kone ihan jumisssa

Huomenta,
tässä raportit:
Logfile of HijackThis v1.99.1
Scan saved at 2:59:08, on 15.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PLUSFAX\system\PlusfaxOut.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plaza.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Omnipage] "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Plusfax] "C:\Program Files\PLUSFAX\system\PlusfaxOut.EXE"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 15, 2008 2:55:21 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/01/2008
Kaspersky Anti-Virus database records: 511465
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 67523
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 00:56:25

Infected Object Name / Virus Name / Last Action
C:\c544a47c36b7efd3cb498e88b919\sp1\spmsg.dll Object is locked skipped
C:\c544a47c36b7efd3cb498e88b919\sp1\spuninst.exe Object is locked skipped
C:\c544a47c36b7efd3cb498e88b919\sp1\update\eula.txt Object is locked skipped
C:\c544a47c36b7efd3cb498e88b919\sp1\update\spcustom.dll Object is locked skipped
C:\c544a47c36b7efd3cb498e88b919\sp1\update\update.exe Object is locked skipped
C:\c544a47c36b7efd3cb498e88b919\sp2\spmsg.dll Object is locked skipped
C:\c544a47c36b7efd3cb498e88b919\sp2\spuninst.exe Object is locked skipped
C:\c544a47c36b7efd3cb498e88b919\sp2\update\eula.txt Object is locked skipped
C:\c544a47c36b7efd3cb498e88b919\sp2\update\spcustom.dll Object is locked skipped
C:\c544a47c36b7efd3cb498e88b919\sp2\update\update.exe Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\Logs\CabDirectory.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\Logs\MiWebServer.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\Logs\Orb.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\Logs\OrbClient.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\Logs\OrbContacts.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\Logs\OrbDMS.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\Logs\OrbErrors.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\Logs\OrbImageProcessing.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\Logs\OrbMediaV2.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\Logs\OrbPVR.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\Logs\OrbRequestProxy.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\Logs\OrbStreamer.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\Logs\OrbTrayIcon.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\Logs\OrbTVXml.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\Logs\rtspServer.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\OrbContacts\OrbContacts.db Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\OrbMediaV2\OrbMedia.db Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\OrbPVR\OrbPVR.db Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\OrbThumbs\OrbThumbsV2.db Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\18AE1138.exe Infected: not-a-virus:Monitor.Win32.Perflogger.ad skipped
C:\Documents and Settings\Jorma\Application Data\Microsoft\Outlook\outitems.log Object is locked skipped
C:\Documents and Settings\Jorma\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\Jorma\Application Data\Skype\jopijop56\call256.dbb Object is locked skipped
C:\Documents and Settings\Jorma\Application Data\Skype\jopijop56\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Jorma\Application Data\Skype\jopijop56\chat4096.dbb Object is locked skipped
C:\Documents and Settings\Jorma\Application Data\Skype\jopijop56\chat512.dbb Object is locked skipped
C:\Documents and Settings\Jorma\Application Data\Skype\jopijop56\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Jorma\Application Data\Skype\jopijop56\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Jorma\Application Data\Skype\jopijop56\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\Jorma\Application Data\Skype\jopijop56\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Jorma\Application Data\Skype\jopijop56\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Jorma\Application Data\Skype\jopijop56\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Jorma\Application Data\Skype\jopijop56\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Jorma\Application Data\Skype\jopijop56\index2.dat Object is locked skipped
C:\Documents and Settings\Jorma\Application Data\Skype\jopijop56\profile256.dbb Object is locked skipped
C:\Documents and Settings\Jorma\Application Data\Skype\jopijop56\user1024.dbb Object is locked skipped
C:\Documents and Settings\Jorma\Application Data\Skype\jopijop56\user256.dbb Object is locked skipped
C:\Documents and Settings\Jorma\Application Data\Skype\jopijop56\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Jorma\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jorma\Local Settings\Application Data\ApplicationHistory\PlusfaxOut.EXE.b96b033d.ini.inuse Object is locked skipped
C:\Documents and Settings\Jorma\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped
C:\Documents and Settings\Jorma\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\Jorma\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jorma\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jorma\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jorma\Local Settings\Temp\Perflib_Perfdata_138.dat Object is locked skipped
C:\Documents and Settings\Jorma\Local Settings\Temp\Perflib_Perfdata_6d0.dat Object is locked skipped
C:\Documents and Settings\Jorma\Local Settings\Temp\~DF42C7.tmp Object is locked skipped
C:\Documents and Settings\Jorma\Local Settings\Temp\~DF42D3.tmp Object is locked skipped
C:\Documents and Settings\Jorma\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jorma\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jorma\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jorma\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT-HALLINTA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT-HALLINTA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT-HALLINTA\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT-HALLINTA\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT-HALLINTA\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT-HALLINTA\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT-HALLINTA\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT-HALLINTA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT-HALLINTA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT-HALLINTA\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT-HALLINTA\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Sygate\SPF\debug.log Object is locked skipped
C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped
C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped
C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped
C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{ED1336EA-CBC6-4A4F-BA13-6989BE1A3237}\RP82\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\S66000806.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{7379FCB8-639E-47FB-B527-01A52F6525B9}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\sam Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\security Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_500.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\Muut\Omat kansiot(1).pst Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

 

Tämä viesti: pesojoh2:lle

Oikein hyvää Huomenta !!! (sanan varsinaisessa merkityksessä)
Vähiin käy ennenkuin loppuu.
------------------------------------------------------
Tässä ohjeet kuinka System Restore (Järjestelmän palautuspiste) puhdistetaan. Windows XP:ssä

* Klikkaa hiiren oikealla napilla käynnistävalikon My Computer- tai oma tietokone-kuvaketta
* Valitse Properties/ominaisuudet (Järjestelmä)
* Valitse System Restore/järjestelmän palauttaminen välilehti
* Laita ruxi "Turn off System Restore"/poista järjestelmän palauttaminen kaikissa asemissa
* Paina Apply/käytä
* Paina OK
* Käynnistä Tietokoneesi uudelleen

* Laita System Restore taas päälle Kohdassa 4 ruxsi pois ruudusta.=> käytä => OK.

* Mene Käynnistä => Suorita ja kopioi laatikkoon %SystemRoot%\system32\restore\rstrui.exe => OK
Laita täppi kohtaan Luo palautuspiste => Seuraava
toimi ohjeiden mukaan.
----------------------------------------------
Virustotal:
Lähetä tiedosto tutkittavaksi: Tänne
Paina selaa nappia ja valitse koneeltasi C:\Program Files\PLUSFAX\system\PlusfaxOut.EXE paina vierestä Send nappia.
kUN Scanni on valmis "maalaa hiirellä" tulos-alue ja kopioi se vastaukseesi.
-------------------------------------------------------------
Tyhjennä tämän kansion sisältö:
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\
------------------------------------------------
Fixaa HJT:llä tämä pois:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
-------------------------------------------------------
Tämmöisten For overclockers, Prime95 ohjelmien käyttö tuo mukanaan usein
kaatuilua ja epävakautta koneelle.

Postita tänne seuraavat lokit:
* Virustotalin tulokset.
* Miltäpä kone alkaa tuntua ???
*

 

huomenta. combofix pysähty tällässeen kohtaan ku c:\pos73b.temp
jonka jälkeen näytöllä näky vaan taustakuva ei muuta???

 

Terve,

Muut hommat tuli hoidettua ohjeiden mukaisesti mutta
noita virustotalin tuloksia en saanut ?
Se jauhoi hommaa 45 minuuttia eikä valmista syntynyt...
Sivun alalaidassa oli "sivulla virhe"(keltainen kolmio)
Jokin meni ilmeisesti pieleen?
(scannissa oli n. 13 sivua tavaraa.)
Mitähän tolle vois tehdä ?
Muutoin kone toimii tosi hyvin, kaikki takkuaminen ja jökkiminen on hävinnyt.

 

j.pv:lle
pos73b.temp <= poistettava tiedosto (del)
Jos ei muutoon lähre niin =>
Käynnistä kone vikasietotilaan => OHJE
Laita piilotiedostot näkyviin =>vikasiedossa OHJE
c:\pos73b.temp

 

pesojoh2:lle
Kokeillaan toista taloa:
Jotti:
Lähetä tiedosto tutkittavaksi: Tänne
Paina selaa nappia ja valitse koneeltasi C:\Program Files\PLUSFAX\system\PlusfaxOut.EXE paina vierestä Submit nappia.
kUN Scanni on valmis "maalaa hiirellä" tulos-alue ja kopioi se vastaukseesi.
PS. Tai Faksille annetaan lähtö ???

 

tota noin mites mä saan sen sammutettua ja käynnistettyä ku ei näytöllä ole muuta kuin toi taustakuva ei edes käynnistä valikkoa saa näkyviin??

 

j.pv
käynnistä kokokone uudelleen.
Vaikka töpseli seinästä jos vähempään usko.

 

j.pv
Combo menee jumiin jos klikkailee ajon aikana muuta,kuin
palomuurille lupia.

 

ok, sain laitettu piilotiedostot näkyviin ajanko uudestaan combon??

 

j.pv
Aja Combo uudelleen.

 

Ei tästä taija tulla mitään.
Heitetään mäkeen koko faksi...

 

pesojoh2
Sitä Skypen fax palikka on maailmalla (ei toivottu).
Onhan noita muunkin merkkisiä.
-----------------------------------------------------
Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
Vistassa Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:

PLUSFAX

 

plusfax otti ja lähti.
Entäs seuraavaksi ?

 

pesojoh2
Emmää tiärä ????

Virukset on pois ja suojat päällä.

Minä toivotan "puhdasta" jatkoa sinulle.

 

okei täs näitä raportteja

ComboFix 08-01-15.1 - Jani Vartia 2008-01-16 12:47:00.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.598 [GMT 2:00]
Running from: C:\Documents and Settings\Jani Vartia\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\posCF8.tmp
C:\posCF9.tmp
C:\posCFA.tmp
C:\posCFB.tmp
C:\posCFC.tmp
C:\posCFD.tmp
C:\posCFE.tmp
C:\posCFF.tmp
C:\posD.tmp
C:\posD0.tmp
C:\posD00.tmp
C:\posD01.tmp
C:\posD02.tmp
C:\posD03.tmp
C:\posD04.tmp
C:\posD05.tmp
C:\posD06.tmp
C:\posD07.tmp
C:\posD08.tmp
C:\posD09.tmp
C:\posD0A.tmp
C:\posD0B.tmp
C:\posD0C.tmp
C:\posD0D.tmp
C:\posD0E.tmp
C:\posD0F.tmp
C:\posD1.tmp
C:\posD10.tmp
C:\posD11.tmp
C:\posD12.tmp
C:\posD13.tmp
C:\posD14.tmp
C:\posD15.tmp
C:\posD16.tmp
C:\posD17.tmp
C:\posD18.tmp
C:\posD19.tmp
C:\posD1A.tmp
C:\posD1B.tmp
C:\posD1C.tmp
C:\posD1D.tmp
C:\posD1E.tmp
C:\posD1F.tmp
C:\posD2.tmp
C:\posD20.tmp
C:\posD21.tmp
C:\posD22.tmp
C:\posD23.tmp
C:\posD24.tmp
C:\posD25.tmp
C:\posD26.tmp
C:\posD27.tmp
C:\posD28.tmp
C:\posD29.tmp
C:\posD2A.tmp
C:\posD2B.tmp
C:\posD2C.tmp
C:\posD2D.tmp
C:\posD2E.tmp
C:\posD2F.tmp
C:\posD3.tmp
C:\posD30.tmp
C:\posD31.tmp
C:\posD32.tmp
C:\posD33.tmp
C:\posD34.tmp
C:\posD35.tmp
C:\posD36.tmp
C:\posD37.tmp
C:\posD38.tmp
C:\posD39.tmp
C:\posD3A.tmp
C:\posD3B.tmp
C:\posD3C.tmp
C:\posD3D.tmp
C:\posD3E.tmp
C:\posD3F.tmp
C:\posD4.tmp
C:\posD40.tmp
C:\posD41.tmp
C:\posD42.tmp
C:\posD43.tmp
C:\posD44.tmp
C:\posD45.tmp
C:\posD46.tmp
C:\posD47.tmp
C:\posD48.tmp
C:\posD49.tmp
C:\posD4A.tmp
C:\posD4B.tmp
C:\posD4C.tmp
C:\posD4D.tmp
C:\posD4E.tmp
C:\posD4F.tmp
C:\posD5.tmp
C:\posD50.tmp
C:\posD51.tmp
C:\posD52.tmp
C:\posD53.tmp
C:\posD54.tmp
C:\posD55.tmp
C:\posD56.tmp
C:\posD57.tmp
C:\posD58.tmp
C:\posD59.tmp
C:\posD5A.tmp
C:\posD5B.tmp
C:\posD5C.tmp
C:\posD5D.tmp
C:\posD5E.tmp
C:\posD5F.tmp
C:\posD6.tmp
C:\posD60.tmp
C:\posD61.tmp
C:\posD62.tmp
C:\posD63.tmp
C:\posD64.tmp
C:\posD65.tmp
C:\posD66.tmp
C:\posD67.tmp
C:\posD68.tmp
C:\posD69.tmp
C:\posD6A.tmp
C:\posD6B.tmp
C:\posD6C.tmp
C:\posD6D.tmp
C:\posD6E.tmp
C:\posD6F.tmp
C:\posD7.tmp
C:\posD70.tmp
C:\posD71.tmp
C:\posD72.tmp
C:\posD73.tmp
C:\posD74.tmp
C:\posD75.tmp
C:\posD76.tmp
C:\posD77.tmp
C:\posD78.tmp
C:\posD79.tmp
C:\posD7A.tmp
C:\posD7B.tmp
C:\posD7C.tmp
C:\posD7D.tmp
C:\posD7E.tmp
C:\posD7F.tmp
C:\posD8.tmp
C:\posD80.tmp
C:\posD81.tmp
C:\posD82.tmp
C:\posD83.tmp
C:\posD84.tmp
C:\posD85.tmp
C:\posD86.tmp
C:\posD87.tmp
C:\posD88.tmp
C:\posD89.tmp
C:\posD8A.tmp
C:\posD8B.tmp
C:\posD8C.tmp
C:\posD8D.tmp
C:\posD8E.tmp
C:\posD8F.tmp
C:\posD9.tmp
C:\posD90.tmp
C:\posD91.tmp
C:\posD92.tmp
C:\posD93.tmp
C:\posD94.tmp
C:\posD95.tmp
C:\posD96.tmp
C:\posD97.tmp
C:\posD98.tmp
C:\posD99.tmp
C:\posD9A.tmp
C:\posD9B.tmp
C:\posD9C.tmp
C:\posD9D.tmp
C:\posD9E.tmp
C:\posD9F.tmp
C:\posDA.tmp
C:\posDA0.tmp
C:\posDA1.tmp
C:\posDA2.tmp
C:\posDA3.tmp
C:\posDA4.tmp
C:\posDA5.tmp
C:\posDA6.tmp
C:\posDA7.tmp
C:\posDA8.tmp
C:\posDA9.tmp
C:\posDAA.tmp
C:\posDAB.tmp
C:\posDAC.tmp
C:\posDAD.tmp
C:\posDAE.tmp
C:\posDAF.tmp
C:\posDB.tmp
C:\posDB0.tmp
C:\posDB1.tmp
C:\posDB2.tmp
C:\posDB3.tmp
C:\posDB4.tmp
C:\posDB5.tmp
C:\posDB6.tmp
C:\posDB7.tmp
C:\posDB8.tmp
C:\posDB9.tmp
C:\posDBA.tmp
C:\posDBB.tmp
C:\posDBC.tmp
C:\posDBD.tmp
C:\posDBE.tmp
C:\posDBF.tmp
C:\posDC.tmp
C:\posDC0.tmp
C:\posDC1.tmp
C:\posDC2.tmp
C:\posDC3.tmp
C:\posDC4.tmp
C:\posDC5.tmp
C:\posDC6.tmp
C:\posDC7.tmp
C:\posDC8.tmp
C:\posDC9.tmp
C:\posDCA.tmp
C:\posDCB.tmp
C:\posDCC.tmp
C:\posDCD.tmp
C:\posDCE.tmp
C:\posDCF.tmp
C:\posDD.tmp
C:\posDD0.tmp
C:\posDD1.tmp
C:\posDD2.tmp
C:\posDD3.tmp
C:\posDD4.tmp
C:\posDD5.tmp
C:\posDD6.tmp
C:\posDD7.tmp
C:\posDD8.tmp
C:\posDD9.tmp
C:\posDDA.tmp
C:\posDDB.tmp
C:\posDDC.tmp
C:\posDDD.tmp
C:\posDDE.tmp
C:\posDDF.tmp
C:\posDE.tmp
C:\posDE0.tmp
C:\posDE1.tmp
C:\posDE2.tmp
C:\posDE3.tmp
C:\posDE4.tmp
C:\posDE5.tmp
C:\posDE6.tmp
C:\posDE7.tmp
C:\posDE8.tmp
C:\posDE9.tmp
C:\posDEA.tmp
C:\posDEB.tmp
C:\posDEC.tmp
C:\posDED.tmp
C:\posDEE.tmp
C:\posDEF.tmp
C:\posDF.tmp
C:\posDF0.tmp
C:\posDF1.tmp
C:\posDF2.tmp
C:\posDF3.tmp
C:\posDF4.tmp
C:\posDF5.tmp
C:\posDF6.tmp
C:\posDF7.tmp
C:\posDF8.tmp
C:\posDF9.tmp
C:\posDFA.tmp
C:\posDFB.tmp
C:\posDFC.tmp
C:\posDFD.tmp
C:\posDFE.tmp
C:\posDFF.tmp
C:\posE.tmp
C:\posE0.tmp
C:\posE00.tmp
C:\posE01.tmp
C:\posE02.tmp
C:\posE03.tmp
C:\posE04.tmp
C:\posE05.tmp
C:\posE06.tmp
C:\posE07.tmp
C:\posE08.tmp
C:\posE09.tmp
C:\posE0A.tmp
C:\posE0B.tmp
C:\posE0C.tmp
C:\posE0D.tmp
C:\posE0E.tmp
C:\posE0F.tmp
C:\posE1.tmp
C:\posE10.tmp
C:\posE11.tmp
C:\posE12.tmp
C:\posE13.tmp
C:\posE14.tmp
C:\posE15.tmp
C:\posE16.tmp
C:\posE17.tmp
C:\posE18.tmp
C:\posE19.tmp
C:\posE1A.tmp
C:\posE1B.tmp
C:\posE1C.tmp
C:\posE1D.tmp
C:\posE1E.tmp
C:\posE1F.tmp
C:\posE2.tmp
C:\posE20.tmp
C:\posE21.tmp
C:\posE22.tmp
C:\posE23.tmp
C:\posE24.tmp
C:\posE25.tmp
C:\posE26.tmp
C:\posE27.tmp
C:\posE28.tmp
C:\posE29.tmp
C:\posE2A.tmp
C:\posE2B.tmp
C:\posE2C.tmp
C:\posE2D.tmp
C:\posE2E.tmp
C:\posE2F.tmp
C:\posE3.tmp
C:\posE30.tmp
C:\posE31.tmp
C:\posE32.tmp
C:\posE33.tmp
C:\posE34.tmp
C:\posE35.tmp
C:\posE36.tmp
C:\posE37.tmp
C:\posE38.tmp
C:\posE39.tmp
C:\posE3A.tmp
C:\posE3B.tmp
C:\posE3C.tmp
C:\posE3D.tmp
C:\posE3E.tmp
C:\posE3F.tmp
C:\posE4.tmp
C:\posE40.tmp
C:\posE41.tmp
C:\posE42.tmp
C:\posE43.tmp
C:\posE44.tmp
C:\posE45.tmp
C:\posE46.tmp
C:\posE47.tmp
C:\posE48.tmp
C:\posE49.tmp
C:\posE4A.tmp
C:\posE4B.tmp
C:\posE4C.tmp
C:\posE4D.tmp
C:\posE4E.tmp
C:\posE4F.tmp
C:\posE5.tmp
C:\posE50.tmp
C:\posE51.tmp
C:\posE52.tmp
C:\posE53.tmp
C:\posE54.tmp
C:\posE55.tmp
C:\posE56.tmp
C:\posE57.tmp
C:\posE58.tmp
C:\posE59.tmp
C:\posE5A.tmp
C:\posE5B.tmp
C:\posE5C.tmp
C:\posE5D.tmp
C:\posE5E.tmp
C:\posE5F.tmp
C:\posE6.tmp
C:\posE60.tmp
C:\posE61.tmp
C:\posE62.tmp
C:\posE63.tmp
C:\posE64.tmp
C:\posE65.tmp
C:\posE66.tmp
C:\posE67.tmp
C:\posE68.tmp
C:\posE69.tmp
C:\posE6A.tmp
C:\posE6B.tmp
C:\posE6C.tmp
C:\posE6D.tmp
C:\posE6E.tmp
C:\posE6F.tmp
C:\posE7.tmp
C:\posE70.tmp
C:\posE71.tmp
C:\posE72.tmp
C:\posE73.tmp
C:\posE74.tmp
C:\posE75.tmp
C:\posE76.tmp
C:\posE77.tmp
C:\posE78.tmp
C:\posE79.tmp
C:\posE7A.tmp
C:\posE7B.tmp
C:\posE7C.tmp
C:\posE7D.tmp
C:\posE7E.tmp
C:\posE7F.tmp
C:\posE8.tmp
C:\posE80.tmp
C:\posE81.tmp
C:\posE82.tmp
C:\posE83.tmp
C:\posE84.tmp
C:\posE85.tmp
C:\posE86.tmp
C:\posE87.tmp
C:\posE88.tmp
C:\posE89.tmp
C:\posE8A.tmp
C:\posE8B.tmp
C:\posE8C.tmp
C:\posE8D.tmp
C:\posE8E.tmp
C:\posE8F.tmp
C:\posE9.tmp
C:\posE90.tmp
C:\posE91.tmp
C:\posE92.tmp
C:\posE93.tmp
C:\posE94.tmp
C:\posE95.tmp
C:\posE96.tmp
C:\posE97.tmp
C:\posE98.tmp
C:\posE99.tmp
C:\posE9A.tmp
C:\posE9B.tmp
C:\posE9C.tmp
C:\posE9D.tmp
C:\posE9E.tmp
C:\posE9F.tmp
C:\posEA.tmp
C:\posEA0.tmp
C:\posEA1.tmp
C:\posEA2.tmp
C:\posEA3.tmp
C:\posEA4.tmp
C:\posEA5.tmp
C:\posEA6.tmp
C:\posEA7.tmp
C:\posEA8.tmp
C:\posEA9.tmp
C:\posEAA.tmp
C:\posEAB.tmp
C:\posEAC.tmp
C:\posEAD.tmp
C:\posEAE.tmp
C:\posEAF.tmp
C:\posEB.tmp
C:\posEB0.tmp
C:\posEB1.tmp
C:\posEB2.tmp
C:\posEB3.tmp
C:\posEB4.tmp
C:\posEB5.tmp
C:\posEB6.tmp
C:\posEB7.tmp
C:\posEB8.tmp
C:\posEB9.tmp
C:\posEBA.tmp
C:\posEBB.tmp
C:\posEBC.tmp
C:\posEBD.tmp
C:\posEBE.tmp
C:\posEBF.tmp
C:\posEC.tmp
C:\posEC0.tmp
C:\posEC1.tmp
C:\posEC2.tmp
C:\posEC3.tmp
C:\posEC4.tmp
C:\posEC5.tmp
C:\posEC6.tmp
C:\posEC7.tmp
C:\posEC8.tmp
C:\posEC9.tmp
C:\posECA.tmp
C:\posECB.tmp
C:\posECC.tmp
C:\posECD.tmp
C:\posECE.tmp
C:\posECF.tmp
C:\posED.tmp
C:\posED0.tmp
C:\posED1.tmp
C:\posED2.tmp
C:\posED3.tmp
C:\posED4.tmp
C:\posED5.tmp
C:\posED6.tmp
C:\posED7.tmp
C:\posED8.tmp
C:\posED9.tmp
C:\posEDA.tmp
C:\posEDB.tmp
C:\posEDC.tmp
C:\posEDD.tmp
C:\posEDE.tmp
C:\posEDF.tmp
C:\posEE.tmp
C:\posEE0.tmp
C:\posEE1.tmp
C:\posEE2.tmp
C:\posEE3.tmp
C:\posEE4.tmp
C:\posEE5.tmp
C:\posEE6.tmp
C:\posEE7.tmp
C:\posEE8.tmp
C:\posEE9.tmp
C:\posEEA.tmp
C:\posEEB.tmp
C:\posEEC.tmp
C:\posEED.tmp
C:\posEEE.tmp
C:\posEEF.tmp
C:\posEF.tmp
C:\posEF0.tmp
C:\posEF1.tmp
C:\posEF2.tmp
C:\posEF3.tmp
C:\posEF4.tmp
C:\posEF5.tmp
C:\posEF6.tmp
C:\posEF7.tmp
C:\posEF8.tmp
C:\posEF9.tmp
C:\posEFA.tmp
C:\posEFB.tmp
C:\posEFC.tmp
C:\posEFD.tmp
C:\posEFE.tmp
C:\posEFF.tmp
C:\posF.tmp
C:\posF0.tmp
C:\posF00.tmp
C:\posF01.tmp
C:\posF02.tmp
C:\posF03.tmp
C:\posF04.tmp
C:\posF05.tmp
C:\posF06.tmp
C:\posF07.tmp
C:\posF08.tmp
C:\posF09.tmp
C:\posF0A.tmp
C:\posF0B.tmp
C:\posF0C.tmp
C:\posF0D.tmp
C:\posF0E.tmp
C:\posF0F.tmp
C:\posF1.tmp
C:\posF10.tmp
C:\posF11.tmp
C:\posF12.tmp
C:\posF13.tmp
C:\posF14.tmp
C:\posF15.tmp
C:\posF16.tmp
C:\posF17.tmp
C:\posF18.tmp
C:\posF19.tmp
C:\posF1A.tmp
C:\posF1B.tmp
C:\posF1C.tmp
C:\posF1D.tmp
C:\posF1E.tmp
C:\posF1F.tmp
C:\posF2.tmp
C:\posF20.tmp
C:\posF21.tmp
C:\posF22.tmp
C:\posF23.tmp
C:\posF24.tmp
C:\posF25.tmp
C:\posF26.tmp
C:\posF27.tmp
C:\posF28.tmp
C:\posF29.tmp
C:\posF2A.tmp
C:\posF2B.tmp
C:\posF2C.tmp
C:\posF2D.tmp
C:\posF2E.tmp
C:\posF2F.tmp
C:\posF3.tmp
C:\posF30.tmp
C:\posF31.tmp
C:\posF32.tmp
C:\posF33.tmp
C:\posF34.tmp
C:\posF35.tmp
C:\posF36.tmp
C:\posF37.tmp
C:\posF38.tmp
C:\posF39.tmp
C:\posF3A.tmp
C:\posF3B.tmp
C:\posF3C.tmp
C:\posF3D.tmp
C:\posF3E.tmp
C:\posF3F.tmp
C:\posF4.tmp
C:\posF40.tmp
C:\posF41.tmp
C:\posF42.tmp
C:\posF43.tmp
C:\posF44.tmp
C:\posF45.tmp
C:\posF46.tmp
C:\posF47.tmp
C:\posF48.tmp
C:\posF49.tmp
C:\posF4A.tmp
C:\posF4B.tmp
C:\posF4C.tmp
C:\posF4D.tmp
C:\posF4E.tmp
C:\posF4F.tmp
C:\posF5.tmp
C:\posF50.tmp
C:\posF51.tmp
C:\posF52.tmp
C:\posF53.tmp
C:\posF54.tmp
C:\posF55.tmp
C:\posF56.tmp
C:\posF57.tmp
C:\posF58.tmp
C:\posF59.tmp
C:\posF5A.tmp
C:\posF5B.tmp
C:\posF5C.tmp
C:\posF5D.tmp
C:\posF5E.tmp
C:\posF5F.tmp
C:\posF6.tmp
C:\posF60.tmp
C:\posF61.tmp
C:\posF62.tmp
C:\posF63.tmp
C:\posF64.tmp
C:\posF65.tmp
C:\posF66.tmp
C:\posF67.tmp
C:\posF68.tmp
C:\posF69.tmp
C:\posF6A.tmp
C:\posF6B.tmp
C:\posF6C.tmp
C:\posF6D.tmp
C:\posF6E.tmp
C:\posF6F.tmp
C:\posF7.tmp
C:\posF70.tmp
C:\posF71.tmp
C:\posF72.tmp
C:\posF73.tmp
C:\posF74.tmp
C:\posF75.tmp
C:\posF76.tmp
C:\posF77.tmp
C:\posF78.tmp
C:\posF79.tmp
C:\posF7A.tmp
C:\posF7B.tmp
C:\posF7C.tmp
C:\posF7D.tmp
C:\posF7E.tmp
C:\posF7F.tmp
C:\posF8.tmp
C:\posF80.tmp
C:\posF81.tmp
C:\posF82.tmp
C:\posF83.tmp
C:\posF84.tmp
C:\posF85.tmp
C:\posF86.tmp
C:\posF87.tmp
C:\posF88.tmp
C:\posF89.tmp
C:\posF8A.tmp
C:\posF8B.tmp
C:\posF8C.tmp
C:\posF8D.tmp
C:\posF8E.tmp
C:\posF8F.tmp
C:\posF9.tmp
C:\posF90.tmp
C:\posF91.tmp
C:\posF92.tmp
C:\posF93.tmp
C:\posF94.tmp
C:\posF95.tmp
C:\posF96.tmp
C:\posF97.tmp
C:\posF98.tmp
C:\posF99.tmp
C:\posF9A.tmp
C:\posF9B.tmp
C:\posF9C.tmp
C:\posF9D.tmp
C:\posF9E.tmp
C:\posF9F.tmp
C:\posFA.tmp
C:\posFA0.tmp
C:\posFA1.tmp
C:\posFA2.tmp
C:\posFA3.tmp
C:\posFA4.tmp
C:\posFA5.tmp
C:\posFA6.tmp
C:\posFA7.tmp
C:\posFA8.tmp
C:\posFA9.tmp
C:\posFAA.tmp
C:\posFAB.tmp
C:\posFAC.tmp
C:\posFAD.tmp
C:\posFAE.tmp
C:\posFAF.tmp
C:\posFB.tmp
C:\posFB0.tmp
C:\posFB1.tmp
C:\posFB2.tmp
C:\posFB3.tmp
C:\posFB4.tmp
C:\posFB5.tmp
C:\posFB6.tmp
C:\posFB7.tmp
C:\posFB8.tmp
C:\posFB9.tmp
C:\posFBA.tmp
C:\posFBB.tmp
C:\posFBC.tmp
C:\posFBD.tmp
C:\posFBE.tmp
C:\posFBF.tmp
C:\posFC.tmp
C:\posFC0.tmp
C:\posFC1.tmp
C:\posFC2.tmp
C:\posFC3.tmp
C:\posFC4.tmp
C:\posFC5.tmp
C:\posFC6.tmp
C:\posFC7.tmp
C:\posFC8.tmp
C:\posFC9.tmp
C:\posFCA.tmp
C:\posFCB.tmp
C:\posFCC.tmp
C:\posFCD.tmp
C:\posFCE.tmp
C:\posFCF.tmp
C:\posFD.tmp
C:\posFD0.tmp
C:\posFD1.tmp
C:\posFD2.tmp
C:\posFD3.tmp
C:\posFD4.tmp
C:\posFD5.tmp
C:\posFD6.tmp
C:\posFD7.tmp
C:\posFD8.tmp
C:\posFD9.tmp
C:\posFDA.tmp
C:\posFDB.tmp
C:\posFDC.tmp
C:\posFDD.tmp
C:\posFDE.tmp
C:\posFDF.tmp
C:\posFE.tmp
C:\posFE0.tmp
C:\posFE1.tmp
C:\posFE2.tmp
C:\posFE3.tmp
C:\posFE4.tmp
C:\posFE5.tmp
C:\posFE6.tmp
C:\posFE7.tmp
C:\posFE8.tmp
C:\posFE9.tmp
C:\posFEA.tmp
C:\posFEB.tmp
C:\posFEC.tmp
C:\posFED.tmp
C:\posFEE.tmp
C:\posFEF.tmp
C:\posFF.tmp
C:\posFF0.tmp
C:\posFF1.tmp
C:\posFF2.tmp
C:\posFF3.tmp
C:\posFF4.tmp
C:\posFF5.tmp
C:\posFF6.tmp
C:\posFF7.tmp
C:\posFF8.tmp
C:\posFF9.tmp
C:\posFFA.tmp
C:\posFFB.tmp
C:\posFFC.tmp
C:\posFFD.tmp
C:\posFFE.tmp
C:\posFFF.tmp
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ilojtgrk.dll
C:\WINDOWS\system32\ncxstnbf.ini
C:\WINDOWS\system32\owysmihu.dll
C:\WINDOWS\system32\pbicrnou.ini
C:\WINDOWS\system32\qfuhfbdj.dll
C:\WINDOWS\system32\rqrqpop.dll
C:\WINDOWS\system32\uonrcibp.dll
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\ututv.ini2
C:\WINDOWS\system32\vbqlvglf.ini
C:\WINDOWS\system32\vtutu.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2007-12-16 to 2008-01-16 )))))))))))))))))
.

2008-01-14 22:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 22:15 . 2008-01-14 22:15 <KANSIO> d-------- C:\VundoFix Backups
2008-01-14 15:28 . 2008-01-14 15:28 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-01-13 16:30 . 2008-01-13 16:30 342,016 --a------ C:\WINDOWS\system32\vtutu.2xe
2008-01-12 16:12 . 2008-01-12 16:12 3,584 --------- C:\WINDOWS\system32\vtutu.1xe
2008-01-12 14:53 . 2008-01-12 14:53 <KANSIO> d-------- C:\Documents and Settings\Jani Vartia\Application Data\F-Secure
2008-01-12 13:29 . 2008-01-12 13:47 51,040 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-01-12 13:29 . 2008-01-12 13:47 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-01-12 13:25 . 2008-01-12 13:25 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-01-12 13:24 . 2008-01-12 14:44 <KANSIO> d-------- C:\Program Files\Sonera Tietoturva
2008-01-12 13:22 . 2008-01-12 13:22 86,114,528 --a------ C:\TSF_7.00_387_02S.EXE
2008-01-12 12:12 . 2008-01-12 12:13 418,135 --a------ C:\UITool3-370a.zip
2008-01-12 11:39 . 2006-03-02 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-12 11:38 . 2006-03-02 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-12 11:37 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-12 11:33 . 2008-01-12 11:33 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-12 11:31 . 2006-03-02 14:00 259,072 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll
2008-01-12 11:31 . 2006-03-02 14:00 40,448 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll
2008-01-12 11:17 . 2006-03-02 14:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-01-12 11:17 . 2006-03-02 14:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-01-12 11:17 . 2006-03-02 14:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-01-12 11:17 . 2006-03-02 14:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-01-12 11:17 . 2008-01-12 11:17 34 --a------ C:\WINDOWS\system\oeminfo.ini
2008-01-12 08:34 . 2008-01-12 08:34 76,864 --a------ C:\WINDOWS\system32\aaufjmeh.dll
2008-01-12 08:31 . 2008-01-12 08:31 163,904 --a------ C:\WINDOWS\system32\fnfpiaaa.dll
2008-01-11 10:20 . 2008-01-11 10:20 342,016 --------- C:\WINDOWS\system32\RCXD.0mp
2008-01-09 18:43 . 2008-01-09 18:45 <KANSIO> d-------- C:\Program Files\Windows Live
2008-01-09 17:26 . 2008-01-16 12:44 342,016 --a------ C:\WINDOWS\system32\vtutu.0xe
2008-01-09 17:26 . 2008-01-16 12:45 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-07 17:42 . 2007-10-25 18:44 8,464,384 --a------ C:\WINDOWS\system32\drivers\vmxnet.sys
2008-01-07 17:35 . 2008-01-12 13:23 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-01-03 00:56 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-02 23:20 . 2008-01-12 12:22 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-30 13:52 . 2008-01-12 09:02 4,410 --a------ C:\WINDOWS\setupapi.old
2007-12-29 22:05 . 2007-12-29 22:09 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-29 22:05 . 2008-01-09 18:43 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-29 16:36 . 2008-01-14 15:17 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-12-29 16:01 . 2007-12-29 16:26 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-27 14:17 . 2007-12-27 14:17 <KANSIO> d-------- C:\Program Files\Winamp Toolbar
2007-12-27 14:17 . 2007-12-27 14:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2007-12-27 14:17 . 2007-12-27 14:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-12-27 14:16 . 2007-12-27 14:17 <KANSIO> d-------- C:\Program Files\Winamp Remote

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 18:27 --------- d-----w C:\Program Files\UnibetpokerMPP
2008-01-10 16:56 --------- d-----w C:\Documents and Settings\Jani Vartia\Application Data\Microgaming
2008-01-06 10:32 --------- d-----w C:\Program Files\DC++
2008-01-04 21:21 --------- d-----w C:\Program Files\Winamp
2008-01-02 22:56 --------- d-----w C:\Program Files\Java
2007-12-30 14:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 16:38 --------- d-----w C:\Program Files\Steam
2007-12-29 14:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-29 12:04 --------- d-----w C:\Program Files\Macrogaming
2007-12-22 13:32 --------- d-----w C:\Program Files\eMule
.

Koodi:

<pre>
----a-w           185,896 2008-01-07 13:11:36  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w           132,496 2008-01-07 13:11:34  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w         1,694,208 2008-01-07 13:11:49  C:\Program Files\Messenger\msmsgs .exe
----a-w           183,208 2008-01-12 12:45:56  C:\Program Files\Sonera Tietoturva\Common\FSM32 .EXE
----a-w           740,208 2008-01-12 12:46:03  C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil .exe
----a-w            15,360 2008-01-16 10:45:22  C:\WINDOWS\system32\ctfmon .exe
</pre>

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr .exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTrayp"="VTtrayp.exe" [2004-06-21 20:57 143360 C:\WINDOWS\system32\VTTrayp.exe]
"VTTimer"="VTTimer.exe" [2004-10-01 10:31 53248 C:\WINDOWS\system32\VTTimer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\vtutu

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2005-09-06 05:10 450560 C:\Program Files\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-03-09 13:15 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2006-06-26 09:46 497200 C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2006-06-26 10:34 614960 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-06-26 10:33 243248 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2007-12-18 03:02 471040 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-03-09 11:05 65536 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
--a------ 2004-04-23 14:28 77824 C:\Program Files\Logitech\Profiler\lwemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-11-30 14:38 1266936 c:\program files\steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2004-10-01 10:31 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
-ra------ 2004-06-21 20:57 143360 C:\WINDOWS\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 17:16 37376 C:\Program Files\Winamp\winampa.exe

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-01-12 13:47]
R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2005-02-05 07:00]
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2003-10-15 04:28]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 10:38]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Sonera Tietoturva\HIPS\fshs.sys [2007-04-26 19:11]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08]
S4 si3112r;si3112r;C:\WINDOWS\system32\drivers\si3112r.sys [2003-05-09 15:55]
S4 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-06-12 17:31]

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-01-16 00:12:50 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\SONERA~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SONERA~1\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 13:07:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-16 13:11:08 - machine was rebooted [Jani Vartia]
ComboFix-quarantined-files.txt 2008-01-16 11:10:57
.
2008-01-15 23:18:50 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:16, on 16.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsqh.exe
C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
C:\Program Files\Sonera Tietoturva\FSAUA\program\fsus.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\hoojiitee\hoojiitee.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157102305475
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5413 bytes




VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.11

Scan started at 22:15:12 14.1.2008

Listing files found while scanning....

C:\windows\system32\qpwdener.dll
C:\windows\system32\qpwdener.dllbox

Beginning removal...

Attempting to delete C:\windows\system32\qpwdener.dll
C:\windows\system32\qpwdener.dll Has been deleted!

Attempting to delete C:\windows\system32\qpwdener.dllbox
C:\windows\system32\qpwdener.dllbox Has been deleted!

Performing Repairs to the registry.
Done!

 

Terve,

OK, hyvä homma !!!
SUURET KIITOKSET VIELÄ !!
Tässä ainakin ymmärsi miten vähän sitä ymmärtää tietokoneista.

 

j.pv
Huh huh !!!! (olipa tauhkaa) Hienosti toimittu
-----------------------------------------
Laita varmuudeksi Windowsin palomuuri päälle Ohjauspanelin => tietoturvakeskuksesta.
-------------------------------------------------
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)



Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

F-Secure taitaa olla saastunut ???
Tee nuo sillä aikaa kun varmistan asian viisaammilta. !!!!

 

ei löydy tuota queteboxia oisko se tuo qoobox????
ainakin f-securella ei pysty manuaalisesti tarkastaa mitään

 

Se on siinä lainausten sisäällä oleva texti.

File::
C:\WINDOWS\system32\vtutu.2xe
C:\WINDOWS\system32\vtutu.1xe
C:\TSF_7.00_387_02S.EXE
C:\WINDOWS\system32\aaufjmeh.dll
C:\WINDOWS\system32\fnfpiaaa.dll
C:\WINDOWS\system32\RCXD.0mp
C:\WINDOWS\system32\vtutu.0xe
C:\WINDOWS\system32\midiihuh.exe
Folder::
C:\SDFix


Kyllä sekure on saastunut.
Pariviikkoa vaha pöpö suomessa.
Älä surffaile paljoa pelkällä palomuurilla.