AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
sunnuntai 16.11.2025 / 00:54
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > viruksia
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
Viruksia
  Siirry:
 
Kirjoittaja Viesti
Teemu_92
Newbie
_ 		13. joulukuuta 2008 @ 21:32 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
En saa poistettua jtn ihme $BIN... virusta ja sitten vuze kansiossa on jokin ihme virus, mutta norman ei o saa poistaa sitä ja kun itse poistin vika sietotilassa se vaan palasi.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31, on 2008-12-13
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hotkey Utility\tray.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\conime.exe
C:\Program Files\Norman\Nvc\BIN\nvcod.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [FIC HotKey] C:\Program Files\Hotkey Utility\tray.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [recinfo37] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [recinfo] RecInfo.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/fl...ent/swflash.cab
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: SRS Labs License Service - Unknown owner - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe (file missing)
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7588 bytes
[ + lainaa]
Teemu
Hujo
Suspended permanently
_ 		14. joulukuuta 2008 @ 02:10 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

[ + lainaa]
Voiko tietsikka koskaan toimia?
Teemu_92
Newbie
_ 		14. joulukuuta 2008 @ 12:11 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Windows 6.0.6000

2008-12-14 12:09:20
mbam-log-2008-12-14 (12-09-20).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|F:\|G:\|I:\|K:\|)
Tarkistetut kohteet: 121948
Kulunut aika: 2 hour(s), 21 minute(s), 51 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

[ + lainaa]
Teemu
Hujo
Suspended permanently
_ 		14. joulukuuta 2008 @ 12:37 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

[ + lainaa]
Voiko tietsikka koskaan toimia?
Teemu_92
Newbie
_ 		14. joulukuuta 2008 @ 13:03 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
ComboFix 08-12-13.03 - F-16 2008-12-14 12:48:25.2 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6000.0.1252.1.1035.18.2046.1023 [GMT 2:00]
Sijainti: c:\users\F-16\Desktop\ComboFix.exe
* Uusi palautuspiste luotu
* Resident AV is active

.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-14 to 2008-12-14 )))))))))))))))))
.

2008-12-13 21:30 . 2008-12-13 21:30 <KANSIO> d-------- c:\program files\Trend Micro
2008-12-13 20:53 . 2008-12-13 21:02 <KANSIO> d-------- c:\program files\Vuze
2008-12-13 14:32 . 2008-12-13 14:32 <KANSIO> d-------- c:\users\F-16\AppData\Roaming\Disney Interactive Studios
2008-12-13 14:10 . 2008-12-13 14:10 <KANSIO> d-------- c:\program files\Disney Interactive Studios
2008-12-13 14:09 . 2008-12-13 14:31 995 --a------ c:\windows\disney.ini
2008-12-13 03:02 . 2008-10-22 01:31 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-12 16:13 . 2008-11-01 01:38 4,247,552 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-12 16:13 . 2008-11-01 05:33 1,687,040 --a------ c:\windows\System32\gameux.dll
2008-12-12 16:13 . 2008-10-21 07:16 297,472 --a------ c:\windows\System32\gdi32.dll
2008-12-12 16:13 . 2008-11-01 05:33 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-12 16:11 . 2008-06-23 03:52 2,855,424 --a------ c:\windows\System32\mf.dll
2008-12-12 16:11 . 2008-06-23 03:52 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-12 16:11 . 2008-06-23 03:52 98,816 --a------ c:\windows\System32\mfps.dll
2008-12-12 16:11 . 2008-06-23 03:52 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-12 16:11 . 2008-06-23 03:52 52,736 --a------ c:\windows\System32\rrinstaller.exe
2008-12-12 16:11 . 2008-06-23 03:52 24,576 --a------ c:\windows\System32\mfpmp.exe
2008-12-12 16:11 . 2008-06-23 00:34 2,048 --a------ c:\windows\System32\mferror.dll
2008-12-10 19:58 . 2008-12-13 19:38 183,112 --a------ c:\windows\System32\PnkBstrB.exe
2008-12-10 19:58 . 2008-12-13 19:38 138,184 --a------ c:\windows\System32\drivers\PnkBstrK.sys
2008-12-10 19:58 . 2008-12-10 19:58 66,872 --a------ c:\windows\System32\PnkBstrA.exe
2008-12-10 19:55 . 2008-12-10 19:55 <KANSIO> d-------- c:\users\All Users\Electronic Arts
2008-12-10 19:55 . 2008-12-10 19:55 <KANSIO> d-------- c:\programdata\Electronic Arts
2008-12-10 19:55 . 2008-12-11 21:24 4,770 --a------ c:\windows\System32\ealregsnapshot1.reg
2008-12-10 19:40 . 2008-12-10 19:40 <KANSIO> d-------- c:\program files\EA Games
2008-12-10 19:21 . 2008-12-10 19:21 <KANSIO> d-------- c:\program files\Common Files\Autodata Limited Shared
2008-12-06 20:27 . 2008-12-06 20:27 <KANSIO> d-------- c:\users\F-16\AppData\Roaming\Leadertech
2008-12-05 13:20 . 2008-12-05 13:20 <KANSIO> d-------- c:\users\F-16\AppData\Roaming\Malwarebytes
2008-12-05 13:20 . 2008-12-05 13:20 <KANSIO> d-------- c:\users\All Users\Malwarebytes
2008-12-05 13:20 . 2008-12-05 13:20 <KANSIO> d-------- c:\programdata\Malwarebytes
2008-12-05 13:20 . 2008-12-05 13:20 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-05 13:20 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-05 13:20 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-30 17:52 . 2008-11-30 17:52 <KANSIO> d-------- c:\program files\Empire Interactive
2008-11-30 13:50 . 2008-11-30 13:50 <KANSIO> d-------- c:\program files\Rockstar Games
2008-11-26 14:30 . 2008-10-21 07:16 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 14:30 . 2008-08-28 05:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 14:30 . 2008-08-28 05:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 14:30 . 2008-08-28 05:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 14:30 . 2008-10-22 05:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 14:30 . 2008-10-22 05:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-26 14:30 . 2008-10-22 05:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-23 13:28 . 2007-07-26 09:25 47,360 --a------ c:\windows\System32\drivers\Surroundhp_kern_i386.sys
2008-11-23 13:28 . 2007-07-26 09:25 47,104 --a------ c:\windows\System32\drivers\tshd4_kern_i386.sys
2008-11-23 13:28 . 2007-07-26 09:25 42,112 --a------ c:\windows\System32\drivers\csiidecoder_kern_i386.sys
2008-11-23 13:28 . 2007-07-26 09:25 39,808 --a------ c:\windows\System32\drivers\SRS_SSCFilter_i386.sys
2008-11-23 13:28 . 2007-07-26 09:25 32,000 --a------ c:\windows\System32\drivers\wowhd_kern_i386.sys
2008-11-23 13:21 . 2008-11-23 13:29 <KANSIO> d-------- c:\users\All Users\SRS Labs
2008-11-23 13:21 . 2008-11-23 13:29 <KANSIO> d-------- c:\programdata\SRS Labs
2008-11-20 14:12 . 2008-10-16 23:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-20 14:12 . 2008-10-16 22:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-20 14:12 . 2008-10-16 23:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-20 14:12 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-20 14:12 . 2008-10-16 22:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-20 14:12 . 2008-10-16 23:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-20 14:12 . 2008-10-16 23:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-20 14:12 . 2008-10-16 23:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-20 14:12 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-18 18:01 . 2008-11-18 18:01 <KANSIO> dr------- c:\windows\System32\config\systemprofile\Music
2008-11-17 19:48 . 2006-12-01 16:46 151,552 --a------ c:\windows\System32\MPEG2VideoDMO.dll
2008-11-17 19:38 . 2008-11-17 19:38 <KANSIO> d-------- c:\program files\e3C
2008-11-17 16:47 . 2008-11-17 16:47 528 -r-hs---- c:\windows\PCGWIN32.LI4

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 07:35 --------- d-----w c:\users\F-16\AppData\Roaming\Azureus
2008-12-14 07:29 --------- d-----w c:\program files\Norman
2008-12-13 19:02 --------- d-----w c:\program files\Vuze
2008-12-13 17:52 27,240 ----a-w c:\users\F-16\AppData\Roaming\nvModes.dat
2008-12-13 12:28 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-13 01:13 174 --sha-w c:\program files\desktop.ini
2008-12-13 01:11 --------- d-----w c:\program files\Windows Mail
2008-12-13 01:05 --------- d-----w c:\programdata\Microsoft Help
2008-12-10 18:57 --------- d-----w c:\users\F-16\AppData\Roaming\LimeWire
2008-12-10 18:47 --------- d-----w c:\program files\Electronic Arts
2008-12-10 17:54 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-20 20:45 --------- d-----w c:\users\F-16\AppData\Roaming\dvdcss
2008-11-18 16:29 --------- d-----w c:\users\F-16\AppData\Roaming\Nokia
2008-11-18 16:27 --------- d-----w c:\users\F-16\AppData\Roaming\PC Suite
2008-11-18 16:27 --------- d-----w c:\programdata\PC Suite
2008-11-11 14:25 --------- d-----w c:\program files\DAEMON Tools
2008-11-11 14:22 682,232 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-09 12:50 --------- d-----w c:\programdata\Autodata Limited
2008-11-08 19:24 --------- d-----w c:\program files\MagicDisc
2008-11-08 17:45 --------- d-----w c:\program files\Common Files\Adobe
2008-11-05 11:02 --------- d-----w c:\program files\CONEXANT
2008-11-04 20:17 268,800 ----a-w c:\windows\System32\es.dll
2008-11-04 16:51 --------- d-----w c:\users\F-16\AppData\Roaming\ZScreen
2008-11-04 16:51 --------- d-----w c:\program files\ZScreen
2008-11-04 14:44 --------- d-----w c:\users\F-16\AppData\Roaming\vlc
2008-11-04 14:40 --------- d-----w c:\program files\VideoLAN
2008-11-04 13:58 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-11-03 21:11 --------- d-----w c:\program files\Nokia
2008-11-03 21:11 --------- d-----w c:\program files\DIFX
2008-11-03 21:11 --------- d-----w c:\program files\Common Files\PCSuite
2008-11-03 21:11 --------- d-----w c:\program files\Common Files\Nokia
2008-11-03 21:09 --------- d-----w c:\program files\PC Connectivity Solution
2008-11-03 21:06 --------- d-----w c:\programdata\Installations
2008-11-03 20:44 --------- d-----w c:\program files\LimeWire
2008-11-03 19:57 --------- d-----w c:\program files\Gimp-2.0
2008-11-03 19:16 --------- d-----w c:\program files\Windows Sidebar
2008-11-03 19:15 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-11-03 19:15 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-11-03 19:15 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-11-03 19:15 272,896 ----a-w c:\windows\System32\polstore.dll
2008-11-03 19:14 48,640 ----a-w c:\windows\System32\davclnt.dll
2008-11-03 19:14 196,096 ----a-w c:\windows\System32\WebClnt.dll
2008-11-03 19:14 110,080 ----a-w c:\windows\system32\drivers\mrxdav.sys
2008-11-03 19:13 428,032 ----a-w c:\windows\System32\EncDec.dll
2008-11-03 19:13 292,352 ----a-w c:\windows\System32\psisdecd.dll
2008-11-03 19:13 1,244,672 ----a-w c:\windows\System32\mcmde.dll
2008-11-03 19:11 41,984 ----a-w c:\windows\system32\drivers\monitor.sys
2008-11-03 19:11 1,061,944 ----a-w c:\windows\system32\drivers\ntfs.sys
2008-11-03 19:09 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2008-11-03 19:09 2,029,568 ----a-w c:\windows\System32\win32k.sys
2008-11-03 19:05 9,845,248 ----a-w c:\windows\System32\NlsData000a.dll
2008-11-03 19:03 944,184 ----a-w c:\windows\System32\winload.exe
2008-11-03 19:02 290,816 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-03 19:01 441,856 ----a-w c:\windows\System32\win32spl.dll
2008-11-03 19:01 37,376 ----a-w c:\windows\System32\printcom.dll
2008-11-03 19:01 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-11-03 19:01 113,664 ----a-w c:\windows\system32\drivers\rmcast.sys
2008-11-03 19:01 11,776 ----a-w c:\windows\System32\sbunattend.exe
2008-11-03 19:00 84,992 ----a-w c:\windows\system32\drivers\srvnet.sys
2008-11-03 19:00 84,480 ----a-w c:\windows\System32\dnsrslvr.dll
2008-11-03 19:00 58,368 ----a-w c:\windows\system32\drivers\mrxsmb20.sys
2008-11-03 19:00 24,576 ----a-w c:\windows\System32\dnscacheugc.exe
2008-11-03 19:00 130,048 ----a-w c:\windows\system32\drivers\srv2.sys
2008-11-03 19:00 102,400 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-11-03 18:50 --------- d-----w c:\programdata\Azureus
2008-11-03 18:47 410,976 ----a-w c:\windows\System32\deploytk.dll
2008-11-03 18:47 --------- d-----w c:\program files\Java
2008-11-03 16:59 --------- d-----w c:\program files\MMEDIA
2008-11-03 16:44 9,728 ----a-w c:\windows\System32\LAPRXY.DLL
2008-11-03 16:44 223,232 ----a-w c:\windows\System32\WMASF.DLL
2008-11-03 16:44 2,048 ----a-w c:\windows\System32\asferror.dll
2008-11-03 16:43 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-11-03 16:43 737,792 ----a-w c:\windows\System32\inetcomm.dll
2008-11-03 16:42 1,327,104 ----a-w c:\windows\System32\quartz.dll
2008-11-03 16:41 3,506,744 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-11-03 16:41 3,472,952 ----a-w c:\windows\System32\ntoskrnl.exe
2008-11-03 16:28 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-11-03 16:28 --------- d-----w c:\program files\Windows Live
2008-11-03 15:59 --------- d-----w c:\programdata\WLInstaller
2008-11-03 15:41 0 ----a-w c:\users\F-16\AppData\Roaming\wklnhst.dat
2008-11-03 15:38 --------- d-----w c:\users\F-16\AppData\Roaming\InterVideo
2008-11-03 15:37 --------- d-----w c:\users\F-16\AppData\Roaming\CyberLink
2008-11-03 15:05 --------- d-----w c:\program files\Mobile Partner
2008-11-03 15:01 --------- d-----w c:\users\F-16\AppData\Roaming\InstallShield
2008-11-03 14:57 --------- d-----w c:\programdata\fsc-reg
2008-11-03 14:57 --------- d-----w c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-11-03 14:57 --------- d-----w c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2008-11-03 14:56 --------- d-----w c:\program files\Microsoft Works
2008-11-03 14:53 --------- d-----w c:\program files\Microsoft.NET
2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:24 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:24 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-29 06:20 2,923,520 ----a-w c:\windows\explorer.exe
2008-10-16 04:40 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-16 04:40 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-16 04:40 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-09-30 14:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-19 8466432]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-05-25 159744]
"FIC HotKey"="c:\program files\Hotkey Utility\tray.exe" [2007-07-14 561152]
"PowerManager"="c:\program files\Power Manager\PM.exe" [2007-05-16 29696]
"recinfo37"="c:\recinfo\RecInfo.exe" [2007-10-23 2764800]
"Norman ZANDA"="c:\program files\Norman\Npm\bin\ZLH.EXE" [2008-06-02 273520]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\CYBERL~1\PowerDV\Kernel\Burner\MKDMP3Enc.ACM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1AD6FB31-99D0-4492-AE20-5D32F43E3B41}"= c:\program files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
"{9567565A-38B2-443F-A798-62DE3E798F5C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{78BB8DD3-FA94-486E-B51C-3EA150181A12}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{DB9EF86F-1689-48C6-B9F1-9FBAD9239FDD}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{26F4EAC8-C72D-4CEA-AC31-CFEC44E8C2BB}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD
"{74BC7331-492A-48EC-AC66-EDCB7C334BB7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{EBB7DD8F-DD60-495F-B27D-418CA08F1CD0}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{A02B137D-F3E1-4809-83E5-87B23E68E144}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{D9F36221-FF4A-48C3-A4F8-54A2F865FF07}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{63F95D26-187A-4EFC-8085-7B257DB4575E}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{BF5C1D24-84C4-4008-B2EB-F10D28DCEB55}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{42D48D3B-C27D-4244-AB0F-D2CFF97F5BA8}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{2D9C5B73-9542-47BD-B4A4-68FC0EAE2BC2}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{E2EE19DC-2AF9-46AB-8CB8-7CD9178FBABC}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{0D9D408B-3E5D-4EBF-A914-92750370ED14}c:\\program files\\electronic arts\\need for speed carbon\\nfsc.exe"= UDP:c:\program files\electronic arts\need for speed carbon\nfsc.exe:NFSC
"UDP Query User{B9B61A9A-4B5E-4A2E-BA37-22458CE45241}c:\\program files\\electronic arts\\need for speed carbon\\nfsc.exe"= TCP:c:\program files\electronic arts\need for speed carbon\nfsc.exe:NFSC
"TCP Query User{D2F27C09-22C7-46A4-9372-3D1114B12520}c:\\program files\\electronic arts\\need for speed carbon\\nfsc.exe"= UDP:c:\program files\electronic arts\need for speed carbon\nfsc.exe:NFSC
"UDP Query User{21A1DA6F-A069-4437-933B-44D4E1DE2B0D}c:\\program files\\electronic arts\\need for speed carbon\\nfsc.exe"= TCP:c:\program files\electronic arts\need for speed carbon\nfsc.exe:NFSC
"TCP Query User{49BEF82E-F394-4DF7-8740-267C59AF5316}c:\\program files\\empire interactive\\flatout2\\flatout2.exe"= UDP:c:\program files\empire interactive\flatout2\flatout2.exe:FlatOut2
"UDP Query User{8DEA3467-25A8-4FD4-9765-141434C7F1EE}c:\\program files\\empire interactive\\flatout2\\flatout2.exe"= TCP:c:\program files\empire interactive\flatout2\flatout2.exe:FlatOut2

R2 Ndiskio;Ndiskio;\??\c:\program files\Norman\Nse\bin\NDISKIO.SYS [2008-11-03 20448]
R3 nsesvc;Norman Scanner Engine Service;"c:\program files\Norman\nse\bin\NSESVC.EXE" -daemon [2008-11-03 322616]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcv32mf.sys [2008-11-03 19512]
R3 nvcoas;Norman Virus Control on-access component;"c:\program files\Norman\Nvc\bin\nvcoas.exe" [2008-11-03 183352]
R3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\Nvc\BIN\NVCSCHED.EXE [2008-11-03 146488]
S3 EC168BDA;EC168BDA service;c:\windows\system32\DRIVERS\EC168BDA.sys [2007-10-17 107904]
S3 nvcfsr;nvcfsr;\??\c:\program files\Norman\Nvc\bin\nvcfsr.sys [2008-11-03 6712]
S3 nvcoafl4;nvcoafl4;\??\c:\program files\Norman\Nvc\bin\nvcoafl4.sys [2008-11-03 36472]
S3 nvcoaft4;nvcoaft4;\??\c:\program files\Norman\Nvc\bin\nvcoaft4.sys [2008-11-03 104288]
S3 nvcoarc4;nvcoarc4;\??\c:\program files\Norman\Nvc\bin\nvcoarc4.sys [2008-11-03 25528]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0018ea97-a9b8-11dd-b382-00140b3be50c}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0018eaad-a9b8-11dd-b382-00140b3be50c}]
\shell\AutoRun\command - H:\AutoRun.exe
.
- - - - POISTETUT JÄMÄRIVIT - - - -

HKLM-Run-recinfo - RecInfo.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 12:52:57
Windows 6.0.6000 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'Explorer.exe'(4616)
c:\program files\Norman\nvc\bin\Niphk.dll
.
Valmistumisajankohta: 2008-12-14 13:00:50
ComboFix-quarantined-files.txt 2008-12-14 11:00:45

Ennen ajoa: 90,469,470,208 tavua vapaana
Ajon jälkeen: 89,189,150,720 tavua vapaana

254 --- E O F --- 2008-12-14 08:17:03

[ + lainaa]
Teemu
Teemu_92
Newbie
_ 		14. joulukuuta 2008 @ 14:10 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Virus on normanin mukaan kasiossa C:/users/f-16/appdata/local/temp/i4da...


Ja ilmestyy silloin sinne kun avaa vuzen!!! Olen jo postanut ja asentanut azureuksen uudestaan mutta ei auta.
[ + lainaa]
Teemu
Hujo
Suspended permanently
_ 		14. joulukuuta 2008 @ 14:11 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

Älä tee muuta sillä voi aiheuttaa koneen jumiutumisen

================

Lataa Tästä Ccleaner
CCleaner v 2.14.750.- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
Asennuksen jälkeen aukaise CCleaneri.
Valitse vasemmalta pystyrivistä Options.
Valitse viereisestä pystyrivistä Settings.
Language kohtaan valitse Suomi.

Puhdistaja
Valitse vasemmalta pystyrivistä Puhdistaja.
Paina alhaalta Tutki.
Nyt CCleaneri tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaneri poistaa löydetyt tempit, cookiessit jne.

Rekisterin virheiden korjaus
Valitse vasemmalta pystyrivistä Rekisteri.
Paina alhaalta Etsi rekisterin virheitä.
Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
Saat vielä varmistus kysymyksen, paina Ok.
Kun virheet on korjattu, paina Sulje.
Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.

[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 14. joulukuuta 2008 @ 14:24
Teemu_92
Newbie
_ 		14. joulukuuta 2008 @ 18:46 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Onko normaalia että tuossa F-Securen online scannerilla se on monta tuntia kohdassa PREPARIN TO SCAN? se on ollu jo pitkään siinä eikä näytä edistyvän!
[ + lainaa]
Teemu
Hujo
Suspended permanently
_ 		14. joulukuuta 2008 @ 19:08 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
jaa et otti ja istahti paikoilleen. Pistetään poikki sitten
kiusataan visvaa muuten.

==================

Luo poistolista:
? Avaa HiJackThis
? Klikkaa "Configure" valintaa oikealla alhaalla
? Klikkaa "Misc Tools"
? Klikkaa boxia joka sanoo "Uninstall Manager"
? Klikkaa valintaa "Save list"
? Kopioi ja liitä kyseinen lista muistiosta ketjuusi

=================

* Lataa random's system information tool (RSIT) by random/random random ja tallenna se työpöydälle
* Tuplaklikkaa RSIT.exeä ajaaksesi RSITin.
* Klikkaa Continue.
* Kun RSIT on valmis, kaksi lokia avautuu muistioon. Lähetä sekä log.txt:n (<-avautuu suurennettuna) että info.txt:n (<-avautuu pienennettynä) sisältö seuraavassa viestissäsi.

================

Lataa Lop S&D täältä

Tuplaklikkaa Lop S&D.exeä
Valitse Suomi kieleksi painamalla U ja Enter.
Tämän jälkeen valitse Optio 1 (Etsi) painamalla 1 ja Enter
Odota, kunnes tarkistus on valmis
Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt

[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 14. joulukuuta 2008 @ 19:10
Teemu_92
Newbie
_ 		14. joulukuuta 2008 @ 19:11 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Office Systemin yhteensopivuuspaketti
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3 - Suomi
ALPS Touch Pad Driver
Bison WebCam
EA Download Manager
FirstSteps Diagnostics
FlatOut2
Gimp 2.6.2
GTA San Andreas
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotkey Utility
InterVideo WinDVD 8
Java(TM) 6 Update 10
Light Sensor Utility 1.4
LimeWire PRO 4.18.6
MagicDisc 2.7.105
Malwarebytes' Anti-Malware
Microsoft Office Excel MUI (Finnish) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Finnish) 2007
Microsoft Office PowerPoint MUI (Finnish) 2007
Microsoft Office PowerPoint Viewer 2007 (Finnish)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Finnish) 2007
Microsoft Office Shared MUI (Finnish) 2007
Microsoft Office Word MUI (Finnish) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mobile Partner
Mozilla Firefox (3.0.4)
MSVC80_x86
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Need for Speed? Carbon
Need for Speed? Undercover
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Norman Virus Control
NVIDIA Drivers
PC Connectivity Solution
Power Manager 2.1.10
PowerDV
Pure
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
TV Jukebox 3.0
Update for Office 2007 (KB946691)
USB DVB-T TV Tuner Driver
Windows Live installer
Windows Live Messenger
Windowsin ohjainpaketti - Nokia Modem (05/22/2008 3.8)
Windowsin ohjainpaketti - Nokia Modem (05/22/2008 7.00.0.1)
Windowsin ohjainpaketti - Nokia pccsmcfd (10/12/2007 6.85.4.0)
WinRAR archiver
VLC media player 0.9.4
Vuze
ZScreen 1.3.3.0


[ + lainaa]
Teemu
Teemu_92
Newbie
_ 		14. joulukuuta 2008 @ 19:15 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
info.txt logfile of random's system information tool 1.04 2008-12-14 19:12:33

======Uninstall list======

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040B-0000-0000000FF1CE} /uninstall {F14C929B-E0E6-4EB5-8BFD-FC71AAC7D39C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-041D-0000-0000000FF1CE} /uninstall {A8626CEF-CB0A-4BC2-8F51-210A43B6158D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040B-0000-0000000FF1CE} /uninstall {E8865B68-C2A1-4B9D-BBA7-782E8FC2E52F}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Office Systemin yhteensopivuuspaketti-->MsiExec.exe /X{90120000-0020-040B-0000-0000000FF1CE}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3 - Suomi-->MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A81300000003}
ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Bison WebCam-->Rundll32.exe BisonRem.dll,WinMainRmv
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
FirstSteps Diagnostics-->MsiExec.exe /X{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}
FlatOut2-->MsiExec.exe /I{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}
Gimp 2.6.2-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IPZAZCMzK.INF
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotkey Utility-->"C:\Program Files\Hotkey Utility\unins000.exe"
InterVideo WinDVD 8-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Light Sensor Utility 1.4-->"C:\Program Files\Light Sensor Utility\unins000.exe"
LimeWire PRO 4.18.6-->"C:\Program Files\LimeWire\uninstall.exe"
MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Excel MUI (Finnish) 2007-->MsiExec.exe /X{90120000-0016-040B-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Finnish) 2007-->MsiExec.exe /X{90120000-00A1-040B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Finnish) 2007-->MsiExec.exe /X{90120000-0018-040B-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (Finnish)-->MsiExec.exe /X{95120000-00AF-040B-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Finnish) 2007-->MsiExec.exe /X{90120000-001F-040B-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Swedish) 2007-->MsiExec.exe /X{90120000-001F-041D-0000-0000000FF1CE}
Microsoft Office Proofing (Finnish) 2007-->MsiExec.exe /X{90120000-002C-040B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Finnish) 2007-->MsiExec.exe /X{90120000-006E-040B-0000-0000000FF1CE}
Microsoft Office Word MUI (Finnish) 2007-->MsiExec.exe /X{90120000-001B-040B-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{7D9EF8C1-1B76-44AF-A918-86CBA6FD24C8}
Mobile Partner-->C:\Program Files\Mobile Partner\uninst.exe
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Need for Speed? Carbon-->C:\Program Files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
Need for Speed? Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}
Nokia PC Suite-->C:\ProgramData\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Nokia_PC_Suite_rel_7_0_8_2_fin_web.exe
Nokia PC Suite-->MsiExec.exe /I{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}
Norman Virus Control-->C:\Program Files\Norman\NVC\BIN\DelNVC5.exe
NVIDIA Drivers-->C:\Windows\system32\nvunrm.exe UninstallGUI
PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
Power Manager 2.1.10-->"C:\Program Files\Power Manager\unins000.exe"
PowerDV-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
Pure-->C:\Program Files\InstallShield Installation Information\{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}\setup.exe -runfromtemp -l0x0009 Pure -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
TV Jukebox 3.0-->C:\Program Files\InstallShield Installation Information\{F3F1D08D-ABEF-4528-8383-54C46369EBB6}\Setup.exe -runfromtemp -l0x000b -removeonly
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
USB DVB-T TV Tuner Driver-->C:\Program Files\InstallShield Installation Information\{A0CD0434-C975-4E5B-989B-066CE4D35597}\setup.exe -runfromtemp -l0x040b
Windows Live installer-->MsiExec.exe /X{5C29C5F5-A9C9-4E89-A606-13E165E7C55F}
Windows Live Messenger-->MsiExec.exe /X{A9174A72-1B46-445B-B3CF-90ED2C63D83B}
Windowsin ohjainpaketti - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_5e0e55c3\nokia_bluetooth.inf
Windowsin ohjainpaketti - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_dcd936c5\nokbtmdm.inf
Windowsin ohjainpaketti - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vuze-->C:\Program Files\Vuze\uninstall.exe
ZScreen 1.3.3.0-->C:\Program Files\ZScreen\uninst.exe

=====HijackThis Backups=====

O23 - Service: SRS Labs License Service - Unknown owner - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

======Security center information======

AV: Norman Virus Control ver. 5.99
AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;%NpmLib%
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4802
"NUMBER_OF_PROCESSORS"=2
"NpmLib"=C:\Program Files\Norman\Npm\Bin

-----------------EOF-----------------

[ + lainaa]
Teemu
Hujo
Suspended permanently
_ 		14. joulukuuta 2008 @ 19:25 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
log.txt
[ + lainaa]
Voiko tietsikka koskaan toimia?
Teemu_92
Newbie
_ 		14. joulukuuta 2008 @ 19:29 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Logfile of random's system information tool 1.04 (written by random/random)
Run by F-16 at 2008-12-14 19:27:06
Microsoft® Windows Vista? Home Premium
System drive C: has 85 GB (56%) free of 152 GB
Total RAM: 2046 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:10, on 14.12.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hotkey Utility\tray.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\Explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\findstr.exe
C:\Users\F-16\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\F-16.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [FIC HotKey] C:\Program Files\Hotkey Utility\tray.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [recinfo37] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/fl...ent/swflash.cab
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7308 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader -linkkiavustaja - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-03 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-03 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-07-19 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-07-19 8466432]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-10 4431872]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-05-25 159744]
"FIC HotKey"=C:\Program Files\Hotkey Utility\tray.exe [2007-07-14 561152]
"PowerManager"=C:\Program Files\Power Manager\PM.exe [2007-05-16 29696]
"recinfo37"=c:\RecInfo\RecInfo.exe [2007-10-23 2764800]
"Norman ZANDA"=C:\Program Files\Norman\Npm\bin\ZLH.EXE [2008-06-02 273520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0018ea97-a9b8-11dd-b382-00140b3be50c}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0018eaad-a9b8-11dd-b382-00140b3be50c}]
shell\AutoRun\command - H:\AutoRun.exe


======List of files/folders created in the last 1 months======

2008-12-14 19:16:21 ----A---- C:\lopR.txt
2008-12-14 19:16:01 ----D---- C:\Lop SD
2008-12-14 19:12:23 ----D---- C:\rsit
2008-12-14 13:00:54 ----D---- C:\Windows\temp
2008-12-14 13:00:52 ----A---- C:\ComboFix.txt
2008-12-14 12:46:57 ----D---- C:\Qoobox
2008-12-14 12:46:56 ----D---- C:\ComboFix
2008-12-13 21:30:42 ----D---- C:\Program Files\Trend Micro
2008-12-13 20:53:57 ----D---- C:\Program Files\Vuze
2008-12-13 14:32:47 ----D---- C:\Users\F-16\AppData\Roaming\Disney Interactive Studios
2008-12-13 14:10:46 ----D---- C:\Program Files\Disney Interactive Studios
2008-12-13 14:10:44 ----A---- C:\Windows\system32\XAudio2_2.dll
2008-12-13 14:10:44 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2008-12-13 14:10:43 ----A---- C:\Windows\system32\xactengine3_2.dll
2008-12-13 14:10:43 ----A---- C:\Windows\system32\d3dx10_39.dll
2008-12-13 14:10:43 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2008-12-13 14:10:41 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-12-13 14:10:41 ----A---- C:\Windows\system32\D3DX9_39.dll
2008-12-13 14:10:40 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-12-13 14:10:40 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-12-13 14:10:40 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-12-13 14:10:39 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-12-13 14:10:39 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-12-13 14:10:38 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-12-13 14:09:01 ----A---- C:\Windows\disney.ini
2008-12-13 03:02:28 ----A---- C:\Windows\system32\tzres.dll
2008-12-12 16:13:33 ----A---- C:\Windows\system32\gdi32.dll
2008-12-12 16:13:29 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-12 16:13:29 ----A---- C:\Windows\system32\gameux.dll
2008-12-12 16:13:28 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-12 16:12:21 ----A---- C:\Windows\system32\shell32.dll
2008-12-12 16:12:10 ----A---- C:\Windows\explorer.exe
2008-12-12 16:12:08 ----A---- C:\Windows\system32\mshtml.dll
2008-12-12 16:12:07 ----A---- C:\Windows\system32\urlmon.dll
2008-12-12 16:12:07 ----A---- C:\Windows\system32\ieframe.dll
2008-12-12 16:12:06 ----A---- C:\Windows\system32\wininet.dll
2008-12-12 16:12:06 ----A---- C:\Windows\system32\pngfilt.dll
2008-12-12 16:12:06 ----A---- C:\Windows\system32\mstime.dll
2008-12-12 16:12:06 ----A---- C:\Windows\system32\mshtmled.dll
2008-12-12 16:12:06 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-12 16:12:06 ----A---- C:\Windows\system32\ieUnatt.exe
2008-12-12 16:12:06 ----A---- C:\Windows\system32\ieui.dll
2008-12-12 16:12:06 ----A---- C:\Windows\system32\iesetup.dll
2008-12-12 16:12:06 ----A---- C:\Windows\system32\iertutil.dll
2008-12-12 16:12:06 ----A---- C:\Windows\system32\iernonce.dll
2008-12-12 16:12:06 ----A---- C:\Windows\system32\ieapfltr.dll
2008-12-12 16:12:06 ----A---- C:\Windows\system32\ie4uinit.exe
2008-12-12 16:12:06 ----A---- C:\Windows\system32\icardie.dll
2008-12-12 16:12:06 ----A---- C:\Windows\system32\dxtrans.dll
2008-12-12 16:12:06 ----A---- C:\Windows\system32\dxtmsft.dll
2008-12-12 16:12:06 ----A---- C:\Windows\system32\advpack.dll
2008-12-12 16:11:58 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-12 16:11:58 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-12 16:11:58 ----A---- C:\Windows\system32\mf.dll
2008-12-12 16:11:57 ----A---- C:\Windows\system32\rrinstaller.exe
2008-12-12 16:11:57 ----A---- C:\Windows\system32\mfps.dll
2008-12-12 16:11:57 ----A---- C:\Windows\system32\mfpmp.exe
2008-12-12 16:11:57 ----A---- C:\Windows\system32\mferror.dll
2008-12-12 16:11:57 ----A---- C:\Windows\system32\logagent.exe
2008-12-10 19:58:52 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-12-10 19:58:46 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-12-10 19:55:14 ----D---- C:\ProgramData\Electronic Arts
2008-12-10 19:40:17 ----D---- C:\Program Files\EA Games
2008-12-10 19:21:32 ----D---- C:\Program Files\Common Files\Autodata Limited Shared
2008-12-06 20:27:05 ----D---- C:\Users\F-16\AppData\Roaming\Leadertech
2008-12-06 20:09:30 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-12-06 20:09:30 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-12-06 20:09:29 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-12-06 20:09:29 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-12-06 20:09:29 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-12-06 20:09:28 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-12-06 20:09:27 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-12-06 20:09:26 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-12-06 20:09:26 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-12-06 20:09:24 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-12-06 20:09:24 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-12-06 20:09:23 ----A---- C:\Windows\system32\d3dx10_35.dll
2008-12-06 20:09:23 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2008-12-06 20:09:22 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-12-06 20:09:21 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-12-06 20:09:21 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-12-06 20:09:21 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-12-06 20:09:21 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-12-06 20:09:20 ----A---- C:\Windows\system32\xinput1_3.dll
2008-12-06 20:09:20 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-12-06 20:09:20 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-12-06 20:09:19 ----A---- C:\Windows\system32\d3dx10_33.dll
2008-12-06 20:09:19 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2008-12-06 20:09:18 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-12-06 20:09:18 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-12-06 20:09:18 ----A---- C:\Windows\system32\d3dx9_33.dll
2008-12-06 20:09:17 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-12-06 20:09:17 ----A---- C:\Windows\system32\d3dx10.dll
2008-12-06 20:09:16 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-12-06 20:09:16 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-12-06 20:09:16 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-12-06 20:09:16 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-12-06 20:09:15 ----A---- C:\Windows\system32\xinput1_2.dll
2008-12-05 19:48:24 ----A---- C:\Windows\zip.exe
2008-12-05 19:48:24 ----A---- C:\Windows\VFIND.exe
2008-12-05 19:48:24 ----A---- C:\Windows\SWXCACLS.exe
2008-12-05 19:48:24 ----A---- C:\Windows\SWSC.exe
2008-12-05 19:48:24 ----A---- C:\Windows\SWREG.exe
2008-12-05 19:48:24 ----A---- C:\Windows\sed.exe
2008-12-05 19:48:24 ----A---- C:\Windows\NIRCMD.exe
2008-12-05 19:48:24 ----A---- C:\Windows\grep.exe
2008-12-05 19:48:24 ----A---- C:\Windows\fdsv.exe
2008-12-05 19:48:10 ----D---- C:\Windows\ERDNT
2008-12-05 13:20:46 ----D---- C:\Users\F-16\AppData\Roaming\Malwarebytes
2008-12-05 13:20:39 ----D---- C:\ProgramData\Malwarebytes
2008-12-05 13:20:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-30 17:52:58 ----D---- C:\Program Files\Empire Interactive
2008-11-30 13:50:21 ----D---- C:\Program Files\Rockstar Games
2008-11-26 14:30:11 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2008-11-26 14:30:11 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2008-11-26 14:30:11 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 14:30:08 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 14:30:08 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 14:30:08 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 14:30:04 ----A---- C:\Windows\system32\connect.dll
2008-11-23 13:21:09 ----D---- C:\ProgramData\SRS Labs
2008-11-20 14:12:36 ----A---- C:\Windows\system32\wups2.dll
2008-11-20 14:12:36 ----A---- C:\Windows\system32\wucltux.dll
2008-11-20 14:12:36 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-20 14:12:36 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-20 14:12:20 ----A---- C:\Windows\system32\wups.dll
2008-11-20 14:12:20 ----A---- C:\Windows\system32\wudriver.dll
2008-11-20 14:12:20 ----A---- C:\Windows\system32\wuapi.dll
2008-11-20 14:12:13 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-20 14:12:13 ----A---- C:\Windows\system32\wuapp.exe
2008-11-17 19:48:20 ----A---- C:\Windows\system32\MPEG2VideoDMO.dll
2008-11-17 19:38:06 ----D---- C:\Program Files\e3C
2008-11-15 11:21:35 ----D---- C:\Users\F-16\AppData\Roaming\WinRAR
2008-11-15 11:21:08 ----D---- C:\Program Files\WinRAR

======List of files/folders modified in the last 1 months======

2008-12-14 19:20:13 ----D---- C:\Windows\Prefetch
2008-12-14 19:08:47 ----SD---- C:\Windows\Downloaded Program Files
2008-12-14 16:44:05 ----D---- C:\Windows\Debug
2008-12-14 16:44:05 ----D---- C:\Windows
2008-12-14 13:00:56 ----D---- C:\Windows\System32
2008-12-14 12:53:02 ----A---- C:\Windows\system.ini
2008-12-14 12:50:45 ----D---- C:\Windows\system32\drivers
2008-12-14 12:50:44 ----D---- C:\Windows\AppPatch
2008-12-14 12:50:44 ----D---- C:\Program Files\Common Files
2008-12-14 12:47:40 ----SHD---- C:\System Volume Information
2008-12-14 09:36:51 ----D---- C:\Windows\inf
2008-12-14 09:36:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-14 09:35:32 ----D---- C:\Users\F-16\AppData\Roaming\Azureus
2008-12-14 09:29:11 ----D---- C:\Program Files\Norman
2008-12-13 22:25:07 ----D---- C:\Windows\ModemLogs
2008-12-13 21:30:42 ----RD---- C:\Program Files
2008-12-13 17:57:26 ----SD---- C:\ProgramData\Microsoft
2008-12-13 14:28:17 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-13 14:10:07 ----RSD---- C:\Windows\assembly
2008-12-13 14:09:46 ----SHD---- C:\Windows\Installer
2008-12-13 14:09:46 ----D---- C:\Windows\winsxs
2008-12-13 14:09:40 ----D---- C:\Program Files\Common Files\microsoft shared
2008-12-13 14:09:16 ----D---- C:\Windows\Logs
2008-12-13 03:29:09 ----D---- C:\Windows\rescache
2008-12-13 03:13:39 ----D---- C:\Windows\system32\catroot
2008-12-13 03:13:29 ----ASH---- C:\Program Files\desktop.ini
2008-12-13 03:11:16 ----D---- C:\Windows\system32\fi-FI
2008-12-13 03:11:16 ----D---- C:\Program Files\Windows Mail
2008-12-13 03:11:15 ----D---- C:\Windows\system32\migration
2008-12-13 03:11:15 ----D---- C:\Program Files\Internet Explorer
2008-12-13 03:05:49 ----D---- C:\ProgramData\Microsoft Help
2008-12-13 03:03:02 ----D---- C:\Windows\system32\catroot2
2008-12-10 20:57:34 ----D---- C:\Users\F-16\AppData\Roaming\LimeWire
2008-12-10 20:47:20 ----D---- C:\Program Files\Electronic Arts
2008-12-10 19:55:14 ----HD---- C:\ProgramData
2008-12-10 19:54:42 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-10 19:22:55 ----A---- C:\Windows\win.ini
2008-12-09 15:24:38 ----A---- C:\Windows\system32\mrt.exe
2008-12-06 20:24:40 ----D---- C:\Windows\system32\LogFiles
2008-12-04 20:26:42 ----D---- C:\Windows\LiveKernelReports
2008-11-30 17:57:22 ----SD---- C:\Users\F-16\AppData\Roaming\Microsoft
2008-11-23 21:39:19 ----D---- C:\Program Files\Mozilla Firefox
2008-11-20 22:45:04 ----D---- C:\Users\F-16\AppData\Roaming\dvdcss
2008-11-18 18:29:01 ----D---- C:\Users\F-16\AppData\Roaming\Nokia
2008-11-18 18:27:46 ----D---- C:\Users\F-16\AppData\Roaming\PC Suite
2008-11-18 18:27:37 ----D---- C:\ProgramData\PC Suite

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 WINIO;WINIO; \??\C:\Windows\system32\WinIo.sys [2007-01-04 9336]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 Ndiskio;Ndiskio; \??\C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 20448]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-16 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-05-15 157696]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-07 767488]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-03 14208]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-03-24 980992]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-03-24 207872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-10 1764960]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 NvcMFlt;NvcMFlt; C:\Windows\system32\DRIVERS\nvcv32mf.sys [2008-09-02 19512]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-07-19 7599776]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-06-23 62464]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-03-24 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2007-11-03 82688]
S3 a1hrqtf1;a1hrqtf1; C:\Windows\system32\drivers\a1hrqtf1.sys []
S3 Cam5603D;Bison WebCam; C:\Windows\System32\Drivers\BisonCam.sys [2007-09-07 783272]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 EC168BDA;EC168BDA service; C:\Windows\system32\DRIVERS\EC168BDA.sys [2007-10-17 107904]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-08-24 101504]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 nvcfsr;nvcfsr; \??\C:\Program Files\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 6712]
S3 nvcoafl4;nvcoafl4; \??\C:\Program Files\Norman\Nvc\bin\nvcoafl4.sys [2007-01-09 36472]
S3 nvcoaft4;nvcoaft4; \??\C:\Program Files\Norman\Nvc\bin\nvcoaft4.sys [2007-01-09 104288]
S3 nvcoarc4;nvcoarc4; \??\C:\Program Files\Norman\Nvc\bin\nvcoarc4.sys [2007-01-09 25528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\Windows\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 39808]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2006-11-02 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iastor.sys [2007-07-12 305176]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-06-13 48256]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 131616]
S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-11-08 102912]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2007-11-03 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Autodata Limited License Service;Autodata Limited License Service; C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [2008-12-10 72704]
R2 eLoggerSvc6;Norman eLogger service 6; C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE [2007-08-30 150584]
R2 IviRegMgr;IviRegMgr; c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 Norman ZANDA;Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [2008-04-23 408696]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-12-10 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-16 386560]
R3 Norman NJeeves;Norman NJeeves; C:\Program Files\Norman\Npm\bin\NJEEVES.EXE [2008-03-27 150584]
R3 nsesvc;Norman Scanner Engine Service; C:\Program Files\Norman\nse\bin\NSESVC.EXE [2008-06-19 322616]
R3 nvcoas;Norman Virus Control on-access component; C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2008-04-29 183352]
R3 NVCScheduler;Norman Virus Control Scheduler; C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE [2008-03-11 146488]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
R3 usnjsvc;Messengerin jaettavien kansioiden USN Journal -lokin lukupalvelu; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\Windows\system32\sfrem01.exe [2006-05-10 353912]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 SRS Labs License Service;SRS Labs License Service; C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe []

-----------------EOF-----------------

[ + lainaa]
Teemu
Hujo
Suspended permanently
_ 		14. joulukuuta 2008 @ 19:46 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
C:/users/f-16/appdata/local/temp/i4da<-- löytyykö tuosta eteen päin. Vai onko jo tyhjä.

laita piilotiedostot näkyviin ja seuraa tuota polkua
[ + lainaa]
Voiko tietsikka koskaan toimia?
Teemu_92
Newbie
_ 		14. joulukuuta 2008 @ 21:08 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Kyllä hävisi, mutta kun avaan azureuksen se ilmestyy taas!

Tiedosto on tarkemmin c:/users/f-16/appdata/local/temp/e4jce5ae.tmp_dirc393/i4jdel.exe
[ + lainaa]
Teemu
Hujo
Suspended permanently
_ 		14. joulukuuta 2008 @ 21:27 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
sitten teet näin

Lähetetääni tiedosto Virustotaliin
virustotal

1 Klikkaa Selaa... nappia
2 Selaa sitten siihen tämä tiedosto: c:/users/f-16/appdata/local/temp/e4jce5ae.tmp_dirc393/i4jdel.exe
3 Klikkaa Avaa nappia
4 Klikkaa Send nappia
5 Sivusto scannaa tiedostoa hetken, tallenna sitten tulokset jotka saat vaikka muistioon

==========

jos totaali ei toimi niin tuonne http://virusscan.jotti.org/

selaa ja submit



[ + lainaa]
Voiko tietsikka koskaan toimia?
Teemu_92
Newbie
_ 		14. joulukuuta 2008 @ 21:39 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
se eka ei toiminu mut toine toimi, ei löytyny mtn, eiks se sitte ookkaa virus
[ + lainaa]
Teemu
Mainos
_ 		__
 
_
Hujo
Suspended permanently
_ 		14. joulukuuta 2008 @ 22:07 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
vähän näyttäpi siltä että ei ole.
[ + lainaa]
Voiko tietsikka koskaan toimia?
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > viruksia
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy