1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Kone tilttaa- HJT

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi Jazzzi 22.09.2010.

  1. Jazzzi

    Jazzzi Member

    Liittynyt:
    16.09.2010
    Viestejä:
    37
    Kiitokset:
    0
    Pisteet:
    16
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 17:55:11, on 22.9.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\nvsvc32.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\system32\spoolsv.exe
    H:\WINDOWS\Explorer.EXE
    H:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
    H:\Program Files\PC Protection\Common\FSMA32.EXE
    H:\Program Files\PC Protection\Anti-Virus\FSGK32.EXE
    H:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    H:\Program Files\PC Protection\Common\FSHDLL32.EXE
    H:\Program Files\Java\jre6\bin\jqs.exe
    H:\Program Files\Common Files\LightScribe\LSSrvc.exe
    H:\WINDOWS\system32\PnkBstrA.exe
    H:\WINDOWS\system32\PnkBstrB.exe
    H:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    H:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe
    H:\Program Files\PC Protection\Common\FSM32.EXE
    H:\Program Files\Common Files\Java\Java Update\jusched.exe
    H:\WINDOWS\system32\RUNDLL32.EXE
    H:\WINDOWS\RTHDCPL.EXE
    H:\WINDOWS\system32\ctfmon.exe
    H:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe
    H:\WINDOWS\system32\svchost.exe
    H:\Program Files\PC Protection\Anti-Virus\fssm32.exe
    H:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
    H:\Program Files\PC Protection\Anti-Virus\fsav32.exe
    H:\WINDOWS\system32\wbem\wmiapsrv.exe
    H:\WINDOWS\System32\svchost.exe
    H:\Program Files\Internet Explorer\IEXPLORE.EXE
    H:\Program Files\Internet Explorer\IEXPLORE.EXE
    H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    H:\WINDOWS\system32\DllHost.exe
    H:\Program Files\VideoLAN\VLC\vlc.exe
    H:\Program Files\Internet Explorer\IEXPLORE.EXE
    H:\WINDOWS\system32\dllhost.exe
    H:\Program Files\Internet Explorer\IEXPLORE.EXE
    H:\WINDOWS\system32\msiexec.exe
    H:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - H:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - H:\Program Files\PC Protection\NRS\iescript\baselitmus.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - H:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - H:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - H:\Program Files\PC Protection\NRS\iescript\baselitmus.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] H:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [CreativeMS2020] H:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "H:\Program Files\PC Protection\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "H:\Program Files\PC Protection\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [CanonSolutionMenu] H:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] H:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [nwiz] H:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Google Sidewiki... - res://H:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
    O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll
    O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - H:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - H:\WINDOWS\system32\services.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - H:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - H:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - H:\Program Files\PC Protection\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - H:\Program Files\PC Protection\ORSP Client\fsorsp.exe
    O23 - Service: Windows Live -perheturvapalvelu (fsssvc) - Unknown owner - H:\Program Files\Windows Live\Family Safety\fsssvc.exe (file missing)
    O23 - Service: Google-päivityspalvelu (gupdate) (gupdate) - Unknown owner - H:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - H:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - H:\WINDOWS\system32\imapi.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - H:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - H:\WINDOWS\system32\services.exe
    O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - H:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Älykortti (SCardSvr) - Unknown owner - H:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - H:\WINDOWS\System32\vssvc.exe
    O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - H:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - H:\Program Files\Windows Media Player\WMPNetwk.exe

    --
    End of file - 11303 bytes
     
  2.  
  3. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    .
    Logilla ei "Tilttiä" näy
    Kertoisitko hiukan tarkemmin ???
    :)
     
  4. Jazzzi

    Jazzzi Member

    Liittynyt:
    16.09.2010
    Viestejä:
    37
    Kiitokset:
    0
    Pisteet:
    16
    Nii elikkäs ku aina pelaan jotain peliä ni kone tilttaa sen 10min ja mitään ei voi tehä peri aatteessa kaikki sammuu paitsi virrat ainut resettaamis keino on virtojen katksu joka hajottaa koneen osia. malwarebytes tai f-secure ei löydä mitään mutta sitten ku menee tapahtuma logiin ni näkyy virhe f-secure gatekeeper ja sit ku laittaa infoo ni siel on joku SHelp.xmtl tiedosto mut tuski se aiheuttaa tilttiä vaikka se tulee aina tiltin kohalla tai ainaki aika on sama ja sit ei toimi tuo paikallisen levy H:n virhe tarkastus toimi tulee et virhe toimintoa ei voi suorittaa loppuun
     
  5. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    .
    Auttaaisko jos sammutat fsgk32st.exe tehtävien hallinnasta ???
    F-Secure Anti spyware software

    Sinne pääsee Ctrl + Sift + Esc kokeile sama silloinkun kone menee
    jumiin pääseekö tehtävienhallintaan silloin.

    -----------------------------------------------------

    Mitä muuta olet koneelle asentanut, kun XP on H:\ asemalla ???

    :)
     
  6. Jazzzi

    Jazzzi Member

    Liittynyt:
    16.09.2010
    Viestejä:
    37
    Kiitokset:
    0
    Pisteet:
    16
    Joo no kokeilen päivällä sen.
    XP on aina ollu H asemalla ku ei mulla oo muuta ku H asema
     
  7. Jazzzi

    Jazzzi Member

    Liittynyt:
    16.09.2010
    Viestejä:
    37
    Kiitokset:
    0
    Pisteet:
    16
    No ainakaan tiltis ei pääse tehtävien hallintaan ---> koht kokeilen ilman fsgk32st:eetä
     
  8. Jazzzi

    Jazzzi Member

    Liittynyt:
    16.09.2010
    Viestejä:
    37
    Kiitokset:
    0
    Pisteet:
    16
    Tulee tiltti vaikka on pois päältä toi mut sitku kävin tapahtumien valvonnassa ni siel oli nyt 3 kertaa Virhe F-secure gatekeeper minäpä laitan tänne mitä niissä luki
    1. Real-time scanning failure occurred. Intercepted file name=\Device\HarddiskVolume1...CTFaMicetra.exe
    2. Real-time scanning failure occurred. Intercepted file name=\Device\HarddiskVolume1\Doc...SHelper.xml
    3.Real-time scanning failure occurred. Intercepted file name=\Device\HarddiskVolume1\Doc...desktop.ini

    Se on täynä vaikka mitä jotkut on windows kansiostaki!
     
  9. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    .
    Jotain siellä on pielessä =>
    C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe

    -----------------------------------------

    Lataa Malwarebytes' Anti-Malware työpöydällesi.

    Jos linkki ei toimi, voit ladata myös seuraavista linkeistä:
    Linkki1
    Linkki2


    * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
    * Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
    * Jos päivitys löytyy, ohjelma lataa ja asentaa uusimman version. Jos päivityksien lataaminen ei onnistu, voit ladata päivitykset tästä. Tuplaklikkaa mbam-rules.exe asentaaksesi päivitykset.
    * Kun ohjelma on latautunut ja päivitykset tehty, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
    * Kun tarkistus on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
    * Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
    * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    * Lähetä lokin sisältö seuraavassa viestissäsi.[/list]

    Huom. Jos Mbam ei pystynyt poistamaan tiedostoa, se pyytää sinua käynnistämään koneesi uudelleen. Käynnistä koneesi silloin uudelleen heti. Mbam voi tehdä muutoksia rekisteriisi osana puhdistusta. Jos käytät suojausohjelmaa, joka havaitsee rekisterin muutokset, salli Mbamin tehdä muutokset.

    Lähetä =>
    Uusi HJT logi ja
    Kopioi Malwarebytes' Anti-Malwaren Logitiedostot välilehdeltä uusin logi tänne.
    :)
     
  10. Jazzzi

    Jazzzi Member

    Liittynyt:
    16.09.2010
    Viestejä:
    37
    Kiitokset:
    0
    Pisteet:
    16
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 17:16:16, on 24.9.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\nvsvc32.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\system32\spoolsv.exe
    H:\WINDOWS\Explorer.EXE
    H:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe
    H:\Program Files\PC Protection\Common\FSM32.EXE
    H:\Program Files\Common Files\Java\Java Update\jusched.exe
    H:\WINDOWS\system32\RUNDLL32.EXE
    H:\WINDOWS\RTHDCPL.EXE
    H:\WINDOWS\system32\ctfmon.exe
    H:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe
    H:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
    H:\Program Files\PC Protection\Common\FSMA32.EXE
    H:\Program Files\PC Protection\Anti-Virus\FSGK32.EXE
    H:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    H:\Program Files\Java\jre6\bin\jqs.exe
    H:\Program Files\PC Protection\Common\FSHDLL32.EXE
    H:\Program Files\Common Files\LightScribe\LSSrvc.exe
    H:\WINDOWS\system32\PnkBstrA.exe
    H:\WINDOWS\system32\PnkBstrB.exe
    H:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    H:\WINDOWS\system32\svchost.exe
    H:\Program Files\PC Protection\Anti-Virus\fssm32.exe
    H:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
    H:\WINDOWS\System32\svchost.exe
    H:\Program Files\PC Protection\Anti-Virus\fsav32.exe
    H:\WINDOWS\system32\wbem\wmiapsrv.exe
    H:\Program Files\Internet Explorer\IEXPLORE.EXE
    H:\Program Files\Internet Explorer\IEXPLORE.EXE
    H:\Program Files\Internet Explorer\IEXPLORE.EXE
    H:\WINDOWS\system32\DllHost.exe
    H:\Program Files\Internet Explorer\IEXPLORE.EXE
    H:\Program Files\Java\jre6\bin\java.exe
    H:\DOCUME~1\KYTTJ~1\LOCALS~1\Temp\fsonlinescanner.exe
    H:\DOCUME~1\KYTTJ~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
    H:\DOCUME~1\KYTTJ~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
    H:\Program Files\Internet Explorer\IEXPLORE.EXE
    H:\WINDOWS\system32\taskmgr.exe
    H:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - H:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - H:\Program Files\PC Protection\NRS\iescript\baselitmus.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - H:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - H:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - H:\Program Files\PC Protection\NRS\iescript\baselitmus.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] H:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [CreativeMS2020] H:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "H:\Program Files\PC Protection\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "H:\Program Files\PC Protection\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [CanonSolutionMenu] H:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] H:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [nwiz] H:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Google Sidewiki... - res://H:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
    O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll
    O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - H:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - H:\WINDOWS\system32\services.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - H:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - H:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - H:\Program Files\PC Protection\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - H:\Program Files\PC Protection\ORSP Client\fsorsp.exe
    O23 - Service: Windows Live -perheturvapalvelu (fsssvc) - Unknown owner - H:\Program Files\Windows Live\Family Safety\fsssvc.exe (file missing)
    O23 - Service: Google-päivityspalvelu (gupdate) (gupdate) - Unknown owner - H:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - H:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - H:\WINDOWS\system32\imapi.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - H:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - H:\WINDOWS\system32\services.exe
    O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - H:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Älykortti (SCardSvr) - Unknown owner - H:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - H:\WINDOWS\System32\vssvc.exe
    O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - H:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - H:\Program Files\Windows Media Player\WMPNetwk.exe

    --
    End of file - 11455 bytes




    Laitan Malwarebytesin sitten ku se on tarkistanu
     
  11. Jazzzi

    Jazzzi Member

    Liittynyt:
    16.09.2010
    Viestejä:
    37
    Kiitokset:
    0
    Pisteet:
    16
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Tietokantaversio: 4672

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    26.9.2010 9:09:48
    mbam-log-2010-09-26 (09-09-48).txt

    Tarkistustyyppi: Täysi tarkistus (H:\|)
    Tarkistettuja kohteita: 336906
    Kulunut aika: 1 tunti(a), 41 minuutti(a), 10 sekunti(a)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 0
    Saastuneita rekisteriavaimia: 0
    Saastuneita rekisteriarvoja: 0
    Saastuneita rekisterikohteita: 0
    Saastuneita kansioita: 0
    Saastuneita tiedostoja: 0

    Saastuneita muistiprosesseja:
    (Ei haitallisia kohteita)

    Saastuneita muistimoduuleja:
    (Ei haitallisia kohteita)

    Saastuneita rekisteriavaimia:
    (Ei haitallisia kohteita)

    Saastuneita rekisteriarvoja:
    (Ei haitallisia kohteita)

    Saastuneita rekisterikohteita:
    (Ei haitallisia kohteita)

    Saastuneita kansioita:
    (Ei haitallisia kohteita)

    Saastuneita tiedostoja:
    (Ei haitallisia kohteita)


    Mitäs nyt ku ei löydy mitään? Auttasko jos kiintolevyn pirstoutumisen eheyttäs ku sen ku tarkistaa ni se sanoo että tämä asema tulisi eheyttää ni eheytänkö ku voiko siellä olla joitain viiruksia?
    Sit myös oli tullu tapahtumien valvontaan monta virhettä sillä aikaa ku kahto viiruksia
    oli tullu joku DCOM ja sit Service Manager
    DCOM sisälsi: Palvelin {E60687F7-01A1-40AA-86AC-DB1CBF673334} ei rekisteröitynyt DCOM:n kanssa annetun ajan sisällä.
    Ja sit Service Manager: Palvelu Automaattiset päivitykset lopetettiin virheen takia. Virhe:
    Määritettyä osaa ei löydy.
     
  12. Jazzzi

    Jazzzi Member

    Liittynyt:
    16.09.2010
    Viestejä:
    37
    Kiitokset:
    0
    Pisteet:
    16
    Onko muuten normaali et ku yks netti on auki (IE) ni proseissa näkyy kaks ja et muistinkäyttö 190000+kt ja siin toisessaki on joku yli 110000kt? Nyt on auki kolme välilehtee ni näkyy et on 4 iexplore.exee. kaks on alle 35000kt koko ajan ja noi kaks sen yli 110000kt.
     
  13. Zo3L

    Zo3L Regular member

    Liittynyt:
    05.07.2010
    Viestejä:
    540
    Kiitokset:
    0
    Pisteet:
    26
    Luetaas nyt ne säännöt ennen kirjoittelua.

    "Lisäksi mikäli olet kirjoittanut viestiketjuun sen viimeisen viestin ja haluat täsmentää sanomaasi, muokkaa viestiä. Älä kirjoita uutta viestiä oman viestisi perään."

    Ehdotan lukemista, jos haluat olla saamatta banneja.

    *edit jatkossa raporttia, meidän hommia huomautella noista - Betrayed*
     
    Viimeksi muokattu: 26.09.2010
  14. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    .
    @Jazzzi

    Explore.exe ei pitäisi olla HJT logilla kuin kerran.
    vaikka sivuja olis useampi auki.
    Chrome on poikkeus tästä.

    Katsotaan hiukan syvemmältä. =>

    Ole hyvä ja lataa Combofix yhdestä alla olevista linkeistä:

    Linkki 3

    * TÄRKEÄÄ !!! Tallenna ComboFix.exe työpöydällesi

    * Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa.
    (ei palomuuria)
    * Tuplaklikkaa Combofix.exe ja noudata ohjeita.

    * Osana skannausta Combofix tarkistaa onko palautuskonsoli asennettuna. Nykypäivän haittaohjelmien takia on erittäin suositeltua olla asennettuna palautuskonsoli ennen haittaohjelmien poistoa. Windowsin palautuskonsoli mahdollistaa käynnistyksen erityiseen palautustilaan. Palautuskonsolin kautta voimme auttaa sinua helpommin mikäli haittaohjelmien poiston yhteydessä ilmenee ongelmia.

    * Seuraa ohjeita ja salli Combofixin ladata ja asentaa Microsoftin palautuskonsoli, ja kun pyydetään, hyväksy ohjelman takuuehdot asentaaksesi palautuskonsolin.

    **Huomaa: Jos palautuskonsoli on jo asennettuna, Combofix jatkaa eteenpäin.

    [​IMG]

    Kun Microsoftin palautuskonsoli on asennettu, sinun pitäisi nähdä seuraava viesti:

    [​IMG]

    Klikkaa Kyllä jatkaaksesi skannausta.

    Kun ComboFix on valmis, se luo raportin. Ole hyvä ja kopioi/liitä seuraavat raportit vastaukseesi:

    Varoitus: ÄLÄ aja ComboFixia ilman valvontaa. Se ei ole lelu ja sitä ei tule käyttää rutiininomaisesti päivittäin.

    Jos tarvitset apua, katso yksityiskohtaisempi ohje:
    http://www.bleepingcomputer.com/combofix/fi/combofixin-kayttoohje

    C:\ComboFix.txt
    Uusi HijackThis-loki


    :)
     
  15. Jazzzi

    Jazzzi Member

    Liittynyt:
    16.09.2010
    Viestejä:
    37
    Kiitokset:
    0
    Pisteet:
    16
    ComboFix 10-09-26.04 - Käyttäjä 27.09.2010 16:01:41.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.2047.1561 [GMT 3:00]
    Sijainti: h:\program files\Steam\ComboFix.exe
    AV: Secure It by F-Secure 9.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
    FW: Secure It by F-Secure 9.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2010-08-27 to 2010-09-27 )))))))))))))))))
    .

    2010-09-26 13:10 . 2010-09-26 13:10 -------- d-----w- h:\documents and settings\All Users\Application Data\XoftSpySE
    2010-09-24 12:34 . 2010-09-24 12:34 -------- d-----w- h:\program files\Speccy
    2010-09-24 12:23 . 2010-09-24 12:28 -------- d-----w- h:\program files\SpeedFan
    2010-09-22 15:13 . 2010-04-29 12:39 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-22 15:13 . 2010-04-29 12:39 20952 ----a-w- h:\windows\system32\drivers\mbam.sys
    2010-09-22 15:13 . 2010-09-22 15:13 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
    2010-09-22 14:54 . 2010-09-22 14:54 -------- d-----w- h:\program files\Trend Micro
    2010-09-22 14:23 . 2010-09-26 11:07 -------- d-----w- h:\windows\system32\NtmsData
    2010-09-14 05:52 . 2010-09-15 14:17 -------- d-----w- h:\program files\CCleaner
    2010-09-14 05:47 . 2008-10-23 09:42 290816 ----a-w- h:\windows\vncutil.exe
    2010-09-14 05:47 . 2009-02-03 08:35 35840 ----a-w- h:\windows\system32\RtkCoInstXP.dll
    2010-09-14 05:47 . 2008-06-24 06:46 104992 ----a-w- h:\windows\RtkAudioService.exe
    2010-09-14 05:47 . 2006-01-04 07:41 1389056 ----a-w- h:\windows\system32\drivers\Monfilt.sys
    2010-09-14 05:47 . 2008-08-05 12:10 1684736 ----a-w- h:\windows\system32\drivers\Ambfilt.sys
    2010-09-14 05:46 . 2010-09-14 05:46 -------- d-----w- H:\RaidTool
    2010-09-14 05:46 . 2009-02-05 07:53 53248 ----a-w- h:\windows\system32\CSVer.dll
    2010-09-14 05:42 . 2010-06-21 22:07 26216 ----a-w- h:\windows\system32\nvhdap32.dll
    2010-09-14 05:42 . 2010-06-21 22:07 232040 ----a-w- h:\windows\system32\nvcohda.dll
    2010-09-14 05:42 . 2010-06-21 22:07 91496 ----a-w- h:\windows\system32\drivers\nvhda32.sys
    2010-09-10 13:33 . 2008-04-14 16:12 116224 -c--a-w- h:\windows\system32\dllcache\xrxwiadr.dll
    2010-09-10 13:33 . 2008-04-14 16:12 18944 -c--a-w- h:\windows\system32\dllcache\xrxscnui.dll
    2010-09-10 13:33 . 2001-10-05 13:31 23040 -c--a-w- h:\windows\system32\dllcache\xrxwbtmp.dll
    2010-09-10 13:33 . 2001-10-05 13:32 27648 -c--a-w- h:\windows\system32\dllcache\xrxftplt.exe
    2010-09-10 13:33 . 2001-10-05 13:32 4608 -c--a-w- h:\windows\system32\dllcache\xrxflnch.exe
    2010-09-10 13:33 . 2001-08-18 03:37 99865 -c--a-w- h:\windows\system32\dllcache\xlog.exe
    2010-09-10 13:33 . 2001-08-17 17:11 16970 -c--a-w- h:\windows\system32\dllcache\xem336n5.sys
    2010-09-10 13:33 . 2004-08-03 19:29 19455 -c--a-w- h:\windows\system32\dllcache\wvchntxx.sys
    2010-09-10 13:33 . 2004-08-03 19:29 12063 -c--a-w- h:\windows\system32\dllcache\wsiintxx.sys
    2010-09-10 13:33 . 2008-04-13 18:36 8832 -c--a-w- h:\windows\system32\dllcache\wmiacpi.sys
    2010-09-10 13:33 . 2004-08-03 19:31 154624 -c--a-w- h:\windows\system32\dllcache\wlluc48.sys
    2010-09-10 13:33 . 2001-10-05 13:02 34890 -c--a-w- h:\windows\system32\dllcache\wlandrv2.sys
    2010-09-10 13:31 . 2001-08-17 18:28 794654 -c--a-w- h:\windows\system32\dllcache\usr1801.sys
    2010-09-10 13:30 . 2001-08-17 19:02 230912 -c--a-w- h:\windows\system32\dllcache\tosdvd03.sys
    2010-09-10 13:29 . 2001-10-05 12:45 16896 -c--a-w- h:\windows\system32\dllcache\stcusb.sys
    2010-09-10 13:28 . 2001-08-17 17:12 91294 -c--a-w- h:\windows\system32\dllcache\skfpwin.sys
    2010-09-10 13:27 . 2001-08-17 17:50 75392 -c--a-w- h:\windows\system32\dllcache\s3savmxm.sys
    2010-09-10 13:26 . 2001-10-05 13:31 41472 -c--a-w- h:\windows\system32\dllcache\qvusd.dll
    2010-09-10 13:25 . 2001-08-17 17:11 35328 -c--a-w- h:\windows\system32\dllcache\pcntpci5.sys
    2010-09-10 13:24 . 2001-08-17 17:20 126080 -c--a-w- h:\windows\system32\dllcache\nm5a2wdm.sys
    2010-09-10 13:23 . 2001-08-17 18:52 17280 -c--a-w- h:\windows\system32\dllcache\mraid35x.sys
    2010-09-10 13:22 . 2008-04-14 15:46 14720 -c--a-w- h:\windows\system32\dllcache\kbdhid.sys
    2010-09-10 13:21 . 2001-08-17 18:28 488383 -c--a-w- h:\windows\system32\dllcache\hsf_v124.sys
    2010-09-10 13:21 . 2001-08-17 18:28 50751 -c--a-w- h:\windows\system32\dllcache\hsf_tone.sys
    2010-09-10 13:21 . 2001-08-17 18:28 73279 -c--a-w- h:\windows\system32\dllcache\hsf_spkp.sys
    2010-09-10 13:21 . 2001-08-17 18:28 44863 -c--a-w- h:\windows\system32\dllcache\hsf_soar.sys
    2010-09-10 13:21 . 2001-08-17 18:28 57471 -c--a-w- h:\windows\system32\dllcache\hsf_samp.sys
    2010-09-10 13:21 . 2001-08-17 18:28 542879 -c--a-w- h:\windows\system32\dllcache\hsf_msft.sys
    2010-09-10 13:21 . 2001-08-17 18:28 391199 -c--a-w- h:\windows\system32\dllcache\hsf_k56k.sys
    2010-09-10 13:21 . 2001-10-05 13:31 9759 -c--a-w- h:\windows\system32\dllcache\hsf_inst.dll
    2010-09-10 13:21 . 2001-08-17 18:28 115807 -c--a-w- h:\windows\system32\dllcache\hsf_fsks.sys
    2010-09-10 13:21 . 2001-08-17 18:28 199711 -c--a-w- h:\windows\system32\dllcache\hsf_faxx.sys
    2010-09-10 13:21 . 2001-08-17 18:28 289887 -c--a-w- h:\windows\system32\dllcache\hsf_fall.sys
    2010-09-10 13:21 . 2001-08-17 18:28 67167 -c--a-w- h:\windows\system32\dllcache\hsf_bsc2.sys
    2010-09-10 13:21 . 2001-08-17 18:28 150239 -c--a-w- h:\windows\system32\dllcache\hsf_amos.sys
    2010-09-10 13:19 . 2001-10-05 13:31 92160 -c--a-w- h:\windows\system32\dllcache\fuusd.dll
    2010-09-10 13:18 . 2001-10-05 12:52 634134 -c--a-w- h:\windows\system32\dllcache\el656ct5.sys
    2010-09-10 13:17 . 2001-08-17 17:19 3584 -c--a-w- h:\windows\system32\dllcache\cwcosnt5.sys
    2010-09-10 13:16 . 2008-04-13 18:46 13696 -c--a-w- h:\windows\system32\dllcache\avcstrm.sys
    2010-09-07 14:27 . 2010-09-07 14:27 -------- d-----w- h:\documents and settings\All Users\Application Data\NVIDIA Corporation
    2010-09-07 14:27 . 2010-09-14 05:40 232968 ----a-w- h:\windows\system32\nvdrsdb0.bin
    2010-09-07 14:27 . 2010-09-14 05:40 1 ----a-w- h:\windows\system32\nvdrssel.bin
    2010-09-07 14:27 . 2010-09-14 05:39 232968 ----a-w- h:\windows\system32\nvdrsdb1.bin
    2010-09-07 14:26 . 2010-07-09 22:38 61440 ----a-w- h:\windows\system32\OpenCL.dll
    2010-09-07 14:26 . 2010-07-09 22:38 2506344 ----a-w- h:\windows\system32\nvcuvenc.dll
    2010-09-07 14:26 . 2010-07-09 22:38 2195030 ----a-w- h:\windows\system32\nvdata.bin
    2010-09-07 14:26 . 2010-07-09 22:38 10260480 ----a-w- h:\windows\system32\nvcompiler.dll
    2010-09-07 13:55 . 2010-09-07 13:55 -------- d-----w- h:\program files\SystemRequirementsLab
    2010-09-05 09:10 . 2010-09-10 13:27 -------- d-----w- h:\documents and settings\All Users\Application Data\Alwil Software

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-27 12:46 . 2009-02-11 12:26 -------- d-----w- h:\program files\Steam
    2010-09-24 14:55 . 2010-09-24 14:55 43629 ----a-w- h:\program files\userbar824406.gif
    2010-09-22 13:23 . 2008-04-22 03:25 -------- d-----w- h:\program files\Common Files\Adobe
    2010-09-22 13:15 . 2010-05-31 12:06 -------- d-----w- h:\program files\Adobe Media Player
    2010-09-16 15:47 . 2007-11-09 16:02 -------- d-----w- h:\program files\hp deskjet 656c series
    2010-09-16 15:08 . 2007-11-09 16:01 -------- d-----w- h:\program files\Hewlett-Packard
    2010-09-16 15:05 . 2007-10-12 11:39 -------- d--h--w- h:\program files\InstallShield Installation Information
    2010-09-14 05:47 . 2007-10-12 11:39 -------- d-----w- h:\program files\Realtek
    2010-09-07 14:31 . 2010-08-24 14:11 -------- d-----w- h:\program files\NVIDIA Corporation
    2010-09-07 14:29 . 2010-01-17 12:50 -------- d-----w- h:\program files\Common Files\Wise Installation Wizard
    2010-09-03 13:27 . 2009-11-18 15:17 -------- d-----w- h:\documents and settings\All Users\Application Data\CanonIJPLM
    2010-09-03 13:02 . 2009-07-15 05:47 -------- d-----w- h:\program files\Microsoft Silverlight
    2010-08-31 11:56 . 2009-07-15 05:36 41624 ----a-w- h:\windows\system32\drivers\fsbts.sys
    2010-08-28 14:44 . 2008-01-05 10:29 -------- d-----w- h:\program files\Common Files\Java
    2010-08-28 14:44 . 2008-01-05 10:29 -------- d-----w- h:\program files\Java
    2010-08-28 06:12 . 2009-07-07 12:41 -------- d-----w- h:\program files\EA GAMES
    2010-08-27 14:03 . 2009-10-03 14:07 -------- d-----w- h:\program files\pelit
    2010-08-27 13:58 . 2008-09-22 11:01 -------- d-----w- h:\program files\IObit
    2010-08-22 11:29 . 2010-08-22 11:24 -------- d-----w- h:\program files\Mopokorttikoulu
    2010-08-22 05:31 . 2010-08-22 05:33 40230 ----a-w- h:\program files\THE_black_night.jpg
    2010-08-17 13:17 . 2006-03-02 12:00 58880 ----a-w- h:\windows\system32\spoolsv.exe
    2010-08-13 16:48 . 2006-03-02 12:00 90312 ----a-w- h:\windows\system32\perfc00B.dat
    2010-08-13 16:48 . 2006-03-02 12:00 425770 ----a-w- h:\windows\system32\perfh00B.dat
    2010-08-09 13:37 . 2010-08-09 13:37 63488 ----a-w- h:\windows\xobglu16.dll
    2010-08-09 13:37 . 2010-08-09 13:37 23552 ----a-w- h:\windows\xobglu32.dll
    2010-07-22 15:46 . 2006-03-02 12:00 590848 ----a-w- h:\windows\system32\rpcrt4.dll
    2010-07-22 06:19 . 2008-05-05 04:25 5120 ----a-w- h:\windows\system32\xpsp4res.dll
    2010-07-17 02:00 . 2010-07-15 10:45 423656 ----a-w- h:\windows\system32\deployJava1.dll
    2010-07-09 22:38 . 2009-03-27 21:03 4595712 ----a-w- h:\windows\system32\nvcuda.dll
    2010-07-09 22:38 . 2009-03-27 21:03 2914408 ----a-w- h:\windows\system32\nvcuvid.dll
    2010-07-09 22:38 . 2007-10-12 11:52 604776 ----a-w- h:\windows\system32\nvudisp.exe
    2010-07-09 22:38 . 2007-09-16 22:07 6343040 ----a-w- h:\windows\system32\nv4_disp.dll
    2010-07-09 22:38 . 2007-09-16 22:07 236136 ----a-w- h:\windows\system32\nvcodins.dll
    2010-07-09 22:38 . 2007-09-16 22:07 236136 ----a-w- h:\windows\system32\nvcod.dll
    2010-07-09 22:38 . 2007-09-16 22:07 1388544 ----a-w- h:\windows\system32\nvapi.dll
    2010-07-09 22:38 . 2007-09-16 22:07 13549568 ----a-w- h:\windows\system32\nvoglnt.dll
    2010-07-09 22:38 . 2007-09-16 22:07 10604128 ----a-w- h:\windows\system32\drivers\nv4_mini.sys
    2010-07-07 10:46 . 2007-10-12 11:52 604776 ----a-w- h:\windows\system32\NVUNINST.EXE
    2010-06-30 12:32 . 2006-03-02 12:00 149504 ----a-w- h:\windows\system32\schannel.dll
    2010-05-17 14:52 . 2010-01-01 07:34 262162 ----a-w- h:\program files\name.tga
    2010-05-17 14:52 . 2009-12-31 13:47 262162 ----a-w- h:\program files\name_floyd.tga
    2010-05-12 11:59 . 2010-05-12 11:59 13824 --sha-w- h:\program files\Thumbs.db
    2010-03-12 14:51 . 2010-03-12 14:51 147637 ----a-w- h:\program files\jf.jpg
    2010-03-12 14:49 . 2010-03-12 14:46 504058 ----a-w- h:\program files\transformers2_jazz_wallpaper_3.jpg
    2010-03-12 14:45 . 2010-03-12 14:45 13777 ----a-w- h:\program files\Jazz2.jpg
    2010-03-12 14:40 . 2010-03-12 14:40 193261 ----a-w- h:\program files\Jazz.jpg
    2008-12-13 11:38 . 2008-12-13 11:38 2402320 ----a-w- h:\program files\WLinstaller.exe
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-09-14_06.38.54 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2006-12-01 21:46 . 2006-12-01 21:46 65536 h:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
    + 2006-12-01 21:08 . 2006-12-01 21:08 49152 h:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
    + 2006-12-01 21:08 . 2006-12-01 21:08 49152 h:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
    + 2006-12-01 21:08 . 2006-12-01 21:08 61440 h:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
    + 2006-12-01 21:08 . 2006-12-01 21:08 61440 h:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
    + 2006-12-01 21:08 . 2006-12-01 21:08 61440 h:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
    + 2006-12-01 21:08 . 2006-12-01 21:08 57344 h:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
    + 2006-12-01 21:08 . 2006-12-01 21:08 65536 h:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
    + 2006-12-01 21:08 . 2006-12-01 21:08 45056 h:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
    + 2006-12-01 21:08 . 2006-12-01 21:08 40960 h:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
    + 2006-12-01 21:26 . 2006-12-01 21:26 57856 h:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
    + 2006-12-01 21:25 . 2006-12-01 21:25 69632 h:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
    + 2006-12-01 19:56 . 2006-12-01 19:56 96256 h:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
    + 2010-09-27 12:58 . 2010-09-27 12:58 16384 h:\windows\temp\Perflib_Perfdata_650.dat
    + 2006-03-02 12:00 . 2010-08-17 13:17 58880 h:\windows\system32\dllcache\spoolsv.exe
    + 2010-09-15 14:40 . 2010-09-15 14:40 12800 h:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    - 2010-08-27 11:49 . 2010-08-27 11:49 12800 h:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    + 2010-09-15 14:40 . 2010-09-15 14:40 53248 h:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    - 2010-08-27 11:49 . 2010-08-27 11:49 53248 h:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2006-09-24 13:28 . 2006-09-24 13:28 5248 h:\windows\system32\speedfan.sys
    + 1996-04-03 19:33 . 1996-04-03 19:33 5248 h:\windows\system32\giveio.sys
    - 2006-03-02 12:00 . 2008-04-14 16:11 293376 h:\windows\system32\winsrv.dll
    + 2006-03-02 12:00 . 2010-06-18 17:47 293376 h:\windows\system32\winsrv.dll
    - 2006-03-02 12:00 . 2008-04-14 16:11 406016 h:\windows\system32\usp10.dll
    + 2006-03-02 12:00 . 2010-04-16 15:38 406016 h:\windows\system32\usp10.dll
    - 2006-10-18 19:47 . 2006-10-18 19:47 317440 h:\windows\system32\MP4SDECD.dll
    + 2006-10-18 19:47 . 2010-03-30 09:24 317440 h:\windows\system32\mp4sdecd.dll
    + 2010-09-22 13:11 . 2010-09-22 13:11 232912 h:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
    + 2010-09-22 13:11 . 2010-09-22 13:11 311760 h:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.dll
    + 2007-10-12 11:10 . 2010-06-09 07:44 692736 h:\windows\system32\inetcomm.dll
    + 2006-03-02 12:00 . 2010-06-18 17:47 293376 h:\windows\system32\dllcache\winsrv.dll
    - 2006-03-02 12:00 . 2008-04-14 16:11 293376 h:\windows\system32\dllcache\winsrv.dll
    - 2006-03-02 12:00 . 2008-04-14 16:11 406016 h:\windows\system32\dllcache\usp10.dll
    + 2006-03-02 12:00 . 2010-04-16 15:38 406016 h:\windows\system32\dllcache\usp10.dll
    + 2006-03-02 12:00 . 2010-07-22 15:46 590848 h:\windows\system32\dllcache\rpcrt4.dll
    + 2010-03-30 09:24 . 2010-03-30 09:24 317440 h:\windows\system32\dllcache\mp4sdecd.dll
    + 2007-10-12 11:10 . 2010-06-09 07:44 692736 h:\windows\system32\dllcache\inetcomm.dll
    + 2010-09-15 14:39 . 2010-09-15 14:39 331264 h:\windows\Installer\2666991.msi
    + 2010-02-10 04:24 . 2010-02-10 04:24 284048 h:\windows\Downloaded Program Files\rufsi.dll
    + 2010-09-15 14:40 . 2010-09-15 14:40 223232 h:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    - 2010-08-27 11:49 . 2010-08-27 11:49 223232 h:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    - 2010-08-27 11:49 . 2010-08-27 11:49 178176 h:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    + 2010-09-15 14:40 . 2010-09-15 14:40 178176 h:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    + 2010-09-15 14:40 . 2010-09-15 14:40 364544 h:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    - 2010-08-27 11:49 . 2010-08-27 11:49 364544 h:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    + 2010-09-15 14:40 . 2010-09-15 14:40 159232 h:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    - 2010-08-27 11:49 . 2010-08-27 11:49 159232 h:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    - 2010-08-27 11:49 . 2010-08-27 11:49 145920 h:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    + 2010-09-15 14:40 . 2010-09-15 14:40 145920 h:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    - 2010-08-27 11:49 . 2010-08-27 11:49 578560 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2010-09-15 14:40 . 2010-09-15 14:40 578560 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2010-08-27 11:49 . 2010-08-27 11:49 578560 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2010-09-15 14:40 . 2010-09-15 14:40 578560 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2010-09-15 14:40 . 2010-09-15 14:40 577536 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2010-08-27 11:49 . 2010-08-27 11:49 577536 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2010-09-15 14:40 . 2010-09-15 14:40 577536 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2010-08-27 11:49 . 2010-08-27 11:49 577536 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2010-09-15 14:40 . 2010-09-15 14:40 577024 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2010-08-27 11:49 . 2010-08-27 11:49 577024 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2010-09-15 14:40 . 2010-09-15 14:40 576000 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2010-08-27 11:49 . 2010-08-27 11:49 576000 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2010-08-27 11:48 . 2010-08-27 11:48 567296 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2010-09-15 14:40 . 2010-09-15 14:40 567296 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2010-08-27 11:48 . 2010-08-27 11:48 563712 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2010-09-15 14:40 . 2010-09-15 14:40 563712 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2010-09-15 14:40 . 2010-09-15 14:40 473600 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    - 2010-08-27 11:49 . 2010-08-27 11:49 473600 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2006-12-01 21:25 . 2006-12-01 21:25 1093120 h:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
    + 2006-12-01 21:25 . 2006-12-01 21:25 1101824 h:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
    + 2010-09-22 14:54 . 2010-09-22 14:54 1094656 h:\windows\Installer\616a1f.msi
    + 2010-09-15 14:40 . 2010-09-15 14:40 2846720 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2010-08-27 11:48 . 2010-08-27 11:48 2846720 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2010-08-27 11:48 . 2010-08-27 11:48 2676224 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2010-09-15 14:40 . 2010-09-15 14:40 2676224 h:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2007-10-12 12:06 . 2010-09-27 12:09 35552200 h:\windows\system32\MRT.exe
    .
    -- Snapshot nollattu tähän hetkeen --
    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="h:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
    "36X Raid Configurer"="h:\windows\system32\xRaidSetup.exe" [2007-03-28 1953792]
    "NeroFilterCheck"="h:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "CreativeMS2020"="h:\program files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe" [2006-05-09 143360]
    "F-Secure Manager"="h:\program files\PC Protection\Common\FSM32.EXE" [2009-08-05 199264]
    "F-Secure TNB"="h:\program files\PC Protection\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
    "CanonSolutionMenu"="h:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
    "CanonMyPrinter"="h:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
    "Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="h:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "SunJavaUpdateSched"="h:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "nwiz"="h:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
    "NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
    "NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
    "RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-10-25 04:19 68856 ----a-w- h:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "h:\\Program Files\\Steam\\Steam.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "h:\\Program Files\\Midway Games\\Rise and Fall\\RiseAndFall.exe"=
    "h:\\Program Files\\Steam\\SteamApps\\alleyin\\source dedicated server\\srcds.exe"=
    "h:\\Program Files\\Messenger\\msmsgs.exe"=
    "h:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"=
    "h:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
    "h:\\Program Files\\VideoLAN\\utorrent.exe"=
    "h:\\Program Files\\Ubisoft\\Techland\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
    "h:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "h:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
    "h:\\Program Files\\Steam\\SteamApps\\alleyin\\pirates, vikings, and knights ii\\hl2.exe"=
    "h:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "h:\\Program Files\\League of Legends\\Air\\LolClient.exe"=
    "h:\\Program Files\\League of Legends\\Game\\League of Legends.exe"=
    "h:\\Program Files\\Steam\\SteamApps\\alleyin\\condition zero\\hl.exe"=
    "h:\\Program Files\\Steam\\SteamApps\\alleyin\\ricochet\\hl.exe"=
    "h:\\Program Files\\Steam\\SteamApps\\common\\transformers war for cybertron\\Binaries\\TWFC.exe"=
    "h:\\Program Files\\Steam\\SteamApps\\common\\alien swarm\\srcds.exe"=
    "h:\\Program Files\\Steam\\SteamApps\\common\\alien swarm\\swarm.exe"=
    "h:\\Program Files\\Steam\\SteamApps\\alleyin\\counter-strike source\\hl2.exe"=
    "h:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
    "h:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
    "h:\\Program Files\\Steam\\SteamApps\\alleyin\\counter-strike\\hl.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "56406:TCP"= 56406:TCP:pando Media Booster
    "56406:UDP"= 56406:UDP:pando Media Booster
    "58651:TCP"= 58651:TCP:pando Media Booster
    "58651:UDP"= 58651:UDP:pando Media Booster
    "8394:TCP"= 8394:TCP:League of Legends Launcher
    "8394:UDP"= 8394:UDP:League of Legends Launcher
    "6947:TCP"= 6947:TCP:League of Legends Launcher
    "6947:UDP"= 6947:UDP:League of Legends Launcher
    "6977:TCP"= 6977:TCP:League of Legends Launcher
    "6977:UDP"= 6977:UDP:League of Legends Launcher
    "6985:TCP"= 6985:TCP:League of Legends Launcher
    "6985:UDP"= 6985:UDP:League of Legends Launcher
    "6970:TCP"= 6970:TCP:League of Legends Launcher
    "6970:UDP"= 6970:UDP:League of Legends Launcher

    R0 fsbts;fsbts;h:\windows\system32\drivers\fsbts.sys [15.7.2009 8:36 41624]
    R0 FSFW;F-Secure Firewall Driver;h:\windows\system32\drivers\fsdfw.sys [15.7.2009 8:36 80000]
    R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);h:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 15:46 63352]
    R1 F-Secure HIPS;F-Secure HIPS Driver;h:\program files\PC Protection\HIPS\drivers\fshs.sys [15.7.2009 8:36 68064]
    R3 ctms2020;Creative HID USB Filter Driver1;h:\windows\system32\drivers\ctms2020.sys [1.7.2008 15:50 8914]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;h:\program files\PC Protection\Anti-Virus\minifilter\fsgk.sys [15.7.2009 8:35 124072]
    R3 FSORSPClient;F-Secure ORSP Client;h:\program files\PC Protection\ORSP Client\fsorsp.exe [15.7.2009 8:36 58024]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;h:\windows\system32\drivers\nvhda32.sys [14.9.2010 8:42 91496]
    S2 gupdate;Google-päivityspalvelu (gupdate);h:\program files\Google\Update\GoogleUpdate.exe [18.10.2009 7:42 133104]
    S3 ALSysIO;ALSysIO;\??\h:\docume~1\KYTTJ~1\LOCALS~1\Temp\ALSysIO.sys --> h:\docume~1\KYTTJ~1\LOCALS~1\Temp\ALSysIO.sys [?]
    S3 Ambfilt;Ambfilt;h:\windows\system32\drivers\Ambfilt.sys [14.9.2010 8:47 1684736]
    S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;h:\docume~1\KYTTJ~1\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe --> h:\docume~1\KYTTJ~1\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe [?]
    S3 npggsvc;nProtect GameGuard Service;h:\windows\system32\GameMon.des -service --> h:\windows\system32\GameMon.des -service [?]
    S3 SCREAMINGBDRIVER;Screaming Bee Audio;h:\windows\system32\drivers\ScreamingBAudio.sys [6.4.2009 13:19 23064]
    S3 XDva349;XDva349;\??\h:\windows\system32\XDva349.sys --> h:\windows\system32\XDva349.sys [?]
    S4 F-Secure Filter;F-Secure File System Filter;h:\program files\PC Protection\Anti-Virus\win2k\fsfilter.sys [15.7.2009 8:35 39776]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;h:\program files\PC Protection\Anti-Virus\win2k\fsrec.sys [15.7.2009 8:35 25184]
    S4 sptd;sptd;h:\windows\system32\drivers\sptd.sys [24.5.2010 6:43 691696]
    .
    'Ajoitetut tehtävät'-kansion sisältö

    2010-09-27 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - h:\program files\Google\Update\GoogleUpdate.exe [2009-10-18 04:42]

    2010-09-27 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - h:\program files\Google\Update\GoogleUpdate.exe [2009-10-18 04:42]
    .
    .
    ------- Täydentävä tarkistus -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE: Google Sidewiki... - h:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    .
    - - - - POISTETUT JÄMÄRIVIT - - - -

    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
    MSConfigStartUp-MsnMsgr - h:\program files\Windows Live\Messenger\msnmsgr.exe
    AddRemove-WinLiveSuite_Wave3 - h:\program files\Windows Live\Installer\wlarp.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-27 16:10
    Windows 5.1.2600 Service Pack 3 NTFS

    tarkistaa piilotettuja prosesseja ...

    tarkistaa piilotettuja käynnistysarvoja ...

    tarkistaa piilotettuja tiedostoja ...

    tarkistus on valmis
    piilotetut tiedostot: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A78FE60]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
    \Driver\ACPI -> ACPI.sys @ 0xf75aecb8
    \Driver\atapi -> 0x8a78fe60
    IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
    ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
    ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
    NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.SYS @ 0xf7880bd4
    PacketIndicateHandler -> NDIS.SYS @ 0xf786ea0d
    SendHandler -> NDIS.SYS @ 0xf7882b40
    Warning: possible MBR rootkit infection !
    user & kernel MBR OK

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
    "ImagePath"="h:\windows\system32\GameMon.des -service"
    .
    --------------------- LUKITUT REKISTERIAVAIMET ---------------------

    [HKEY_USERS\S-1-5-21-1123561945-1960408961-725345543-1004\Software\SecuROM\License information*]
    "datasecu"=hex:6c,21,ee,c7,84,d5,8d,98,31,e5,18,ea,cc,08,78,b6,9f,ec,3d,f9,d1,
    b3,37,61,7c,a8,35,89,34,59,fa,ea,56,72,d4,a2,b2,41,a6,54,49,c9,03,54,79,e3,\
    "rkeysecu"=hex:12,e0,02,aa,7c,d5,d0,7d,89,5d,6b,4f,6b,f2,3a,7b

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@h:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="h:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\�•€|ÿÿÿÿ"•€|þ»Ów*]
    "b049C053C7D38EE4AB9A00CB3B5D2472"="H?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
    .
    --------------------- Prosesseihin ladatut DLLt ---------------------

    - - - - - - - > 'winlogon.exe'(628)
    h:\program files\pc protection\hips\fshook32.dll

    - - - - - - - > 'lsass.exe'(684)
    h:\program files\pc protection\hips\fshook32.dll
    .
    Valmistumisajankohta: 2010-09-27 16:12:19
    ComboFix-quarantined-files.txt 2010-09-27 13:12
    ComboFix2.txt 2010-09-14 06:40

    Ennen ajoa: 153 739 755 520 tavua vapaana
    Ajon jälkeen: 154 176 765 952 tavua vapaana

    WindowsXP-KB310994-SP2-Home-BootDisk-FIN.EXE
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - A07C1EA2AE341C5B148A7FA81CFFBB70

    Suoritin ilman nettii ComboFixin et tuski haittas mitään?
     
  16. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    .
    Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
    Vistassa (7) Ohjelmat ja toiminnot
    Etsi ja poista ohjelma jonka nimessä on:

    Google Toolbar

    -----------------------------------------------------------

    Lataa mbr.exe työpöydällesi. => TÄÄLTÄ

    Tai C:\ juureen ja aja se CMD ikkunassa johon pääset
    käsksi Käynnistävalikosta.

    Tuplaklikkaa mbr.exeä ja seuraa ohjeita.

    Kun mbr.exe on valmis, se luo lokin. Lähetä tämän lokin sisältö seuraavassa viestissäsi.

    -----------------------------------------------------------------------

    * Lataa OTM by OldTimer.
    * Tallenna se työpöydällesi.
    * Tuplaklikkaa OTM.exe käynnistääksesi sen.
    * Kopioi (CTRL+C) alla olevasta laatikosta kaikki teksti.
    Koodi:
    :Processes
    explorer.exe
    :files 
    h:\program files\jf.jpg
    h:\program files\Thumbs.db
    h:\program files\userbar824406.gif
    h:\documents and settings\All Users\Application Data\Alwil Software
    h:\program files\Jazz2.jpg
    h:\program files\Jazz.jpg
    h:\program files\transformers2_jazz_wallpaper_3.jpg
    h:\windows\Installer\2666991.msi
    h:\windows\Installer\616a1f.msi
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [start explorer]
    [Reboot]
    
    * Palaa takaisin OtmoveIt3, paina oikeanpuoleista hiiren nappia Paste Instructions for Items to be Move-ikkunassa (Keltaisen palkin alla) ja paina Liitä.
    * Paina punaista MoveIt! -nappia.
    * Kopioi (CTRL+C) ja liitä (CTRL+V) Results-ikkunaan (Vihreän palkin alla) tullut teksti seuraavaan viestiisi.
    * Sulje OTM.

    Jos jotain tiedostoa/kansiota ei voitu siirtää heti, ohjelma ehdottaa koneen uudelleenkäynnistystä. Vastaa ehdotukseen Yes, jolloin OtMoveIt käynnistää koneesi uudelleen.

    *********************************************************

    Poista ne rivit jotka ovat vielä jäljellä:

    Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
    Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot
    (HJT sammuttaa ohjelman ei poista)

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [nwiz] H:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

    sekä sammuta ne.(fix Chekked) napista.

    ----------------------------------------------------

    Tyhjennä roskakori ja Käynnistä koneesi uudelleen.

    Poista kansio/t, jos löytyy:
    H:\Program Files\Google\Google Toolbar
    H:\Program Files\Google\GoogleToolbarNotifier\

    Postita tänne seuraavat lokit:
    * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
    * MBR raportti
    * OTMoveIt logi.
    * Mikätilanne ???
    *
    :)
     
  17. Jazzzi

    Jazzzi Member

    Liittynyt:
    16.09.2010
    Viestejä:
    37
    Kiitokset:
    0
    Pisteet:
    16
    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK



    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== FILES ==========
    h:\program files\jf.jpg moved successfully.
    h:\program files\Thumbs.db moved successfully.
    h:\program files\userbar824406.gif moved successfully.
    h:\documents and settings\All Users\Application Data\Alwil Software folder moved successfully.
    h:\program files\Jazz2.jpg moved successfully.
    h:\program files\Jazz.jpg moved successfully.
    h:\program files\transformers2_jazz_wallpaper_3.jpg moved successfully.
    h:\windows\Installer\2666991.msi moved successfully.
    h:\windows\Installer\616a1f.msi moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41620 bytes

    User: Järjestelmänvalvoja
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Käyttäjä
    ->Temp folder emptied: 8971043 bytes
    ->Temporary Internet Files folder emptied: 9351874 bytes
    ->Java cache emptied: 31654 bytes
    ->FireFox cache emptied: 32768 bytes
    ->Flash cache emptied: 49254 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2148382 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16384 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 20,00 mb


    OTM by OldTimer - Version 3.1.16.1 log created on 09272010_180133

    Files moved on Reboot...
    H:\Documents and Settings\Käyttäjä\Local Settings\Temp\Google Toolbar\GoogleToolbarWelcome.log moved successfully.
    File H:\Documents and Settings\Käyttäjä\Local Settings\Temp\Google Toolbar\inu11.tmp not found!
    File H:\Documents and Settings\Käyttäjä\Local Settings\Temp\Google Toolbar\inu12.tmp not found!
    File H:\Documents and Settings\Käyttäjä\Local Settings\Temp\Google Toolbar\inu13.tmp not found!
    File H:\Documents and Settings\Käyttäjä\Local Settings\Temp\Google Toolbar\inu14.tmp not found!
    File H:\Documents and Settings\Käyttäjä\Local Settings\Temp\Google Toolbar\inuE.tmp not found!
    File H:\Documents and Settings\Käyttäjä\Local Settings\Temp\~DFAA72.tmp not found!
    File H:\Documents and Settings\Käyttäjä\Local Settings\Temp\~DFAB3E.tmp not found!
    File H:\Documents and Settings\Käyttäjä\Local Settings\Temp\~DFBD9A.tmp not found!
    File H:\Documents and Settings\Käyttäjä\Local Settings\Temp\~DFBE5A.tmp not found!
    File H:\Documents and Settings\Käyttäjä\Local Settings\Temp\~DFBFDF.tmp not found!
    File H:\Documents and Settings\Käyttäjä\Local Settings\Temp\~DFC0B8.tmp not found!
    H:\Documents and Settings\Käyttäjä\Local Settings\Temporary Internet Files\Content.IE5\SC5K61AF\ads[3].htm moved successfully.
    H:\Documents and Settings\Käyttäjä\Local Settings\Temporary Internet Files\Content.IE5\SC5K61AF\kone_tilttaa-_hjt-868413[1].htm moved successfully.
    H:\Documents and Settings\Käyttäjä\Local Settings\Temporary Internet Files\Content.IE5\SC5K61AF\_newsfeed[1].htm moved successfully.
    H:\Documents and Settings\Käyttäjä\Local Settings\Temporary Internet Files\Content.IE5\QJUMVD31\ads[3].htm moved successfully.
    H:\Documents and Settings\Käyttäjä\Local Settings\Temporary Internet Files\Content.IE5\QJUMVD31\kone_tilttaa-_hjt-868413[1].htm moved successfully.
    H:\Documents and Settings\Käyttäjä\Local Settings\Temporary Internet Files\Content.IE5\900EEGQ1\imp[2].htm moved successfully.
    H:\Documents and Settings\Käyttäjä\Local Settings\Temporary Internet Files\Content.IE5\900EEGQ1\imp[4].htm moved successfully.
    H:\Documents and Settings\Käyttäjä\Local Settings\Temporary Internet Files\Content.IE5\8IO6R5SO\00000000[1].htm moved successfully.
    H:\Documents and Settings\Käyttäjä\Local Settings\Temporary Internet Files\Content.IE5\8IO6R5SO\afr[1].htm moved successfully.
    H:\Documents and Settings\Käyttäjä\Local Settings\Temporary Internet Files\Content.IE5\8IO6R5SO\afr[2].htm moved successfully.
    H:\Documents and Settings\Käyttäjä\Local Settings\Temporary Internet Files\Content.IE5\8IO6R5SO\imp[2].htm moved successfully.
    H:\Documents and Settings\Käyttäjä\Local Settings\Temporary Internet Files\Content.IE5\8IO6R5SO\imp[6].htm moved successfully.
    H:\Documents and Settings\Käyttäjä\Local Settings\Temporary Internet Files\Content.IE5\8IO6R5SO\_newsfeed[1].htm moved successfully.
    H:\Documents and Settings\Käyttäjä\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:33:32, on 27.9.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\nvsvc32.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\system32\spoolsv.exe
    H:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
    H:\Program Files\PC Protection\Common\FSMA32.EXE
    H:\Program Files\PC Protection\Anti-Virus\FSGK32.EXE
    H:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    H:\Program Files\Java\jre6\bin\jqs.exe
    H:\Program Files\Common Files\LightScribe\LSSrvc.exe
    H:\Program Files\PC Protection\Common\FSHDLL32.EXE
    H:\WINDOWS\system32\PnkBstrA.exe
    H:\WINDOWS\system32\PnkBstrB.exe
    H:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    H:\WINDOWS\Explorer.EXE
    H:\WINDOWS\system32\svchost.exe
    H:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
    H:\WINDOWS\system32\wbem\wmiapsrv.exe
    H:\Program Files\PC Protection\Anti-Virus\fssm32.exe
    H:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe
    H:\Program Files\PC Protection\Common\FSM32.EXE
    H:\WINDOWS\system32\RUNDLL32.EXE
    H:\WINDOWS\system32\ctfmon.exe
    H:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe
    H:\Program Files\PC Protection\Anti-Virus\fsav32.exe
    H:\WINDOWS\System32\svchost.exe
    H:\Program Files\Internet Explorer\IEXPLORE.EXE
    H:\Program Files\Internet Explorer\IEXPLORE.EXE
    H:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - H:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - H:\Program Files\PC Protection\NRS\iescript\baselitmus.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - H:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - H:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
    O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - H:\Program Files\PC Protection\NRS\iescript\baselitmus.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] H:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [CreativeMS2020] H:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "H:\Program Files\PC Protection\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "H:\Program Files\PC Protection\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [CanonSolutionMenu] H:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] H:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Google Sidewiki... - res://H:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
    O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll
    O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - H:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - H:\WINDOWS\system32\services.exe
    O23 - Service: F-Secure BlackLight Sensor - Unknown owner - H:\DOCUME~1\KYTTJ~1\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - H:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - H:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - H:\Program Files\PC Protection\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - H:\Program Files\PC Protection\ORSP Client\fsorsp.exe
    O23 - Service: Windows Live -perheturvapalvelu (fsssvc) - Unknown owner - H:\Program Files\Windows Live\Family Safety\fsssvc.exe (file missing)
    O23 - Service: Google-päivityspalvelu (gupdate) (gupdate) - Unknown owner - H:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - H:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - H:\WINDOWS\system32\imapi.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - H:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - H:\WINDOWS\system32\services.exe
    O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - H:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Älykortti (SCardSvr) - Unknown owner - H:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - H:\WINDOWS\System32\vssvc.exe
    O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - H:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - H:\Program Files\Windows Media Player\WMPNetwk.exe

    --
    End of file - 10088 bytes
     
    Viimeksi muokattu: 27.09.2010
  18. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    .
    Haitakkeista alkaa olla puhdas.

    ************************************************************************

    Kirjoita windowsin käynnistävalikon suorita-kenttään Combofix /uninstall paina OK

    ********************************************************

    Seuraavaksi poistamme kaikki käytetyt työkalut roskineen.

    * TuplaklikkaaOTM.exe.
    * Klikkaa CleanUp!.
    * Valitse Yes kun kysytään "Begin cleanup Process?".
    * Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.
    * OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

    HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

    Se Tiltti onko se Nettipeleissä vai Omalla koneella ???
    :)
     
  19. Jazzzi

    Jazzzi Member

    Liittynyt:
    16.09.2010
    Viestejä:
    37
    Kiitokset:
    0
    Pisteet:
    16
    Aina ku pelaan omia pelejä Steamissa tai sisko pelaa muumia

    Tiltti tulee vielä ja nyt ku resetin ni tuli BSOD jos luki Stop: 0x0000008E ja pikaisen googletuksen avulla tuli microsoftin tuki sivu jossa luki et tuo voi tulla jos koneeseen on tullut HaxDoor.
     
  20. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    .
    Tuskin siellä on.

    Lataa ja pura kansioon H:\HaxDoor => TÄMÄ

    Mene Käynnistä => Suorita cmd ja OK
    Mustaan laatikkoon kirjoitat tai kopioit H:\HaxDoor\HXDRemove_fi.exe ja Entteriä.

    Ruutuun tulee lopuxi texti mitä löytyi.
    :)
     
  21. Jazzzi

    Jazzzi Member

    Liittynyt:
    16.09.2010
    Viestejä:
    37
    Kiitokset:
    0
    Pisteet:
    16
    No ei ollu :) Mut oon unohtanu kertoo että mulle on tullu toinenki BSOD siin oli IRLQ_NOT_LESS_OR_EQUAL STOP: 0X0000000A ja sen kuulema aiheuttaa jokin joka ei käy jonkun kanssa yhteen mutta toi on tullu vaan kahesti (eka kerral välähti vaan). Et voiko joku väärin asentunu ohjelma aiheuttaa ton ja onko se GameMon.des joku viirus ku toi oli siin ComboFixin logissa? Mihin Windows tartteis ees tommosta?
     

Jaa tämä sivu