:\Program Files\TangentPong
2008-09-20 14:12 --------- d-----w C:\Program Files\Nifty
2008-09-20 14:06 --------- d-----w C:\Program Files\kedamonoware
2008-09-20 14:03 --------- d-----w C:\Program Files\Realore
2008-09-20 14:03 --------- d-----w C:\Program Files\AdventurePinballDemo
2008-09-20 13:43 --------- d-----w C:\Program Files\MessengerDiscovery
2008-09-18 00:41 42,320 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-09-15 15:27 1,846,656 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 14:48 --------- d-----w C:\Program Files\VALVe
2008-09-13 10:43 --------- d-----w C:\Program Files\Windows Desktop Search
2008-09-12 17:15 --------- d-----r C:\Documents and Settings\Kristian\Application Data\Brother
2008-09-12 17:10 --------- d-----w C:\Documents and Settings\Kristian\Application Data\ScanSoft
2008-09-12 16:23 16 ----a-w C:\hsd.dat
2008-09-12 15:59 --------- d-----w C:\Documents and Settings\Kristian\Application Data\Windows Search
2008-09-10 17:11 --------- d-----w C:\Program Files\WMV9_VCM
2008-09-10 17:11 --------- d-----w C:\Program Files\Common Files\Xara
2008-09-10 17:11 --------- d-----w C:\Documents and Settings\Kristian\Application Data\MAGIX
2008-09-10 17:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX
2008-09-10 17:10 --------- d-----w C:\Program Files\Xara
2008-09-10 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Xara
2008-09-10 16:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-10 16:02 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-09-08 16:50 --------- d-----w C:\Program Files\Tremulous
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-04 17:27 8,895,013 ----a-w C:\WINDOWS\img1600x1200_8698-8941-42-43-54.SCR
2008-09-04 17:25 5,404,875 ----a-w C:\WINDOWS\img1600x1200_8945.SCR
2008-09-04 15:26 --------- d-----w C:\Program Files\Vista Rainbar
2008-09-02 14:29 --------- d-----w C:\Documents and Settings\Kristian\Application Data\Softplicity
2008-09-02 12:15 --------- d-----w C:\Program Files\Frets on Fire
2008-09-01 16:14 --------- d-----w C:\Documents and Settings\Kristian\Application Data\Megaupload
2008-09-01 16:14 --------- d-----w C:\Documents and Settings\Kristian\Application Data\EmailNotifier
2008-09-01 16:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Megaupload
2008-09-01 16:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-09-01 16:13 --------- d-----w C:\Program Files\Megaupload
2008-09-01 16:13 --------- d-----w C:\Documents and Settings\Kristian\Application Data\InstallShield
2008-09-01 15:53 704 ----a-w C:\Crystal.dat
2008-09-01 14:29 --------- d-----w C:\Program Files\Winamp
2008-08-26 08:12 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-24 17:58 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
2008-08-24 14:27 732,765 ----a-w C:\WINDOWS\system32\CSRLT.EXE
2008-08-24 14:27 732,765 ----a-w C:\WINDOWS\MSBLT.EXE
2008-08-23 15:11 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-21 20:41 87,552 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-21 16:05 68,608 ----a-w C:\NOTEPAD.EXE
2008-08-14 18:52 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-08-14 13:25 2,191,488 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:25 2,068,352 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-06 17:58 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-08-06 17:58 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-03-06 18:15 689 ----a-w C:\Documents and Settings\Kristian\jdraw.v1.1.5.dat
2008-07-18 16:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008071820080719\index.dat
.

((((((((((((((((((((((((((((( snapshot_2008-10-22_20.23.25.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-05 10:10:47 315,392 ----a-w C:\WINDOWS\.jagex_cache_32\runescape\jogl.dll
+ 2008-10-30 08:54:25 315,392 ----a-w C:\WINDOWS\.jagex_cache_32\runescape\jogl.dll
- 2008-07-05 10:10:48 20,480 ----a-w C:\WINDOWS\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-10-30 08:54:25 20,480 ----a-w C:\WINDOWS\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-10-23 16:57:57 118,784 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_4f8d2167\CustomMarshalers.dll
+ 2008-10-23 16:58:12 8,908,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0b87eac8\mscorlib.dll
+ 2008-10-23 16:58:08 3,395,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_5d314fac\System.Design.dll
+ 2008-10-23 16:57:58 192,512 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_8cfb0800\System.Drawing.Design.dll
+ 2008-10-23 16:58:09 2,244,608 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_b4b08833\System.Drawing.dll
+ 2008-10-23 16:58:03 7,884,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_161a0755\System.Windows.Forms.dll
+ 2008-10-23 16:58:06 5,513,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_a0fd1b21\System.Xml.dll
+ 2008-10-23 16:57:57 4,788,224 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_7d5e8fd8\System.dll
+ 2005-08-20 09:30:00 2,085,888 ----a-w C:\WINDOWS\BricoPacks\SysFiles\118_shellstyle.dll
+ 2005-08-20 11:48:00 1,201,664 ----a-w C:\WINDOWS\BricoPacks\SysFiles\119_shellstyle.dll
+ 2005-08-20 09:30:00 2,085,888 ----a-w C:\WINDOWS\BricoPacks\SysFiles\120_shellstyle.dll
+ 2005-08-20 11:48:00 1,201,664 ----a-w C:\WINDOWS\BricoPacks\SysFiles\121_shellstyle.dll
+ 2007-04-20 17:16:00 1,117,184 ----a-w C:\WINDOWS\BricoPacks\SysFiles\123_Shellstyle.dll
+ 2007-04-20 17:16:00 1,117,184 ----a-w C:\WINDOWS\BricoPacks\SysFiles\124_Shellstyle.dll
+ 2007-04-21 09:07:00 894,464 ----a-w C:\WINDOWS\BricoPacks\SysFiles\125_Shellstyle.dll
+ 2007-04-20 17:16:00 1,117,184 ----a-w C:\WINDOWS\BricoPacks\SysFiles\126_Shellstyle.dll
- 2008-04-23 19:16:44 3,591,680 ----a-w C:\WINDOWS\BricoPacks\SysFiles\30_mshtml.dll
+ 2008-08-27 09:12:28 3,593,216 ----a-w C:\WINDOWS\BricoPacks\SysFiles\30_mshtml.dll
- 2008-04-23 04:16:42 102,912 ----a-w C:\WINDOWS\BricoPacks\SysFiles\44_occache.dll
+ 2008-08-26 08:12:26 102,912 ----a-w C:\WINDOWS\BricoPacks\SysFiles\44_occache.dll
- 2008-04-23 04:16:42 105,984 ----a-w C:\WINDOWS\BricoPacks\SysFiles\64_url.dll
+ 2008-08-26 08:12:26 105,984 ----a-w C:\WINDOWS\BricoPacks\SysFiles\64_url.dll
- 2008-04-23 04:16:43 1,159,680 ----a-w C:\WINDOWS\BricoPacks\SysFiles\65_urlmon.dll
+ 2008-08-26 08:12:26 1,159,680 ----a-w C:\WINDOWS\BricoPacks\SysFiles\65_urlmon.dll
- 2008-04-23 04:16:43 233,472 ----a-w C:\WINDOWS\BricoPacks\SysFiles\66_webcheck.dll
+ 2008-08-26 08:12:26 233,472 ----a-w C:\WINDOWS\BricoPacks\SysFiles\66_webcheck.dll
- 2008-04-23 04:16:43 826,368 ----a-w C:\WINDOWS\BricoPacks\SysFiles\69_wininet.dll
+ 2008-08-26 08:12:26 826,368 ----a-w C:\WINDOWS\BricoPacks\SysFiles\69_wininet.dll
- 2007-07-30 16:19:16 53,080 ----a-w C:\WINDOWS\BricoPacks\SysFiles\73_wuauclt.exe
+ 2008-07-18 19:10:42 53,448 ----a-w C:\WINDOWS\BricoPacks\SysFiles\73_wuauclt.exe
- 2008-04-14 16:12:19 3,558,912 ----a-w C:\WINDOWS\BricoPacks\SysFiles\82_moviemk.exe
+ 2002-12-20 10:06:00 3,366,912 ----a-w C:\WINDOWS\BricoPacks\SysFiles\82_moviemk.exe
- 2005-10-20 17:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-10-23 16:19:13 27,136 ----a-r C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
- 2000-08-31 05:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
+ 2006-12-25 14:51:09 780,800 ----a-w C:\WINDOWS\Resources\Themes\Zune\Shell\Blue\shellstyle.dll
+ 2006-12-25 14:55:10 780,800 ----a-w C:\WINDOWS\Resources\Themes\Zune\Shell\Brown\shellstyle.dll
+ 2006-12-25 14:56:25 780,800 ----a-w C:\WINDOWS\Resources\Themes\Zune\Shell\Green\shellstyle.dll
+ 2006-12-25 14:51:54 780,800 ----a-w C:\WINDOWS\Resources\Themes\Zune\Shell\Noir\shellstyle.dll
- 2006-10-24 01:01:44 780,800 ----a-w C:\WINDOWS\Resources\Themes\Zune\Shell\NormalColor\shellstyle.dll
+ 2006-12-25 14:38:31 780,800 ----a-w C:\WINDOWS\Resources\Themes\Zune\Shell\NormalColor\shellstyle.dll
+ 2006-12-25 14:52:37 780,800 ----a-w C:\WINDOWS\Resources\Themes\Zune\Shell\Olive\shellstyle.dll
+ 2006-12-25 14:57:17 780,800 ----a-w C:\WINDOWS\Resources\Themes\Zune\Shell\Pink\shellstyle.dll
+ 2006-12-25 14:55:45 780,800 ----a-w C:\WINDOWS\Resources\Themes\Zune\Shell\Purple\shellstyle.dll
+ 2006-12-25 14:53:34 780,800 ----a-w C:\WINDOWS\Resources\Themes\Zune\Shell\Red\shellstyle.dll
+ 2006-12-25 14:54:16 780,800 ----a-w C:\WINDOWS\Resources\Themes\Zune\Shell\Smoke\shellstyle.dll
+ 2008-10-24 17:30:24 451,072 ----a-w C:\WINDOWS\San Andreas Mod Installer\uninstall.exe
- 2008-04-14 16:12:19 3,679,744 ----a-w C:\WINDOWS\ServicePackFiles\i386\moviemk.exe
+ 2002-12-20 10:06:00 3,488,256 ----a-w C:\WINDOWS\ServicePackFiles\i386\moviemk.exe
- 2008-04-23 19:16:44 3,864,576 ----a-w C:\WINDOWS\ServicePackFiles\i386\mshtml.dll
+ 2008-08-27 09:12:28 3,866,112 ----a-w C:\WINDOWS\ServicePackFiles\i386\mshtml.dll
- 2008-04-23 04:16:42 164,352 ----a-w C:\WINDOWS\ServicePackFiles\i386\occache.dll
+ 2008-08-26 08:12:26 164,352 ----a-w C:\WINDOWS\ServicePackFiles\i386\occache.dll
- 2008-04-23 04:16:42 62,464 ----a-w C:\WINDOWS\ServicePackFiles\i386\url.dll
+ 2008-08-26 08:12:26 62,464 ----a-w C:\WINDOWS\ServicePackFiles\i386\url.dll
- 2008-04-23 04:16:43 1,233,408 ----a-w C:\WINDOWS\ServicePackFiles\i386\urlmon.dll
+ 2008-08-26 08:12:26 1,233,408 ----a-w C:\WINDOWS\ServicePackFiles\i386\urlmon.dll
- 2008-04-23 04:16:43 394,240 ----a-w C:\WINDOWS\ServicePackFiles\i386\webcheck.dll
+ 2008-08-26 08:12:26 394,240 ----a-w C:\WINDOWS\ServicePackFiles\i386\webcheck.dll
- 2008-04-23 04:16:43 817,152 ----a-w C:\WINDOWS\ServicePackFiles\i386\wininet.dll
+ 2008-08-26 08:12:26 817,152 ----a-w C:\WINDOWS\ServicePackFiles\i386\wininet.dll
- 2007-07-30 16:19:16 68,440 ----a-w C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
+ 2008-07-18 19:10:42 68,808 ----a-w C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
- 2000-08-31 05:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
- 2008-09-21 18:03:20 79,760 ----a-w C:\WINDOWS\system32\drivers\inspect.sys
+ 2008-10-31 20:10:22 79,504 ----a-w C:\WINDOWS\system32\drivers\inspect.sys
- 2008-04-14 16:11:42 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-10-15 16:37:15 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2008-10-11 14:21:56 100,064 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-26 08:24:49 99,804 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-11 14:21:57 114,532 ----a-w C:\WINDOWS\system32\perfc00B.dat
+ 2008-10-26 08:24:49 114,222 ----a-w C:\WINDOWS\system32\perfc00B.dat
- 2008-10-11 14:21:57 512,820 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-26 08:24:49 512,560 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-10-11 14:21:57 488,918 ----a-w C:\WINDOWS\system32\perfh00B.dat
+ 2008-10-26 08:24:49 488,624 ----a-w C:\WINDOWS\system32\perfh00B.dat
+ 2008-11-01 10:19:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_590.dat
+ 2008-11-01 10:19:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6fc.dat
+ 2008-10-31 07:46:43 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_794.dat
.
-- Snapshot nollattu tähän hetkeen --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Vista Rainbar"="C:\Program Files\Vista Rainbar\Rainmeter.exe" [2006-01-21 118784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-08 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 19520]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2001-10-19 45632]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 406016]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-09-21 278264]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-10-31 1797880]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Elisa Avustaja"="C:\Program Files\Elisa\Avustaja\Elisa.exe" [2008-09-30 189768]
"COMODO Internet Security"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-10-31 1797880]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

C:\Documents and Settings\Kristian\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
WinFlip.lnk - C:\Program Files\WinFlip\WinFlip.exe [2008-05-30 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Kristian\\Omat tiedostot\\CS\\hl.exe"=
"C:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"C:\\Program Files\\Xider\\EsR DEMO\\ESR DEMO.exe"=
"C:\\Program Files\\ActionWheelRacer\\wheelracer.exe"=
"C:\\MBHH2003\\Huvi\\BVolley\\volley.exe"=
"C:\\Program Files\\Silent Grove Studios\\Dawnspire\\Dawnspire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"C:\\Documents and Settings\\Kristian\\Omat tiedostot\\CS\\hlds.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\VALVe\\Counter-Strike Source\\hl2.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windowsin vertaisjärjestelmäryhmittely
"3540:UDP"= 3540:UDP:PNRP (Peer Name Resolution Protocol)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-10-31 99856]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-10-31 31504]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 40832]
R3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-09-03 698368]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S3 p2pgasvc;Vertaisverkon ryhmätodennus;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Vertaisverkon käyttäjätietojen hallinta;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Vertaisverkko;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Vertaiskoneen nimenselvitysprotokolla;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-23 306432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
'Ajoitetut tehtävät'-kansion sisältö

2008-10-24 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 12:31]

2008-10-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - POISTETUT JÄMÄRIVIT - - - -

HKCU-Run-RocketDock - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

.
------- Täydentävä tarkistus -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fi/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 -: Latauslinkki käyttäen Mega Manageria... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 -: Open Picture in &Microsoft PhotoDraw - C:\PROGRA~1\MICROS~4\Office\1033\phdintl.dll/phdContext.htm

O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 14:04:46
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------

PROSESSI: C:\WINDOWS\explorer.exe
-> C:\Program Files\WinFlip\WFHook.dll
.
Valmistumisajankohta: 2008-11-01 14:06:19
ComboFix-quarantined-files.txt 2008-11-01 12:06:12
ComboFix2.txt 2008-10-22 17:24:10
ComboFix3.txt 2008-09-22 10:18:27

Ennen ajoa: 78 867 386 368 tavua vapaana
Ajon jälkeen: 79,805,984,768 tavua vapaana

355 --- E O F --- 2008-10-24 09:04:58

ja Kasperskyn loki: (kesti melkein 5 tuntia :P)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, November 1, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, November 01, 2008 10:03:30
Records in database: 1365998
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 228393
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 04:52:59

File name / Threat name / Threats count
C:\WINDOWS\system32\IEDFix.C.exe Infected: Hoax.Win32.Renos.esa 1

The selected area was scanned.

saako apua noi virukset on viel tossa

[ + lainaa]

krizu7

Junior Member

4. marraskuuta 2008 @ 19:39

Linkki tähän viestiin

onko mut unohdettu kun ei taaskaan tuu vastausta :(

[ + lainaa]

Mainos