C:\$Recycle.Bin ei löydy

Moi! Minun käskettii pastee tänne hijackthis loki ja siinä se nyt on. Alkuperäinen viesti:

Scannasin koko koneen ohjelmalla f-secure 8, eikä se voinut puhdistaa virusta. Virus on kuulema tämmöisessä osoitteessa: C:\$Recycle.Bin\S-1-5-21-833519965-4080783282-3383207850-1000\$R3V837X.0xe, enkä millään mahda löytää tuommoista paikkaa mistään. Joten voisiko joku auttaa löytämään tuon kohteen että pääsisin eroon viruksesta. Viruksen nimi on Trojan-Downloader:W32/Agent.FWL. Kokeilin etsiä vistan haku ohjelmalla mutta ei löytynyt.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:52, on 5.12.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sonera Tietoturva\FSGUI\fsguidll.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/en/index.php?rvs=hompag&d=79919370
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [Updater] C:\Windows\system32\updater\explorer.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O13 - Gopher Prefix:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\ORSP Client\fsorsp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6362 bytes

 

Poista lisää poista sovelutuksesta

Absolutist Games Toolbar

Poista kansio vikasiedossa

C:\Program Files\Absolutist_Games

===============

scannaa hjt:llä merkkaa paina Fix checked


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/en/index.php?rvs=hompag&d=79919370
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...html?p=ZNfox000
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)

================

Jos koneella on Malwarebytes' Anti-Malware ennestään suorita ensin päivitys aja sen jälkeen.

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

 

Johan kesti

Malwarebytes' Anti-Malware 1.31
Tietokantaversio: 1463
Windows 6.0.6001 Service Pack 1

5.12.2008 17:57:26
mbam-log-2008-12-05 (17-57-26).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 182099
Kulunut aika: 3 hour(s), 24 minute(s), 12 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 80
Saastuneita rekisteriarvoja: 4
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 1
Saastuneita tiedostoja: 2

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\upmedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ee5a1465-1e73-4784-8f63-45983fdf0db8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
C:\Windows\System32\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\System32\UpMedia\uninstallSE.exe (Adware.SmartShopper) -> Quarantined and deleted successfully.

 

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ComboFix 08-12-05.05 - Harri ja Pojat 2008-12-06 12:34:26.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.389 [GMT 2:00]
Sijainti: c:\users\Harri ja Pojat\Desktop\ComboFix.exe
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Harri ja Pojat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download programs.url
c:\users\Harri ja Pojat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games.url
c:\users\Harri ja Pojat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Translator.url
c:\users\Harri ja Pojat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\Harri ja Pojat\Desktop\Download programs.url
c:\users\Harri ja Pojat\Desktop\Games.url
c:\users\Harri ja Pojat\Desktop\Translator.url
c:\users\Harri ja Pojat\Favorites\Download programs.url
c:\users\Harri ja Pojat\Favorites\Games.url
c:\users\Harri ja Pojat\Favorites\Translator.url
c:\users\Harri ja Pojat\Favorites\Videos.url
c:\users\HARRIJ~1\FAVORI~1\Download programs.url
c:\users\HARRIJ~1\FAVORI~1\Games.url
c:\users\HARRIJ~1\FAVORI~1\Translator.url
c:\users\HARRIJ~1\FAVORI~1\Videos.url
c:\windows\system32\drivers\npf.sys
c:\windows\system32\packet.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MyWebSearchService
-------\Service_NPF


((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-06 to 2008-12-06 )))))))))))))))))
.

2008-12-05 14:21 . 2008-12-05 14:21 <KANSIO> d-------- c:\users\Harri ja Pojat\AppData\Roaming\Malwarebytes
2008-12-05 14:21 . 2008-12-05 14:21 <KANSIO> d-------- c:\users\All Users\Malwarebytes
2008-12-05 14:21 . 2008-12-05 14:21 <KANSIO> d-------- c:\programdata\Malwarebytes
2008-12-05 14:21 . 2008-12-05 14:21 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-05 14:21 . 2008-12-03 19:54 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-05 14:21 . 2008-12-03 19:54 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-05 13:36 . 2008-12-05 13:36 2,560 --a------ c:\windows\_MSRSTRT.EXE
2008-12-05 08:18 . 2008-12-05 08:18 <KANSIO> d-------- c:\program files\Trend Micro
2008-12-04 20:49 . 2008-12-04 20:49 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-11-26 20:06 . 2008-11-26 20:06 <KANSIO> d-------- c:\users\All Users\Adobe Systems
2008-11-26 20:06 . 2008-11-26 20:06 <KANSIO> d-------- c:\programdata\Adobe Systems
2008-11-26 16:05 . 2008-11-26 16:05 30,856 --a------ c:\windows\System32\drivers\fsbts.sys
2008-11-26 12:01 . 2008-10-21 07:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 12:01 . 2008-08-28 05:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 12:01 . 2008-08-28 05:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 12:01 . 2008-08-28 05:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 12:01 . 2008-10-22 05:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 03:09 . 2008-11-26 03:09 <KANSIO> d-------- c:\program files\Common Files\Adobe Systems Shared
2008-11-24 06:37 . 2008-12-06 13:09 38,310 --a------ c:\windows\System32\oodbs.lor
2008-11-23 17:49 . 2008-11-23 17:49 0 --a------ c:\windows\OODCNT.INI
2008-11-23 17:10 . 2008-11-23 17:10 <KANSIO> d-------- c:\windows\System32\oodag
2008-11-23 16:09 . 2008-11-23 16:18 <KANSIO> d-------- c:\program files\OO Software
2008-11-22 23:27 . 2008-11-22 23:27 <KANSIO> d-------- c:\users\All Users\Deskshare
2008-11-22 23:27 . 2008-11-22 23:27 <KANSIO> d-------- c:\programdata\Deskshare
2008-11-22 23:27 . 2008-11-22 23:27 <KANSIO> d-------- c:\program files\AnalogX
2008-11-22 23:26 . 2008-11-22 23:26 <KANSIO> d-------- c:\program files\ATTNaturalVoices
2008-11-22 23:21 . 2008-11-22 23:21 <KANSIO> d-------- c:\program files\XP Codec Pack
2008-11-22 23:21 . 2008-07-09 10:05 421,888 --a------ c:\windows\System32\ac3filter.acm
2008-11-22 23:05 . 2008-11-22 23:05 <KANSIO> d-------- c:\program files\Drumtronic
2008-11-22 23:02 . 2008-11-22 23:02 <KANSIO> d-------- c:\program files\FMS
2008-11-22 22:09 . 2008-11-22 22:09 <KANSIO> d-------- c:\program files\absolutist.com
2008-11-16 20:43 . 2008-11-16 20:43 <KANSIO> d-------- c:\users\Harri ja Pojat\AppData\Roaming\Makayama
2008-11-16 20:42 . 2008-11-16 20:42 <KANSIO> d-------- c:\program files\Makayama.com
2008-11-16 20:42 . 2006-12-31 00:38 245,760 --------- c:\windows\System32\CDAConverterAX.ocx
2008-11-16 20:42 . 1998-10-23 17:28 187,904 --------- c:\windows\System32\Slider.ocx
2008-11-16 20:42 . 2005-11-30 13:49 161,792 --------- c:\windows\System32\lame_enc.dll
2008-11-16 20:42 . 2004-11-01 13:38 57,344 --------- c:\windows\System32\XButton.ocx
2008-11-16 20:42 . 2008-11-16 20:42 56 --a------ c:\windows\System32\S-1-5-21-0020E832
2008-11-16 20:32 . 1996-06-09 13:52 34,864 --a------ c:\windows\UNWISE.EXE
2008-11-16 18:24 . 2008-12-05 18:01 <KANSIO> d-------- c:\program files\Common Files\Symantec Shared
2008-11-15 15:16 . 2008-10-16 23:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-15 15:16 . 2008-10-16 22:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-15 15:16 . 2008-10-16 23:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-15 15:16 . 2008-10-16 23:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-15 15:14 . 2008-10-16 23:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-15 15:14 . 2008-10-16 22:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-15 15:14 . 2008-10-16 23:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-15 15:09 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-15 15:09 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-14 21:39 . 2008-11-14 21:40 <KANSIO> d--h----- c:\users\Marke\igLoader Files
2008-11-13 06:49 . 2008-09-05 07:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-13 06:49 . 2008-08-27 03:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-13 06:47 . 2008-09-10 05:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-11 21:24 . 2008-11-11 21:24 128 --a------ c:\windows\System32\perf.dat

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 10:22 --------- d-----w c:\program files\Steam
2008-12-06 08:00 --------- d-----w c:\program files\Sonera Tietoturva
2008-12-05 16:00 --------- d-----w c:\program files\Norton Security Scan
2008-12-05 12:03 --------- d-----w c:\program files\Uniblue
2008-12-02 13:43 --------- d-----w c:\users\Harri ja Pojat\AppData\Roaming\SystemRequirementsLab
2008-12-02 13:26 --------- d-----w c:\program files\Common Files\Steam
2008-11-26 01:09 --------- d-----w c:\program files\Common Files\Adobe
2008-11-24 13:49 --------- d-----w c:\programdata\fssg
2008-11-24 13:49 --------- d-----w c:\programdata\F-Secure
2008-11-24 13:20 --------- d-----w c:\users\Ropsu\AppData\Roaming\LimeWire
2008-11-23 11:53 --------- d-----w c:\users\Harri ja Pojat\AppData\Roaming\LimeWire
2008-11-22 21:49 --------- d-----w c:\program files\Deskshare
2008-11-12 15:21 453,152 ----a-w c:\windows\System32\NVUNINST.EXE
2008-11-03 09:46 1,307,904 ----a-w c:\windows\System32\ooscrsav.scr
2008-11-03 09:45 730,368 ----a-w c:\windows\System32\oodsvct.exe
2008-11-03 09:45 2,540,800 ----a-w c:\windows\System32\oodtray.exe
2008-11-03 09:45 1,332,480 ----a-w c:\windows\System32\oodag.exe
2008-11-03 09:44 194,816 ----a-w c:\windows\System32\oodbs.exe
2008-11-03 09:42 951,552 ----a-w c:\windows\System32\oodtrrs.dll
2008-11-03 09:41 9,984 ----a-w c:\windows\System32\oodbsrs.dll
2008-11-03 09:41 8,448 ----a-w c:\windows\System32\oodagrs.dll
2008-11-03 09:41 541,952 ----a-w c:\windows\System32\oodssrs.dll
2008-11-03 09:41 15,616 ----a-w c:\windows\System32\oodagmg.dll
2008-10-29 19:25 --------- d-----w c:\program files\MSECache
2008-10-29 19:19 --------- d-----w c:\programdata\WLInstaller
2008-10-28 05:40 --------- d-----w c:\users\Marke\AppData\Roaming\LimeWire
2008-10-27 13:21 37,896 ----a-w c:\windows\system32\drivers\oobctm.sys
2008-10-27 13:21 15,104 ----a-w c:\windows\System32\ootmapi.dll
2008-10-26 14:35 --------- d-----w c:\program files\Pivot Stickfigure Animator
2008-10-23 02:58 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-16 03:54 --------- d-----w c:\program files\Windows Mail
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 14:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-07-16 16:02 23 ----a-w c:\users\Harri ja Pojat\jagex_runescape_preferences.dat
2008-05-18 08:08 174 --sha-w c:\program files\desktop.ini
2008-05-03 13:15 374 ----a-w c:\users\Ropsu\AppData\Roaming\internaldb6334.dat
2008-05-03 12:40 555 ----a-w c:\users\Ropsu\AppData\Roaming\internaldb8467.dat
2008-05-03 12:40 18,432 ----a-w c:\users\Ropsu\AppData\Roaming\internaldb41.dat
2008-03-06 13:24 22,328 ----a-w c:\users\Harri ja Pojat\AppData\Roaming\PnkBstrK.sys
2008-02-06 12:19 32 ----a-r c:\users\All Users\hash.dat
2008-02-06 12:19 32 ----a-r c:\programdata\hash.dat
2008-04-02 06:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-02 06:24 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-02 06:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-04-24 05:11 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-24 05:11 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-24 05:11 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-04-01 18:36 952 --sha-w c:\windows\System32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\Sonera Tietoturva\Common\FSM32.EXE" [2008-09-23 182936]
"Updater"="c:\windows\system32\updater\explorer.exe" [2007-11-24 1478612]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]
"ooccctrl.exe"="c:\program files\OO Software\CleverCache\ooccctrl.exe" [2007-01-28 1911568]
"F-Secure TNB"="c:\program files\Sonera Tietoturva\FSGUI\TNBUtil.exe" [2008-09-23 957024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 09:33 125952 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
--a------ 2008-09-23 15:37 957024 c:\program files\Sonera Tietoturva\FSGUI\tnbutil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 10:13 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-03-26 17:41 1232896 c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-12-10 03:06 7311360 c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-12-10 03:06 86016 c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 11:53 1079808 c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
--a------ 2003-11-20 18:01 525824 c:\program files\COMPAQ\SetRefresh\SetRefresh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-07 14:32 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 09:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-12-10 03:06 1519616 c:\windows\System32\nwiz.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-833519965-4080783282-3383207850-1003]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{707EA7F8-34D5-4944-906F-1168A7C1C758}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{342B1712-959D-4A55-928B-1FC7E0CCFAA4}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{E01A1F96-E06B-4D3D-BEB1-D358829FDF2F}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B541110B-76BB-48E4-B334-480669E544A2}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{0F92360B-F7B0-4DE0-A08D-1B5ED1A072FA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{9F93BC84-21B9-40B8-AA31-C8F3C67BE77D}c:\\users\\harri ja pojat\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\harri ja pojat\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{8D1A3F62-6408-4E48-B91A-55F6131F6482}c:\\users\\harri ja pojat\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\harri ja pojat\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{24545529-EBC1-469A-BA9F-814D6350F8DE}c:\\program files\\the all-seeing eye\\eye.exe"= UDP:c:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"UDP Query User{0A83F2E0-7E8F-4F82-96D5-AF3BF56982A4}c:\\program files\\the all-seeing eye\\eye.exe"= TCP:c:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"TCP Query User{ECDEAF22-8D1C-43C1-BC35-AD716E730BFB}c:\\program files\\steam\\steamapps\\wblade\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\wblade\counter-strike source\hl2.exe:hl2
"UDP Query User{3710372F-7F9D-4862-8641-66857D4389E1}c:\\program files\\steam\\steamapps\\wblade\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\wblade\counter-strike source\hl2.exe:hl2
"TCP Query User{DF40DA1D-E8C5-4519-BBC1-1F51810B479D}c:\\users\\harri ja pojat\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\harri ja pojat\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{2803395F-753D-44D9-8E78-BE0D03E65720}c:\\users\\harri ja pojat\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\harri ja pojat\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{CD6DB7A6-7FC5-4335-B354-37868F2DE9B5}c:\\users\\harri ja pojat\\appdata\\local\\temp\\rar$ex04.141\\eye.exe"= UDP:c:\users\harri ja pojat\appdata\local\temp\rar$ex04.141\eye.exe:eye.exe
"UDP Query User{00478E83-D9DD-46DC-A031-5803B56BE4DA}c:\\users\\harri ja pojat\\appdata\\local\\temp\\rar$ex04.141\\eye.exe"= TCP:c:\users\harri ja pojat\appdata\local\temp\rar$ex04.141\eye.exe:eye.exe
"TCP Query User{3BEAC2AA-961E-4816-94B6-D19377E65A1D}c:\\users\\harri ja pojat\\appdata\\local\\temp\\rar$ex00.328\\eye.exe"= UDP:c:\users\harri ja pojat\appdata\local\temp\rar$ex00.328\eye.exe:eye.exe
"UDP Query User{D72E702E-42DD-4CF2-B59A-33D47DD42EA6}c:\\users\\harri ja pojat\\appdata\\local\\temp\\rar$ex00.328\\eye.exe"= TCP:c:\users\harri ja pojat\appdata\local\temp\rar$ex00.328\eye.exe:eye.exe
"TCP Query User{8CE04288-8485-4582-A326-568D5208457E}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{C2185D9C-895F-4893-A54E-D34D90937459}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{3332C901-5F33-4926-B3CF-A1527741325E}c:\\users\\harri ja pojat\\desktop\\eye.exe"= UDP:c:\users\harri ja pojat\desktop\eye.exe:eye.exe
"UDP Query User{129E6E18-1A22-42BC-B17B-FA41602D8129}c:\\users\\harri ja pojat\\desktop\\eye.exe"= TCP:c:\users\harri ja pojat\desktop\eye.exe:eye.exe
"TCP Query User{C23C951E-6D88-4C7E-8E66-97CD0BF82BDB}c:\\program files\\steam\\steamapps\\wblade\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\wblade\day of defeat source\hl2.exe:hl2
"UDP Query User{E151C1EE-1D87-4ACB-A5DE-C68C89547762}c:\\program files\\steam\\steamapps\\wblade\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\wblade\day of defeat source\hl2.exe:hl2
"TCP Query User{CB188B60-4C8A-4AA6-8CEF-29729DF65E99}c:\\program files\\winamp remote\\bin\\orbtray.exe"= UDP:c:\program files\winamp remote\bin\orbtray.exe:Orb
"UDP Query User{D90B6630-EC90-4AD6-90DE-3CC22FE21088}c:\\program files\\winamp remote\\bin\\orbtray.exe"= TCP:c:\program files\winamp remote\bin\orbtray.exe:Orb
"TCP Query User{C1A9C50C-1022-4AC6-BB75-3AD327AF8760}c:\\program files\\steam\\steamapps\\jertsu7@jippii.fi\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\jertsu7@jippii.fi\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{591FFB41-845E-4F82-B32A-22485B528F77}c:\\program files\\steam\\steamapps\\jertsu7@jippii.fi\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\jertsu7@jippii.fi\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{ED22C2BE-1E81-4CF2-9438-0A236DF0739F}c:\\program files\\steam\\steamapps\\jertsu7@jippii.fi\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\jertsu7@jippii.fi\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{AC80273F-C27C-4487-A3D3-1FD0F260ED46}c:\\program files\\steam\\steamapps\\jertsu7@jippii.fi\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\jertsu7@jippii.fi\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{CA9313E3-9A74-4FC7-92BB-1E990DDFBC97}c:\\users\\ropsu\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\ropsu\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{8F2F84A2-E105-4060-B7C1-2096814F01C1}c:\\users\\ropsu\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\ropsu\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{0F2CD5EE-CE9C-4548-B0F2-3A0C76A732C8}c:\\program files\\soldier of fortune ii - double helix\\sof2mp.exe"= UDP:c:\program files\soldier of fortune ii - double helix\sof2mp.exe:SoF2MP
"UDP Query User{1AEFF60B-97EB-4E13-9E5E-E17B6D7943D7}c:\\program files\\soldier of fortune ii - double helix\\sof2mp.exe"= TCP:c:\program files\soldier of fortune ii - double helix\sof2mp.exe:SoF2MP
"TCP Query User{8D736D6A-8EAE-4485-9DA3-56F2B046A565}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{B0A92F51-179F-424A-B093-4B224ED03844}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{AAC5CA2D-D7BE-4880-8328-FF5FA72BFCE4}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{50AE87BC-95CF-48A2-BA33-DAAA24D3C7D4}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{E0482A48-984B-4A40-9DE4-B2879245E23D}"= UDP:c:\windows\System32\PnkBstrA.exenkBstrA
"{8E366BF7-A298-448B-8A41-CBCD48B13D6E}"= TCP:c:\windows\System32\PnkBstrA.exenkBstrA
"{FF404497-5450-4D28-A899-81D830BBBE0F}"= UDP:c:\windows\System32\PnkBstrB.exenkBstrB
"{B3946FD1-509C-4D99-A136-B2BF912FD885}"= TCP:c:\windows\System32\PnkBstrB.exenkBstrB
"{8B08F74C-CEC6-47ED-A256-009D4891E43B}"= UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{32DA080D-1C36-4724-BB20-1B4F15A084BC}"= TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{9E68B697-6410-45DC-8BEB-B14AE12BC66A}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EA7B425A-408A-4B07-9A4C-2836382826C3}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{67A17DF2-E083-4C23-BB64-7379556202B9}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{6B800263-5132-4F54-8380-09E6CFD01347}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{8C64B96B-4CAC-45B6-A650-19C6162CDA71}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{EC471574-4155-49CF-9FBA-402F3CE0D962}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{784B1A8F-D161-42D2-9D5F-8C8C41167433}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{A1A88667-4DB8-4AE9-B076-82B2E9B4F62F}c:\\program files\\microsoft games\\age of empires ii trial\\empires2.exe"= UDP:c:\program files\microsoft games\age of empires ii trial\empires2.exe:Age of Empires II
"UDP Query User{86E0F627-1A52-4925-9D00-D04FC34BC2B6}c:\\program files\\microsoft games\\age of empires ii trial\\empires2.exe"= TCP:c:\program files\microsoft games\age of empires ii trial\empires2.exe:Age of Empires II
"TCP Query User{5DF77143-FE49-4C8B-9780-88B8E6628410}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{CE4B3A99-8662-4500-9004-AAD51B7B8890}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"{BE7F78A8-7EC1-4733-BE2D-25A9DE4B4E11}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{5FAA9D3C-4572-4472-A3AE-E80E20D53E62}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{6CD816F5-74C1-4F2B-B33B-CDBE4C5E7939}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8FA21090-F989-4CA7-97B4-EFCB744222AF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{22081900-04B9-4630-A078-847BE63B1B34}"= UDP:c:\users\Ropsu\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{86319355-61B3-472E-A216-7E0E5245DEC9}"= TCP:c:\users\Ropsu\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{5DB433FF-B9C9-4794-A56E-58715AC5D0DE}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{6946391E-51C8-46CA-AC2C-707DBF15FEFA}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{56A1DDAF-4228-4CE4-B212-42D889587068}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{486132E0-5227-4646-8EEE-3EBEC09FFBB7}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A75C3DCD-7C8E-4C62-A39A-AB6C9D84EBBB}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BFC355BA-66DA-423B-9C4F-50E102D30DA4}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7A1EFD32-AED2-4B37-AEAB-514FF5E526BE}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{EA26ABDC-092F-4D32-8902-DCF8C6514297}c:\\program files\\fighter ace anniversary edition\\rsync.exe"= UDP:c:\program files\fighter ace anniversary edition\rsync.exe:rsync Application
"UDP Query User{BCFA0E3C-DCBE-477A-A3C2-79DCEE012A06}c:\\program files\\fighter ace anniversary edition\\rsync.exe"= TCP:c:\program files\fighter ace anniversary edition\rsync.exe:rsync Application
"TCP Query User{02E4F075-4205-4BBE-8263-5B3992997786}c:\\program files\\steam\\steamapps\\jertsu7@jippii.fi\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\jertsu7@jippii.fi\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{AB7BE7BF-ACFA-4355-9C2D-03AB56E315DD}c:\\program files\\steam\\steamapps\\jertsu7@jippii.fi\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\jertsu7@jippii.fi\counter-strike\hl.exe:Half-Life Launcher

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2008-11-26 30856]
R1 F-Secure HIPS;F-Secure HIPS;\??\c:\program files\Sonera Tietoturva\HIPS\drivers\fshs.sys [2008-11-24 66720]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2007-10-28 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2007-10-28 70944]
R1 fsvista;F-Secure Vista Support Driver;\??\c:\program files\Sonera Tietoturva\Anti-Virus\minifilter\fsvista.sys [2007-10-28 12384]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys [2007-10-28 72288]
R3 FSORSPClient;F-Secure ORSP Client;"c:\program files\Sonera Tietoturva\ORSP Client\fsorsp.exe" [2008-11-24 55904]
S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 9600]
S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
S4 CVYDDAL;CVYDDAL;c:\users\HARRIJ~1\AppData\Local\Temp\CVYDDAL.exe []
S4 DRGJBSA;DRGJBSA;c:\users\HARRIJ~1\AppData\Local\Temp\DRGJBSA.exe []
S4 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys [2007-10-28 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys [2007-10-28 25184]
S4 QUBC;QUBC;c:\users\HARRIJ~1\AppData\Local\Temp\QUBC.exe []
S4 XHBPQH;XHBPQH;c:\users\HARRIJ~1\AppData\Local\Temp\XHBPQH.exe []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
'Ajoitetut tehtävät'-kansion sisältö

2008-12-06 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2008-12-05 c:\windows\Tasks\Norton Security Scan for Harri ja Pojat.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
- - - - POISTETUT JÄMÄRIVIT - - - -

MSConfigStartUp-4ccae92f - c:\users\Ropsu\AppData\Local\Temp\iktwbnmf.dll
MSConfigStartUp-BM4ff9dab3 - c:\users\HARRIJ~1\AppData\Local\Temp\ahbqdric.dll
MSConfigStartUp-cmds - c:\users\Ropsu\AppData\Local\Temp\cbXPijJA.dll
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-MSServer - c:\windows\system32\mljheBQH.dll
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-Salestart - c:\program files\Common Files\TurvaPC\stm.exe dm=http://turvapc.com ad=http://turvapc.com
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


.
------- Täydentävä tarkistus -------
.
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files\Sonera Tietoturva\FSPS\program\FSLSP.DLL
FireFox -: Profile - c:\users\Harri ja Pojat\AppData\Roaming\Mozilla\Firefox\Profiles\jgh0mat8.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fi/firefox
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npigl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 13:11:40
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'Explorer.exe'(2964)
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fin.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Muut prosessit ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
c:\program files\Sonera Tietoturva\Common\FSMA32.EXE
c:\program files\Sonera Tietoturva\Anti-Virus\fsgk32.exe
c:\windows\System32\oodag.exe
c:\program files\Sonera Tietoturva\Common\FSMB32.EXE
c:\program files\OO Software\CleverCache\ooccag.exe
c:\program files\Sonera Tietoturva\Common\FCH32.EXE
c:\program files\Sonera Tietoturva\Common\FAMEH32.EXE
c:\program files\Sonera Tietoturva\Anti-Virus\fsqh.exe
c:\program files\Sonera Tietoturva\FSPC\fspc.exe
c:\program files\Sonera Tietoturva\FSAUA\program\fsaua.exe
c:\program files\Sonera Tietoturva\Anti-Virus\fssm32.exe
c:\program files\Sonera Tietoturva\FWES\program\fsdfwd.exe
c:\program files\Sonera Tietoturva\FSAUA\program\fsus.exe
c:\windows\System32\conime.exe
c:\program files\Sonera Tietoturva\Anti-Virus\fsav32.exe
c:\program files\Sonera Tietoturva\FSGUI\fsguidll.exe
.
**************************************************************************
.
Valmistumisajankohta: 2008-12-06 13:22:44 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2008-12-06 11:21:58

Ennen ajoa: 6 961 238 016 tavua vapaana
Ajon jälkeen: 6,711,857,152 tavua vapaana

367 --- E O F --- 2008-12-06 08:04:23

 

scannaa uusi hjt:n loki

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:58, on 7.12.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Sonera Tietoturva\FSGUI\fsguidll.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [Updater] C:\Windows\system32\updater\explorer.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O13 - Gopher Prefix:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\ORSP Client\fsorsp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 4730 bytes

 

Mitäs ihmettä.. Mulla on yhtäkkiä alkanu kone käydä todella hitaalla ja windows kaatuilee välillä. Kun avaan koneen tai vaihdan käyttäjää niin fsecuren käytönaikainen tarkistus eli tämä rasittava fssm32 syö tehoja aivan hulluna. muistia se vie about 130,000kt ja prosessorilta myös paljon. Ja olen huomannut että juuri nämä windowssin palvelut ja työskentely työpöydällä on todella hidasta. Tuossa combofixin ajamisessa oli myös jotain silmään pistävää, aika alkuvaiheilla kun avasin tuon combofixin niin fsecure hälytti jostain viruksesta, jonka nimi oli muistaakseni EIRA test file tjs. onko normaalia??

 

Tuolla on f-securen virustiedostot

==========

aja tuo

Lataa Tästä Ccleaner
CCleaner v 2.14.750.- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
Asennuksen jälkeen aukaise CCleaneri.
Valitse vasemmalta pystyrivistä Options.
Valitse viereisestä pystyrivistä Settings.
Language kohtaan valitse Suomi.

Puhdistaja
Valitse vasemmalta pystyrivistä Puhdistaja.
Paina alhaalta Tutki.
Nyt CCleaneri tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaneri poistaa löydetyt tempit, cookiessit jne.

Rekisterin virheiden korjaus
Valitse vasemmalta pystyrivistä Rekisteri.
Paina alhaalta Etsi rekisterin virheitä.
Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
Saat vielä varmistus kysymyksen, paina Ok.
Kun virheet on korjattu, paina Sulje.
Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.

 

Tohon mun äskösee viestii vielä, että taas toimii kunnolla boottasin koneen.

 

Hyvä et wörkkii

===========

Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

 

done, onko vielä muuta mitä pitäis tehdä?

 

ootetaan uusia ongelmia

 

No mulla olis heti yks, ollu jo pidemmän aikaa. Nimittäin käynnistys/uudelleenkäynnistys ongelma. Jos käynnistän koneen uudelleen niin se jää jumittaa siihen kohtaan mistä vista alkaa lataan itseään, jossa menee ne vihree palkit. Ja sitten jos sammutan koneen ja käynnistän heti peraan uusiks niin keskusyksikkö lähtee päälle mutta näyttö ei. Eli näyttöön jää keltanen valo palamaan alareunaan. Pitää odottaa suunnillee joku 10min että taas menee päälle niinkuin pitääkin.
Asia menee kyllä vähän ohi aiheen mutta aattelin nyt kysästä sulta että juolahtaako mieleen mitään ratkaisuja .

 

Javan päivitys ja välimuistin tyhjennys:

Lataa JavaRa ja pura se työpöydällesi.

***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***

* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.
4. Asenna uusin Java päivitys seuraavasta linkistä..

Lataa täältä uusi java

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 11
Paina Download
Laita Platform -kohtaan Windows
Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue
Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe

Tallenna tiedosto vaikka työpöydälle ja asenna se.

5. Käynnistä kone uudelleen asennuksen jälkeen.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:
* Applications and Applets
* Trace and Log Files

Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically
Valitse Never check
11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.

 

Tuo javaran loki ei avaudu..

 

Luo poistolista:
• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta ketjuusi

 

Siis lataanko tuon javan ennenkuin teen ton poistolistan vai toistepäin?

 

Juu lataa ensin java ja asenna

jos tää ei kerran toimi > JavaRa

 

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Audition 3.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Photoshop Elements 6.0
Adobe Reader 8.1.2 - Suomi
Adobe Shockwave Player 11
Age of Empires III Trial
AnalogX SayIt
Apple Mobile Device Support -tuki
Apple Software Update
AT&T Labs' Natural Voices 1.4 - Desktop Runtime
Bonjour
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon MP160
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Creative MuVo V100
Creative System Information
Drumtronic
FMS
Google Toolbar for Firefox
Graffiti Studio 2.0
Half-Life Dedicated Server Update Tool
HijackThis 2.0.2
HLTooLz
HP SetRefresh
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 5
LimeWire PRO 4.17.5
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Suomalaisen monikielisen näppäimistön arviointiversio
mIRC
Mobile Ringtone Studio Demo 1.00
Mozilla Firefox (3.0.4)
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nokia Connectivity Cable Driver
Nokia Connectivity Cable Driver
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Norton Security Scan
Norton Security Scan (Symantec Corporation)
NRJ Kauppa
NVIDIA Drivers
O&O CleverCache
O&O Defrag Professional
PC Connectivity Solution
Pivot Stickfigure Animator
Player Recovery Drivers
Pool House v1.0
QuickTime
RealPlayer
Sonera Tietoturva
Steam
System Requirements Lab
TuneUp Utilities 2008
Ultimate Extras sounds from Microsoft® Tinker™
Uninstall 1.0.0.0
VCRedistSetup
Video Edit Magic 4.4
VideoLAN VLC media player 0.8.6c
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Live installer
Windows Live Messenger
Windows Liven kirjautumisavustaja
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
Windows Vista Upgrade Advisor
WinRAR archiver
XP Codec Pack