1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Vundo plus jotain muuta

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi EDYSTERi 10.09.2008.

  1. EDYSTERi

    EDYSTERi Member

    Liittynyt:
    31.05.2008
    Viestejä:
    0
    Kiitokset:
    0
    Pisteet:
    10
    tässä ois HjT logi:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:33:58, on 10.9.2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\conime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Trend Micro\HijackThis\hoojiitee.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5D8FAC91-169A-430C-8607-9135BA18E9D8} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {8D2686F9-235A-4150-9CB0-307C80696D12} - (no file)
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: {b97fd242-d7e8-36f9-81a4-9a00c8a437ca} - {ac734a8c-00a9-4a18-9f63-8e7d242df79b} - C:\Windows\system32\bmktrx.dll
    O2 - BHO: (no name) - {F2F62182-7460-440A-AFDE-B19A6156A976} - (no file)
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [AdVantage Setup] C:\Program Files\Webteh\BSplayer\AdVantageSetup.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe
    O4 - HKLM\..\Run: [\YUR2E64.exe] C:\Windows\system32\YUR2E64.exe
    O4 - HKLM\..\Run: [\YUR4E6F.exe] C:\Windows\system32\YUR4E6F.exe
    O4 - HKLM\..\Run: [\YUR544B.exe] C:\Windows\system32\YUR544B.exe
    O4 - HKLM\..\Run: [\YUR5DFF.exe] C:\Windows\system32\YUR5DFF.exe
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\rqRLcBTn.dll,#1
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [BM0b254745] Rundll32.exe "C:\Windows\system32\bmjenvtj.dll",s
    O4 - HKLM\..\RunOnce: [FinishInstallation] "C:\Windows\WinVerCheck.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Somefox] C:\Users\eDy\AppData\Local\Temp\A3BD.tmp.exe
    O4 - HKCU\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe
    O4 - HKCU\..\Run: [\YUR2E64.exe] C:\Windows\system32\YUR2E64.exe
    O4 - HKCU\..\Run: [\YUR4E6F.exe] C:\Windows\system32\YUR4E6F.exe
    O4 - HKCU\..\Run: [\YUR544B.exe] C:\Windows\system32\YUR544B.exe
    O4 - HKCU\..\Run: [\YUR5DFF.exe] C:\Windows\system32\YUR5DFF.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL bmktrx.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 12142 bytes
     
  2.  
  3. Hujo

    Hujo Guest

    1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
    combofix1
    combofix2

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

    ===========

    Lataa Malwarebytes' Anti-Malware työpöydällesi.

    1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
    2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
    Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
    3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
    4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
    5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
    6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
    7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
    löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
    Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    8. Lähetä lokin sisältö seuraavassa viestissäsi.
     
  4. EDYSTERi

    EDYSTERi Member

    Liittynyt:
    31.05.2008
    Viestejä:
    0
    Kiitokset:
    0
    Pisteet:
    10
    v
     
    Viimeksi muokattu: 11.09.2008
  5. Hujo

    Hujo Guest

    Pyyhkäse toi Combofix loki pois tuosta ylhäältä. Ajat sitten tuosta alhaalta ensin
    =====================

    Poista lisää poista sovelutuksesta


    Spybot - Search & Destroy


    Poista kannsio vikasiedossa


    C:\Program Files\Spybot - Search & Destroy

    =============

    scannaa hjt:llä merkkaa paina Fix checked


    O2 - BHO: (no name) - {5D8FAC91-169A-430C-8607-9135BA18E9D8} - (no file)
    O2 - BHO: (no name) - {F2F62182-7460-440A-AFDE-B19A6156A976} - (no file)
    O2 - BHO: (no name) - {F2F62182-7460-440A-AFDE-B19A6156A976} - (no file)
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime


    ============

    sitten teet tämän


    Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

    Tallenna se nimellä CFScript.txt

    Sitten raahaa CFScript ComboFix.exeen kuten alla.

    [​IMG]

    Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

    ============

    sammuta ja käynnistä

    ============

    Lataa SmitfraudFix (c) S!Ri
    Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

    Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
    Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
    Postita ponnahtava rapport – muistion sisältö viestiketjuusi.
    Löytyy myös C:\rapport.txt

    Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat
    (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja.
    A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä,
    silloin ne saattavat varoittaa käyttäjää.


    ============

    Tarkista Kaspersky Online Skannerilla

    1. Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
    2. Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
    3. Kun lataus on valmis, klikkaa Settings.
    4. Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save:
    Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases

    5. Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
    6. Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
    7. Näet listan saastuneista kohteista. Klikkaa Save Report As....
    8. Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.
    9. Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera

    ===========

    aja kolmekertaa combofix ja kolmanen lokin laitat tänne.
     
    Moderaattorin viimeksi muokkaama: 11.09.2008
  6. EDYSTERi

    EDYSTERi Member

    Liittynyt:
    31.05.2008
    Viestejä:
    0
    Kiitokset:
    0
    Pisteet:
    10
    Combofix:

    ComboFix 08-09-10.04 - eDy 2008-09-11 15:54:56.5 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.136 [GMT 3:00]
    Sijainti: C:\Users\eDy\Desktop\Downloads\ComboFix.exe
    Command switches used :: C:\Users\eDy\Desktop\Downloads\CFScript.txt.txt
    * Uusi palautuspiste luotu
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\PCHealthCenter
    C:\Program Files\PCHealthCenter\0.exe
    C:\Program Files\PCHealthCenter\0.gif
    C:\Program Files\PCHealthCenter\1.exe
    C:\Program Files\PCHealthCenter\1.gif
    C:\Program Files\PCHealthCenter\1.ico
    C:\Program Files\PCHealthCenter\2.exe
    C:\Program Files\PCHealthCenter\2.gif
    C:\Program Files\PCHealthCenter\2.ico
    C:\Program Files\PCHealthCenter\3.exe
    C:\Program Files\PCHealthCenter\3.gif
    C:\Program Files\PCHealthCenter\4.exe
    C:\Program Files\PCHealthCenter\5.exe
    C:\Program Files\PCHealthCenter\7.exe
    C:\Program Files\PCHealthCenter\sc.html
    C:\Program Files\SAV
    C:\Program Files\SAV\sav.cpl
    C:\Program Files\SAV\sav.exe
    C:\Program Files\SAV\sav.ooo
    C:\Program Files\SAV\sav0.dat
    C:\Program Files\SAV\sav1.dat
    C:\Windows\b152.exe
    C:\Windows\faceback.exe
    C:\Windows\System32\cLSAdcfe.ini
    C:\Windows\System32\cLSAdcfe.ini2
    C:\Windows\system32\ddCsSJBQ.dll
    C:\Windows\system32\dzvyyh.dll
    C:\Windows\system32\efcdASLc.dll
    C:\Windows\system32\efcDVlmL.dll
    C:\Windows\system32\efcYOGYp.dll
    C:\Windows\System32\kkmftvvy.ini
    C:\Windows\system32\mfkyfekq.dll
    C:\Windows\system32\phjfjqqi.dll
    C:\Windows\system32\tibtsmqg.dll
    C:\Windows\system32\tuvWnoPH.dll
    C:\Windows\system32\tuvVPhFV.dll
    C:\Windows\system32\uRliIawU.dll
    C:\Windows\system32\urqRIbay.dll
    C:\Windows\system32\xXpqRHYS.dll
    C:\Windows\system32\YUR745E.exe
    C:\Windows\system32\YURB25E.exe
    C:\Windows\system32\YURBB57.exe
    C:\Windows\system32\YURBE16.exe
    C:\Windows\system32\YURC1B0.exe
    C:\Windows\system32\YURC1DF.exe
    C:\Windows\system32\YURC615.exe
    C:\Windows\system32\YURC857.exe
    C:\Windows\system32\YUREC89.exe
    C:\Windows\system32\yvvtfmkk.dll

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-08-11 to 2008-09-11 )))))))))))))))))
    .

    2008-09-11 15:34 . 2008-09-11 15:34 <KANSIO> d-------- C:\Program Files\Mjcore
    2008-09-11 15:29 . 2008-09-09 16:14 166,912 --a------ C:\Windows\System32\MicroAV.cpl
    2008-09-11 15:02 . 2008-09-11 15:29 <KANSIO> d-------- C:\Program Files\MicroAV
    2008-09-11 15:01 . 2008-09-11 15:01 86,016 --a------ C:\Windows\System32\qfulihyl.exe
    2008-09-10 21:51 . 2008-09-10 21:51 102,400 --a------ C:\Windows\System32\lidobmnk.exe
    2008-09-10 21:07 . 2008-09-10 21:07 102,400 --a------ C:\Windows\System32\yjqnodoj.exe
    2008-09-10 20:11 . 2008-09-10 20:11 <KANSIO> d-------- C:\ProgramData\nsfubuns
    2008-09-10 20:11 . 2008-09-10 20:11 94,208 --a------ C:\Windows\System32\uhenoxgx.exe
    2008-09-10 20:10 . 2008-09-10 20:10 117,252 --a------ C:\Windows\System32\msxml71.dll
    2008-09-10 19:29 . 2008-09-11 13:19 3,262 --a------ C:\Windows\System32\2.ico
    2008-09-10 14:41 . 2008-09-08 16:50 165,888 --a------ C:\Windows\System32\MSa.cpl
    2008-09-10 14:41 . 2008-09-11 13:19 106,496 --a------ C:\x
    2008-09-10 14:41 . 2008-09-11 13:19 3,262 --a------ C:\Windows\System32\1.ico
    2008-09-09 23:04 . 2008-09-09 23:04 <KANSIO> d-------- C:\Program Files\QuickTime
    2008-09-09 23:04 . 2008-09-09 23:04 <KANSIO> d-------- C:\Program Files\Common Files\Apple
    2008-09-09 23:03 . 2008-09-09 23:03 <KANSIO> d-------- C:\ProgramData\Apple Computer
    2008-09-07 16:31 . 2008-09-07 16:31 156 --a------ C:\Windows\Twunk001.MTX
    2008-09-07 16:31 . 2008-09-07 16:31 2 --a------ C:\Windows\Twain001.Mtx
    2008-09-07 16:31 . 2008-09-07 16:31 0 --a------ C:\Windows\Twunk002.MTX
    2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
    2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts
    2008-09-04 00:45 . 2008-09-04 00:47 <KANSIO> d-------- C:\Users\eDy\AppData\Roaming\SPORE
    2008-09-03 14:59 . 2008-09-03 14:59 <KANSIO> d-------- C:\ProgramData\Electronic Arts
    2008-09-03 14:59 . 2008-09-04 15:01 10,940 --a------ C:\Windows\System32\ealregsnapshot1.reg
    2008-08-31 16:08 . 2008-08-31 16:08 <KANSIO> d-------- C:\ProgramData\FLEXnet
    2008-08-31 16:03 . 2008-08-31 16:03 <KANSIO> d-------- C:\ProgramData\ALM
    2008-08-28 00:03 . 2008-08-28 00:03 42,320 --a------ C:\Windows\System32\xfcodec.dll
    2008-08-26 15:18 . 2008-08-26 15:18 <KANSIO> d-------- C:\Program Files\GALA-NET
    2008-08-26 00:05 . 2008-07-19 08:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
    2008-08-26 00:05 . 2008-07-19 06:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
    2008-08-26 00:05 . 2008-07-19 08:09 563,912 --a------ C:\Windows\System32\wuapi.dll
    2008-08-26 00:05 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
    2008-08-26 00:05 . 2008-07-19 06:44 83,456 --a------ C:\Windows\System32\wudriver.dll
    2008-08-26 00:05 . 2008-07-19 08:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
    2008-08-26 00:05 . 2008-07-19 08:10 45,768 --a------ C:\Windows\System32\wups2.dll
    2008-08-26 00:05 . 2008-07-19 08:10 36,552 --a------ C:\Windows\System32\wups.dll
    2008-08-26 00:05 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
    2008-08-23 06:47 . 2008-08-23 06:47 86,523 --a------ C:\Windows\WinVerCheck.exe
    2008-08-14 20:09 . 2008-07-16 04:32 2,048 --a------ C:\Windows\System32\tzres.dll
    2008-08-14 19:26 . 2008-06-27 04:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-08-14 19:26 . 2008-06-27 07:15 827,392 --a------ C:\Windows\System32\wininet.dll
    2008-08-14 19:26 . 2008-04-10 08:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
    2008-08-14 19:26 . 2008-06-19 06:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
    2008-08-14 19:26 . 2008-04-18 08:48 269,312 --a------ C:\Windows\System32\es.dll

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-11 12:16 --------- d-----w C:\ProgramData\Microsoft Help
    2008-09-10 17:09 --------- d-----w C:\Program Files\Steam
    2008-09-10 15:10 --------- d-----w C:\Program Files\Common Files\Steam
    2008-09-09 21:14 --------- d-----w C:\Users\eDy\AppData\Roaming\uTorrent
    2008-09-08 00:15 --------- d-----w C:\Users\eDy\AppData\Roaming\mIRC
    2008-09-07 20:58 --------- d-----w C:\Users\eDy\AppData\Roaming\LimeWire
    2008-09-07 20:35 --------- d-----w C:\Program Files\mIRC
    2008-09-07 13:31 --------- d---a-w C:\ProgramData\TEMP
    2008-09-07 13:30 --------- d-----w C:\Program Files\Fraps
    2008-09-06 14:02 --------- d-----w C:\ProgramData\Xfire
    2008-09-04 16:10 --------- d-----w C:\Users\eDy\AppData\Roaming\Xfire
    2008-09-04 16:10 --------- d-----w C:\Program Files\Xfire
    2008-09-04 11:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-03 21:34 --------- d-----w C:\Program Files\Electronic Arts
    2008-08-30 21:51 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-08-30 21:07 --------- d-----w C:\Program Files\Winamp
    2008-08-18 17:26 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-08-14 17:49 --------- d-----w C:\Program Files\Windows Mail
    2008-08-13 11:51 --------- d-----w C:\Program Files\ATI
    2008-08-10 12:05 --------- d-----w C:\ProgramData\Codemasters
    2008-08-10 12:01 --------- d-----w C:\Program Files\OpenAL
    2008-08-09 18:45 --------- d-----w C:\ProgramData\Apple
    2008-08-09 18:45 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-04 22:50 --------- d-----w C:\ProgramData\Symantec
    2008-08-02 13:58 --------- d-----w C:\Program Files\Boris FX, Inc
    2008-07-31 17:17 --------- d-----w C:\Program Files\VASST
    2008-07-31 17:15 --------- d-----w C:\Program Files\Sonic Foundry
    2008-07-31 17:15 --------- d-----w C:\Program Files\DebugMode
    2008-07-30 14:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
    2008-07-30 14:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
    2008-07-30 14:28 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
    2008-07-27 23:45 --------- d-----w C:\Users\eDy\AppData\Roaming\Hamachi
    2008-07-27 10:27 --------- d-----w C:\Program Files\LimeWire
    2008-07-26 11:52 --------- d-----w C:\Program Files\DC++
    2008-07-26 10:04 --------- d-----w C:\Program Files\uTorrent Acceleration Tool
    2008-07-26 10:03 --------- d-----w C:\Program Files\LimeWire(2)
    2008-07-24 09:40 --------- d-----w C:\Program Files\AGEIA Technologies
    2008-07-24 09:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-07-23 10:50 --------- d-----w C:\Program Files\Teamspeak2_RC2
    2008-07-23 10:44 --------- d-----w C:\Users\eDy\AppData\Roaming\teamspeak2
    2008-07-23 00:38 --------- d-----w C:\Program Files\Bonjour
    2008-07-23 00:25 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
    2008-07-21 23:50 --------- d-----w C:\Users\eDy\AppData\Roaming\Winamp
    2008-07-21 21:38 --------- d-----w C:\Program Files\Audacity
    2008-07-21 17:00 --------- d-----w C:\ProgramData\TrackMania United
    2008-07-21 11:35 --------- d-----w C:\Program Files\TrackMania United
    2008-07-20 20:31 --------- d-----w C:\Program Files\IDoser v4
    2008-07-18 03:33 --------- d-----w C:\ProgramData\TrackMania
    2008-07-16 12:48 --------- d-----w C:\ProgramData\WindowsSearch
    2008-07-16 10:36 --------- d-----w C:\ProgramData\River Past G5
    2008-07-11 10:23 --------- d-----w C:\Program Files\Mass Effect
    2008-07-11 10:19 --------- d-----w C:\ProgramData\Media Center Programs
    2008-07-11 10:19 --------- d-----w C:\Program Files\Common Files\BioWare
    2008-06-19 20:43 319,456 ----a-w C:\Windows\DIFxAPI.dll
    2008-06-19 20:31 315,392 ----a-w C:\Windows\HideWin.exe
    2008-06-19 18:43 174 --sha-w C:\Program Files\desktop.ini
    2008-06-13 10:52 6,183,456 ----a-w C:\Windows\RtHDVCpl.exe
    2008-05-12 12:40 22,328 ----a-w C:\Users\eDy\AppData\Roaming\PnkBstrK.sys
    2008-01-29 18:10 47,360 ----a-w C:\Users\eDy\AppData\Roaming\pcouffin.sys
    2008-01-26 12:05 81,920 ----a-w C:\Users\eDy\AppData\Roaming\ezpinst.exe
    2007-12-23 22:35 808,448 --sh--r C:\Windows\odbconf.exe
    2008-03-13 12:35 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-13 12:35 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-13 12:37 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    2008-03-13 12:37 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    2008-03-13 12:37 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    2008-03-13 12:35 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2008-05-20 10:24 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051220080519\index.dat
    2008-05-26 10:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051920080526\index.dat
    2008-05-26 10:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052620080527\index.dat
    2008-05-27 10:15 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052720080528\index.dat
    2008-05-28 10:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052820080529\index.dat
    2008-05-30 08:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008053020080531\index.dat
    2008-06-01 10:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008060120080602\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2008-09-10_22.03.38.79 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-20 17:02:28 163,328 ----a-w C:\Windows\erdnt\Hiv-backup\ERDNT.EXE
    + 2007-08-28 22:49:28 606,120 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONBTTNIE.DLL
    + 2007-08-28 21:43:30 1,022,840 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONENOTE.EXE
    + 2007-08-24 02:45:42 101,784 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONENOTEM.EXE
    + 2007-08-24 02:45:42 75,144 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONFILTER.DLL
    + 2007-08-24 02:45:46 1,167,744 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONLIBS.DLL
    + 2007-10-12 19:08:52 6,588,968 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONMAIN.DLL
    - 2008-08-14 17:10:44 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    + 2008-09-11 12:16:38 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    - 2008-08-14 17:10:45 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
    + 2008-09-11 12:16:38 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
    - 2008-08-14 17:10:44 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
    + 2008-09-11 12:16:38 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
    - 2008-08-14 17:10:44 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
    + 2008-09-11 12:16:38 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
    - 2008-08-14 17:10:45 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
    + 2008-09-11 12:16:38 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
    - 2008-08-14 17:10:45 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
    + 2008-09-11 12:16:39 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
    - 2008-08-14 17:10:46 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
    + 2008-09-11 12:16:39 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
    - 2008-08-14 17:10:44 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
    + 2008-09-11 12:16:38 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
    - 2008-08-14 17:10:45 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
    + 2008-09-11 12:16:38 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
    - 2008-08-14 17:10:45 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
    + 2008-09-11 12:16:38 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
    - 2008-08-14 17:10:45 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
    + 2008-09-11 12:16:39 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
    - 2008-08-14 17:10:44 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
    + 2008-09-11 12:16:38 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
    - 2008-09-10 18:47:45 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-09-11 13:06:55 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-09-10 18:47:45 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-09-11 13:06:55 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-09-10 18:48:41 1,310,720 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-09-11 13:17:27 1,310,720 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    - 2008-09-10 18:48:41 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-09-11 13:17:22 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    - 2008-09-10 18:42:21 229,376 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-09-11 13:12:15 229,376 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-09-10 18:42:21 1,933,312 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-09-11 13:12:15 1,933,312 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-09-10 18:42:21 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-09-11 13:12:15 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-09-10 17:13:02 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2008-09-11 12:54:37 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    - 2008-09-10 12:40:31 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
    + 2008-09-11 12:17:25 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
    - 2008-09-10 18:50:09 13,706 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2223133414-1777158752-3304994779-1002_UserData.bin
    + 2008-09-11 12:28:57 13,804 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2223133414-1777158752-3304994779-1002_UserData.bin
    - 2008-09-10 18:50:08 78,134 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-09-11 12:28:57 78,166 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-09-10 18:06:54 59,460 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-09-11 12:28:54 59,492 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-06-26 03:29:02 45,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dataclen_31bf3856ad364e35_6.0.6001.18098_none_f64ce87593b7801f\dataclen.dll
    + 2008-06-26 03:15:06 45,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dataclen_31bf3856ad364e35_6.0.6001.22211_none_f7260480ac9a8c27\dataclen.dll
    + 2008-06-26 03:29:02 565,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.18098_none_9e329f52f6fc276d\emdmgmt.dll
    + 2008-06-26 03:15:30 565,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.22211_none_9f0bbb5e0fdf3375\emdmgmt.dll
    + 2008-08-02 03:26:00 36,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.18114_none_abc1cbc0e39143f0\cdd.dll
    + 2008-08-02 01:01:23 625,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.18114_none_abc1cbc0e39143f0\dxgkrnl.sys
    + 2008-08-02 03:20:51 36,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.22235_none_ac36c8fdfcbe34f3\cdd.dll
    + 2008-08-02 00:59:11 625,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.22235_none_ac36c8fdfcbe34f3\dxgkrnl.sys
    + 2008-05-20 02:07:31 148,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6001.18075_none_4ec1fb0e8f26c88a\nwifi.sys
    + 2008-05-20 02:00:06 148,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6001.22183_none_4f3ec759a84e5197\nwifi.sys
    + 2008-05-08 19:21:56 211,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18068_none_886bae514b981fe3\mrxsmb10.sys
    + 2008-05-08 02:47:34 211,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22175_none_88e77a5264c08f99\mrxsmb10.sys
    .
    -- Snapshot reset to current date --
    .
    (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "appdsc"="C:\Windows\system32\glurahsh.exe" [2008-09-11 94208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 228088]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 107112]
    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 22696]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "Antivirus"="C:\Program Files\MicroAV\MicroAV.exe" [2008-09-10 397312]
    "AdVantage Setup"="C:\Program Files\Webteh\BSplayer\AdVantageSetup.exe" [BU]
    "MSServer"="C:\Windows\system32\ddCsSJBQ.dll" [BU]
    "BM0b254745"="C:\Windows\system32\phjfjqqi.dll" [BU]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 C:\Windows\RtHDVCpl.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "U0qJbeHJMj"="C:\ProgramData\nsfubuns\zwbolubu.exe" [2008-09-10 65536]

    C:\Users\eDy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-12-13 557568]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "LogonHoursAction"= 2 (0x2)
    "DontDisplayLogonHoursWarnings"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL ktfacl.dll dzvyyh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.XFR1"= xfcodec.dll
    "msacm.ac3filter"= ac3filter.acm
    "msacm.avis"= ff_acm.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{6DE4EF4D-504D-414B-B1BD-EA857B9B8EA1}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{D26A1AB5-3DC8-41EC-BE73-E60A14C89BE6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{0F14D24A-D0E7-43D8-9718-D0DFA8336490}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
    "{AEAA3492-DAF6-429D-966D-3C14705A9575}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
    "{9F75219E-E733-4560-9EEB-AF6F3B8045D1}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "{9F5140EC-EA46-4050-A949-77C6675A0AAA}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "{798DB3DE-D704-42B5-82D5-AABD5BC5806E}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{80DAF794-CF15-4783-B4B7-7BDB0A3D96A4}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{3AD1C762-6D2F-4F9E-AC3F-64D794BDB041}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{12F5DA58-918C-4739-99EE-39E5ABD9604C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{5FF56F9D-7148-4B88-8E55-881FD36E119D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{41D88386-1868-4B7B-AE1B-6224121BB070}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{AAA1AC87-95D1-4A5E-9E84-B89E03817C0C}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{3E6B9D4F-CBFB-41A0-97A9-08E2B7519B7F}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
    "UDP Query User{5B95B573-C6C8-4FB8-B4CE-181F77E62F22}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
    "TCP Query User{E62A8DF0-5B32-4F7E-8C57-BE0C778D0BB3}C:\\program files\\trackmania sunrise\\tmsunrise.exe"= UDP:C:\program files\trackmania sunrise\tmsunrise.exe:TmSunrise
    "UDP Query User{F33B5F75-0BEB-48D4-AB5B-75960117A640}C:\\program files\\trackmania sunrise\\tmsunrise.exe"= TCP:C:\program files\trackmania sunrise\tmsunrise.exe:TmSunrise
    "TCP Query User{3E11A1C9-94ED-4E30-B37E-F2A4CF4C9AF2}C:\\program files\\[pc] splinter cell pandora tomorrow [rip] [dopeman]\\scpd\\splinter cell pandora tomorrow\\pandora.exe"= UDP:C:\program files\[pc] splinter cell pandora tomorrow [rip] [dopeman]\scpd\splinter cell pandora tomorrow\pandora.exe:pandora
    "UDP Query User{187EAD21-5932-47CE-BB51-4DA8614789B6}C:\\program files\\[pc] splinter cell pandora tomorrow [rip] [dopeman]\\scpd\\splinter cell pandora tomorrow\\pandora.exe"= TCP:C:\program files\[pc] splinter cell pandora tomorrow [rip] [dopeman]\scpd\splinter cell pandora tomorrow\pandora.exe:pandora
    "TCP Query User{CAA333D1-670A-42CA-BAF5-19351043585A}C:\\users\\edy\\appdata\\local\\xenocode\\appliancecaches\\kumaclient.exe_v71b24f3e\\native\\stubexe\\@programfiles@\\kuma games\\kuma.exe"= UDP:C:\users\edy\appdata\local\xenocode\appliancecaches\kumaclient.exe_v71b24f3e\native\stubexe\@programfiles@\kuma games\kuma.exe:kuma.exe
    "UDP Query User{547E73C9-8561-4BC6-AF97-0EAE0A405858}C:\\users\\edy\\appdata\\local\\xenocode\\appliancecaches\\kumaclient.exe_v71b24f3e\\native\\stubexe\\@programfiles@\\kuma games\\kuma.exe"= TCP:C:\users\edy\appdata\local\xenocode\appliancecaches\kumaclient.exe_v71b24f3e\native\stubexe\@programfiles@\kuma games\kuma.exe:kuma.exe
    "TCP Query User{A2BDBE65-7DD8-4F50-BBFA-67BA538B1D50}C:\\program files\\steam\\steamapps\\ts0mpi\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\counter-strike\hl.exe:Half-Life Launcher
    "UDP Query User{46736481-5D1C-46F0-BF0C-1785D9DA44C0}C:\\program files\\steam\\steamapps\\ts0mpi\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\counter-strike\hl.exe:Half-Life Launcher
    "TCP Query User{1724A2D6-38C2-46E6-8A1E-CE9655A9905B}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
    "UDP Query User{9891D4A0-A8C9-4EED-A1E6-CD7A7769E72D}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
    "TCP Query User{9F4BC339-CBD5-406C-8442-D2D91F2126F4}C:\\program files\\steam\\steamapps\\ts0mpi\\day of defeat\\hl.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\day of defeat\hl.exe:Half-Life Launcher
    "UDP Query User{FCA40045-0385-4845-B2C0-DE8EFECE0362}C:\\program files\\steam\\steamapps\\ts0mpi\\day of defeat\\hl.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\day of defeat\hl.exe:Half-Life Launcher
    "TCP Query User{270DEB84-E739-47E0-8BE2-61037403BC36}C:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:C:\program files\wolfenstein - enemy territory\et.exe:ET
    "UDP Query User{BCD5039E-D69D-4E7C-BDB0-FF0CBFA8F70E}C:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:C:\program files\wolfenstein - enemy territory\et.exe:ET
    "{FB4D5CBA-10FC-4F29-9679-2D161465CBD2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{52BBAB77-A961-4605-BF39-308CA8F42726}C:\\program files\\steam\\steamapps\\ts0mpi\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\team fortress 2\hl2.exe:hl2
    "UDP Query User{3D046931-D84E-4957-8E5A-8C613D7A99AB}C:\\program files\\steam\\steamapps\\ts0mpi\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\team fortress 2\hl2.exe:hl2
    "TCP Query User{9F1CFA65-E334-4CB3-8771-D30ED9DEA41E}C:\\program files\\steam\\steamapps\\ts0mpi\\source sdk base\\hl2.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\source sdk base\hl2.exe:hl2
    "UDP Query User{4141FADE-38D6-425B-90CA-D5F51C7414CE}C:\\program files\\steam\\steamapps\\ts0mpi\\source sdk base\\hl2.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\source sdk base\hl2.exe:hl2
    "TCP Query User{FEC3BB70-064E-4818-B824-89B0B9B459A4}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam
    "UDP Query User{75093C78-3FB3-4170-AF31-FB94A800E8A8}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam
    "TCP Query User{FDC87E98-388D-40B3-80D6-26CC29409717}C:\\program files\\steam\\steamapps\\ts0mpi\\half-life 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\half-life 2\hl2.exe:hl2
    "UDP Query User{0F6A8421-C83E-4A62-BB1C-2394577CFB02}C:\\program files\\steam\\steamapps\\ts0mpi\\half-life 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\half-life 2\hl2.exe:hl2
    "TCP Query User{62334EED-A011-4A3C-9852-F403B295891A}C:\\windows\\system32\\rxbot2.exe"= UDP:C:\windows\system32\rxbot2.exe:rxbot2
    "UDP Query User{EC9EF5C7-2A8E-4348-961A-A092886AAD8F}C:\\windows\\system32\\rxbot2.exe"= TCP:C:\windows\system32\rxbot2.exe:rxbot2
    "TCP Query User{957C8E02-2BE8-4A2B-9A1F-810AAEC206E5}C:\\windows\\system32\\wuamgrd.exe"= UDP:C:\windows\system32\wuamgrd.exe:wuamgrd
    "UDP Query User{0DB1F23A-B03B-4943-9A5C-323AC36C109E}C:\\windows\\system32\\wuamgrd.exe"= TCP:C:\windows\system32\wuamgrd.exe:wuamgrd
    "TCP Query User{44C1870D-5475-411A-BFB2-E8646DA5F3CD}C:\\users\\edy\\desktop\\downloads\\cabaltemp\\estsetuploader.exe"= UDP:C:\users\edy\desktop\downloads\cabaltemp\estsetuploader.exe:estsetuploader.exe
    "UDP Query User{FE173293-B7B2-4446-8604-2DCD233B49C4}C:\\users\\edy\\desktop\\downloads\\cabaltemp\\estsetuploader.exe"= TCP:C:\users\edy\desktop\downloads\cabaltemp\estsetuploader.exe:estsetuploader.exe
    "TCP Query User{DA206DEC-5B07-4992-AD1F-120922B7B68F}C:\\windows\\system32\\wuamgrd.exe"= UDP:C:\windows\system32\wuamgrd.exe:wuamgrd
    "UDP Query User{087B9389-EAB2-4C2B-961E-AD3A937BE263}C:\\windows\\system32\\wuamgrd.exe"= TCP:C:\windows\system32\wuamgrd.exe:wuamgrd
    "{B540D59B-B442-47DE-959C-D1D403CFDD71}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
    "{185E76E3-870F-4457-BE2D-6E1A819E1B70}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
    "TCP Query User{598CEE78-B17D-4541-BD4A-5731314BCA0D}C:\\program files\\steam\\steamapps\\ts0mpi\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\counter-strike\hl.exe:Half-Life Launcher
    "UDP Query User{C6BA753F-6DFD-48B0-B223-EC7C144A286C}C:\\program files\\steam\\steamapps\\ts0mpi\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\counter-strike\hl.exe:Half-Life Launcher
    "TCP Query User{63ED93EE-A909-486F-9D90-18D356C4A6B2}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
    "UDP Query User{AC32CB46-527A-49D9-860B-136C61474967}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
    "TCP Query User{EF148274-31E4-4DC6-AB35-50687970A7A4}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
    "UDP Query User{F2D28122-7122-4D37-8C3E-A34AF0A8F105}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
    "TCP Query User{64F11094-F81F-4CBA-B4CC-46FA11BE6DCD}C:\\program files\\rainbow six vegas\\rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:C:\program files\rainbow six vegas\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
    "UDP Query User{5900BE55-CD12-4C79-8892-C39D9EAAF8DD}C:\\program files\\rainbow six vegas\\rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:C:\program files\rainbow six vegas\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
    "TCP Query User{C7AE8A31-3B66-47FF-8D36-C0D6D945AF8C}C:\\program files\\e frontier\\poser 7\\poser.exe"= UDP:C:\program files\e frontier\poser 7\poser.exe:poser executable file
    "UDP Query User{81EDF152-C02D-481D-A374-AD6EC7F06F85}C:\\program files\\e frontier\\poser 7\\poser.exe"= TCP:C:\program files\e frontier\poser 7\poser.exe:poser executable file
    "TCP Query User{B5165048-77AC-4CDD-8F1F-D2184E0B5127}C:\\program files\\walaber's trampoline\\bin\\release\\trampolinegame.exe"= UDP:C:\program files\walaber's trampoline\bin\release\trampolinegame.exe:TrampolineGame
    "UDP Query User{1FF480FE-9D76-41B5-ADA9-D06BBD323C73}C:\\program files\\walaber's trampoline\\bin\\release\\trampolinegame.exe"= TCP:C:\program files\walaber's trampoline\bin\release\trampolinegame.exe:TrampolineGame
    "{6D10385D-F158-429E-869D-CA6DC8A4686B}"= UDP:C:\Windows\System32\PnkBstrA.exe:pnkBstrA
    "{A98DDC02-7B32-4973-B34B-E083BA9AAF15}"= TCP:C:\Windows\System32\PnkBstrA.exe:pnkBstrA
    "{D6D09900-76C4-4C3A-8E39-5D05EBC74E80}"= UDP:C:\Windows\System32\PnkBstrB.exe:pnkBstrB
    "{955F1414-05D1-426A-A663-9F68DD06A8DC}"= TCP:C:\Windows\System32\PnkBstrB.exe:pnkBstrB
    "{E6FC0035-7F98-4C06-9D0E-D95E595B8E6C}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
    "{E5A6D4C8-58DB-4CDD-988F-5DB0DA7CA99F}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
    "{10F1FF13-7399-4362-818F-9B37EA841F90}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
    "{DA3B9536-18ED-4B9C-ABEF-43885DCFE724}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
    "TCP Query User{6E382DEC-44BF-41FA-AA27-332099A38221}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
    "UDP Query User{1FD3E02A-AA52-417B-AF28-3033268A4B75}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
    "TCP Query User{AA0A43B3-F79B-4D73-A6EF-F6E214ED42FA}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{1526C467-66B4-420A-992B-B527E7246308}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{0099635C-4701-4D06-938E-952D22D096FD}C:\\program files\\ut2004\\ut2004\\system\\ut2004.exe"= UDP:C:\program files\ut2004\ut2004\system\ut2004.exe:UT2004
    "UDP Query User{714D4099-F9F3-4EAF-B034-BBA0E91171CE}C:\\program files\\ut2004\\ut2004\\system\\ut2004.exe"= TCP:C:\program files\ut2004\ut2004\system\ut2004.exe:UT2004
    "TCP Query User{CFB10CFF-CBD6-4C5C-9D1D-C51643D8C6D9}C:\\program files\\id software\\quake 4\\quake4ded.exe"= UDP:C:\program files\id software\quake 4\quake4ded.exe:Quake 4
    "UDP Query User{5AFE1615-C6B5-4F30-AF7B-DC0C5BC5BDED}C:\\program files\\id software\\quake 4\\quake4ded.exe"= TCP:C:\program files\id software\quake 4\quake4ded.exe:Quake 4
    "{35CDD6A8-35E4-49A9-8591-B857824DF2A1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{1046B40D-12A5-49C7-8550-C977653B20A8}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{BE9F02C3-9306-46D1-80C0-BF3880E45AF8}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{77628A07-FB76-42BD-811F-85AA6B12F47F}"= UDP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
    "{AB3C9EB8-3396-4A91-B823-C61AAC4932F9}"= TCP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
    "{60F9669C-AE0F-4B71-87C4-D239F8207E7D}"= UDP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
    "{AA89A1F9-6571-4D0F-B289-314351F46CB1}"= TCP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)
    "DoNotAllowExceptions"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071204.001\IDSvix86.sys [2007-11-06 180272]
    R2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-22 554616]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-03 3695104]
    R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-05-13 43520]
    R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 37936]
    R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
    S3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-11-15 816512]
    S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-09-21 43520]
    S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-10 92656]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
    \shell\AutoRun\command - J:\OblivionLauncher.exe

    *Newly Created Service* - COMHOST
    .
    'Ajoitetut teht„v„t'-kansion sis„lt”
    .
    - - - - POISTETUT JŽMŽRIVIT - - - -

    BHO-{1babbfcd-bf6c-4aa2-818c-7f91f6d027ee} - C:\Windows\system32\dzvyyh.dll
    BHO-{F5DC242D-084D-4F66-A7E4-D2261A5C1743} - C:\Windows\system32\efcdASLc.dll
    HKCU-Run-\YURBB57.exe - C:\Windows\system32\YURBB57.exe
    HKCU-Run-\YURC1DF.exe - C:\Windows\system32\YURC1DF.exe
    HKCU-Run-\YURC615.exe - C:\Windows\system32\YURC615.exe
    HKCU-Run-\YUREC89.exe - C:\Windows\system32\YUREC89.exe
    HKCU-Run-\YUR745E.exe - C:\Windows\system32\YUR745E.exe
    HKLM-Run-\YUR2E64.exe - C:\Windows\system32\YUR2E64.exe
    HKLM-Run-\YUR4E6F.exe - C:\Windows\system32\YUR4E6F.exe
    HKLM-Run-\YUR544B.exe - C:\Windows\system32\YUR544B.exe
    HKLM-Run-\YUR5DFF.exe - C:\Windows\system32\YUR5DFF.exe
    HKLM-Run-\YURBB57.exe - C:\Windows\system32\YURBB57.exe
    HKLM-Run-\YURC1DF.exe - C:\Windows\system32\YURC1DF.exe
    HKLM-Run-\YURC615.exe - C:\Windows\system32\YURC615.exe
    HKLM-Run-\YUREC89.exe - C:\Windows\system32\YUREC89.exe
    HKLM-Run-\YUR745E.exe - C:\Windows\system32\YUR745E.exe
    HKLM-Run-081674d9 - C:\Windows\system32\yvvtfmkk.dll



    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-11 16:44:53
    Windows 6.0.6001 Service Pack 1 NTFS

    tarkistaa piilotettuja prosesseja ...

    tarkistaa piilotettuja k„ynnistysarvoja ...

    tarkistaa piilotettuja tiedostoja ...


    C:\Users\eDy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ONT3C1Q\g2[1]
    C:\Users\eDy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZE9ICA93\g3[1]

    tarkistus on valmis
    piilotetut tiedostot: 2

    **************************************************************************
    .
    ------------------------ Muut prosessit ------------------------
    .
    C:\Windows\System32\Ati2evxx.exe
    C:\Windows\System32\audiodg.exe
    C:\Windows\System32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Windows\System32\bgsvcgen.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\System32\PnkBstrA.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Windows\ehome\ehsched.exe
    C:\Windows\ehome\ehrecvr.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Windows\System32\conime.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    .
    **************************************************************************
    .
    Valmistumisajankohta: 2008-09-11 16:55:22 - kone k„ynnistettiin uudelleen [eDy]
    ComboFix-quarantined-files.txt 2008-09-11 13:55:09
    ComboFix2.txt 2008-09-10 19:05:03
    ComboFix3.txt 2008-06-20 22:07:08

    Pre-Run: 229,456,928,768 tavua vapaana
    Post-Run: 229,942,775,808 tavua vapaana

    486 --- E O F --- 2008-08-18 17:26:57
     
  7. EDYSTERi

    EDYSTERi Member

    Liittynyt:
    31.05.2008
    Viestejä:
    0
    Kiitokset:
    0
    Pisteet:
    10
    SmitFraudFix loki:

    SmitFraudFix v2.349

    Scan done at 17:02:22,28, to 11.09.2008
    Run from C:\Users\eDy\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows [versio 6.0.6001] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Windows\system32\bgsvcgen.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\ehome\ehsched.exe
    C:\Windows\ehome\ehRecvr.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\conime.exe
    C:\ProgramData\nsfubuns\zwbolubu.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\MicroAV\MicroAV.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\glurahsh.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

    C:\Windows\system32\1.ico FOUND !
    C:\Windows\system32\2.ico FOUND !
    C:\Windows\system32\MicroAV.cpl FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\eDy


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\eDy\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\eDy\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    C:\Users\eDy\Desktop\BEST ZOO PORN.url FOUND !
    C:\Users\eDy\Desktop\QUALITY PORN.url FOUND !
    C:\Users\eDy\Desktop\System Antivirus 2008.lnk FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
    !!!Attention, following keys are not inevitably infected!!!



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL ktfacl.dll dzvyyh.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\Windows\\system32\\userinit.exe,"
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» RK



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: VIA Rhine II Fast Ethernet Adapter
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{937409DC-3DF9-40F0-A79F-51EF491450FE}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{937409DC-3DF9-40F0-A79F-51EF491450FE}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{937409DC-3DF9-40F0-A79F-51EF491450FE}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

     
  8. Hujo

    Hujo Guest

    Printtaa ohjeet ulos

    Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

    Vikasietotilaan:

    sammuta ja käynnistä
    käynnistyksen yhteydessä hakkaa F8 nappia
    valitse nuolinäppäimellä vikasietotila
    paina enter ja enter
    valitse käyttäjätilisi
    paina kyllä

    Jossakin koneissa hakataan F8:sin sijasta F5:tä

    Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
    Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

    Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

    Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

    Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
    Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
    Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

    Varoitus : Ajamalla optio 2:n EI-tarttuneessa tietokoneessa, poistaa sinun työpöytäsi taustakuvan.
     
  9. EDYSTERi

    EDYSTERi Member

    Liittynyt:
    31.05.2008
    Viestejä:
    0
    Kiitokset:
    0
    Pisteet:
    10
    SmitFraudFix loki:

    SmitFraudFix v2.349

    Scan done at 22:00:12,37, to 11.09.2008
    Run from C:\Users\eDy\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows [versio 6.0.6001] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\Windows\system32\1.ico Deleted
    C:\Windows\system32\2.ico Deleted
    C:\Windows\system32\MicroAV.cpl Deleted
    C:\Users\eDy\Desktop\BEST ZOO PORN.url Deleted
    C:\Users\eDy\Desktop\QUALITY PORN.url Deleted
    C:\Users\eDy\Desktop\System Antivirus 2008.lnk Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix



    »»»»»»»»»»»»»»»»»»»»»»»» RK


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{937409DC-3DF9-40F0-A79F-51EF491450FE}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{937409DC-3DF9-40F0-A79F-51EF491450FE}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{937409DC-3DF9-40F0-A79F-51EF491450FE}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

     
  10. Hujo

    Hujo Guest

    sitten tuo kohta Tarkista Kaspersky Online Skannerilla

     
  11. EDYSTERi

    EDYSTERi Member

    Liittynyt:
    31.05.2008
    Viestejä:
    0
    Kiitokset:
    0
    Pisteet:
    10
    Kaspersky ei löydä mitään mut silti heittää viel jotai toho ruudulle
     
  12. Hujo

    Hujo Guest

    ajas tuo combofix uudelleen

    =============

    Lataa Tästä Ccleaner
    CCleaner v2.05.555- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
    Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
    Asennuksen jälkeen aukaise CCleaner.
    Valitse vasemmalta pystyrivistä Options.
    Valitse viereisestä pystyrivistä Settings.
    Language kohtaan valitse Suomi.

    Puhdistaja
    Valitse vasemmalta pystyrivistä Puhdistaja.
    Paina alhaalta Tutki.
    Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
    Kun tutkiminen on valmis, paina Aja CCleaner.
    Nyt CCleaner poistaa löydetyt tempit, cookiessit jne.

    Rekisterin virheiden korjaus
    Valitse vasemmalta pystyrivistä Rekisteri.
    Paina alhaalta Etsi rekisterin virheitä.
    Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
    Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
    Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
    Saat vielä varmistus kysymyksen, paina Ok.
    Kun virheet on korjattu, paina Sulje.
    Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.
     
    Moderaattorin viimeksi muokkaama: 12.09.2008
  13. EDYSTERi

    EDYSTERi Member

    Liittynyt:
    31.05.2008
    Viestejä:
    0
    Kiitokset:
    0
    Pisteet:
    10
    Nyt ei o vähää aikaa ponnahusikkunaa näkyny ku ajoin ccleanerin mut toi combofix ei enää jonkun takia käynnisty.
     
  14. Hujo

    Hujo Guest

    kirjoita suorita luukkuun

    Combofix.exe /u


    paina OK
     
  15. EDYSTERi

    EDYSTERi Member

    Liittynyt:
    31.05.2008
    Viestejä:
    0
    Kiitokset:
    0
    Pisteet:
    10
    Noni nyt toimi ja kyllähä toi ponnahusikkuna viel tulee täs ois loki:

    ComboFix 08-09-11.02 - eDy 2008-09-12 21:16:05.6 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.298 [GMT 3:00]
    Sijainti: C:\Users\eDy\Desktop\Downloads\ComboFix.exe
    * Uusi palautuspiste luotu
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-08-12 to 2008-09-12 )))))))))))))))))
    .

    2008-09-12 19:48 . 2008-09-12 19:48 <KANSIO> d-------- C:\Program Files\CCleaner
    2008-09-12 15:22 . 2008-09-12 15:22 98,304 --a------ C:\Windows\System32\dohivqhc.exe
    2008-09-11 22:05 . 2008-09-11 22:05 94,208 --a------ C:\Windows\System32\cvchqvyl.exe
    2008-09-11 22:00 . 2008-09-11 22:00 691 --a------ C:\Users\eDy\AppData\Roaming\GetValue.vbs
    2008-09-11 22:00 . 2008-09-11 22:00 35 --a------ C:\Users\eDy\AppData\Roaming\SetValue.bat
    2008-09-11 17:02 . 2008-09-11 22:00 3,426 --a------ C:\Windows\System32\tmp.reg
    2008-09-11 16:45 . 2008-09-11 16:45 94,208 --a------ C:\Windows\System32\glurahsh.exe
    2008-09-11 15:34 . 2008-09-11 15:34 <KANSIO> d-------- C:\Program Files\Mjcore
    2008-09-11 15:02 . 2008-09-11 15:29 <KANSIO> d-------- C:\Program Files\MicroAV
    2008-09-11 15:01 . 2008-09-11 15:01 86,016 --a------ C:\Windows\System32\qfulihyl.exe
    2008-09-10 21:51 . 2008-09-10 21:51 102,400 --a------ C:\Windows\System32\lidobmnk.exe
    2008-09-10 21:07 . 2008-09-10 21:07 102,400 --a------ C:\Windows\System32\yjqnodoj.exe
    2008-09-10 20:11 . 2008-09-10 20:11 <KANSIO> d-------- C:\ProgramData\nsfubuns
    2008-09-10 20:11 . 2008-09-10 20:11 94,208 --a------ C:\Windows\System32\uhenoxgx.exe
    2008-09-10 20:10 . 2008-09-10 20:10 117,252 --a------ C:\Windows\System32\msxml71.dll
    2008-09-10 15:24 . 2008-08-02 04:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
    2008-09-10 15:24 . 2008-06-26 06:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
    2008-09-10 15:24 . 2008-06-26 06:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
    2008-09-10 15:24 . 2008-05-08 22:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
    2008-09-10 15:24 . 2008-05-20 05:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
    2008-09-10 15:24 . 2008-06-26 06:29 45,056 --a------ C:\Windows\System32\dataclen.dll
    2008-09-10 15:24 . 2008-08-02 06:26 36,864 --a------ C:\Windows\System32\cdd.dll
    2008-09-10 15:23 . 2008-07-31 04:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-09-10 15:23 . 2008-07-31 06:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
    2008-09-10 14:41 . 2008-09-08 16:50 165,888 --a------ C:\Windows\System32\MSa.cpl
    2008-09-10 14:41 . 2008-09-11 13:19 106,496 --a------ C:\x
    2008-09-09 23:04 . 2008-09-09 23:04 <KANSIO> d-------- C:\Program Files\QuickTime
    2008-09-09 23:04 . 2008-09-09 23:04 <KANSIO> d-------- C:\Program Files\Common Files\Apple
    2008-09-09 23:03 . 2008-09-09 23:03 <KANSIO> d-------- C:\ProgramData\Apple Computer
    2008-09-07 16:31 . 2008-09-07 16:31 156 --a------ C:\Windows\Twunk001.MTX
    2008-09-07 16:31 . 2008-09-07 16:31 2 --a------ C:\Windows\Twain001.Mtx
    2008-09-07 16:31 . 2008-09-07 16:31 0 --a------ C:\Windows\Twunk002.MTX
    2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
    2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts
    2008-09-04 00:45 . 2008-09-04 00:47 <KANSIO> d-------- C:\Users\eDy\AppData\Roaming\SPORE
    2008-09-03 14:59 . 2008-09-03 14:59 <KANSIO> d-------- C:\ProgramData\Electronic Arts
    2008-09-03 14:59 . 2008-09-04 15:01 10,940 --a------ C:\Windows\System32\ealregsnapshot1.reg
    2008-08-31 16:08 . 2008-08-31 16:08 <KANSIO> d-------- C:\ProgramData\FLEXnet
    2008-08-31 16:03 . 2008-08-31 16:03 <KANSIO> d-------- C:\ProgramData\ALM
    2008-08-28 00:03 . 2008-08-28 00:03 42,320 --a------ C:\Windows\System32\xfcodec.dll
    2008-08-26 15:18 . 2008-08-26 15:18 <KANSIO> d-------- C:\Program Files\GALA-NET
    2008-08-26 00:05 . 2008-07-19 08:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
    2008-08-26 00:05 . 2008-07-19 06:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
    2008-08-26 00:05 . 2008-07-19 08:09 563,912 --a------ C:\Windows\System32\wuapi.dll
    2008-08-26 00:05 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
    2008-08-26 00:05 . 2008-07-19 06:44 83,456 --a------ C:\Windows\System32\wudriver.dll
    2008-08-26 00:05 . 2008-07-19 08:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
    2008-08-26 00:05 . 2008-07-19 08:10 45,768 --a------ C:\Windows\System32\wups2.dll
    2008-08-26 00:05 . 2008-07-19 08:10 36,552 --a------ C:\Windows\System32\wups.dll
    2008-08-26 00:05 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
    2008-08-23 06:47 . 2008-08-23 06:47 86,523 --a------ C:\Windows\WinVerCheck.exe
    2008-08-14 20:09 . 2008-07-16 04:32 2,048 --a------ C:\Windows\System32\tzres.dll
    2008-08-14 19:26 . 2008-06-27 04:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-08-14 19:26 . 2008-06-27 07:15 827,392 --a------ C:\Windows\System32\wininet.dll
    2008-08-14 19:26 . 2008-04-10 08:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
    2008-08-14 19:26 . 2008-06-19 06:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
    2008-08-14 19:26 . 2008-04-18 08:48 269,312 --a------ C:\Windows\System32\es.dll

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-12 13:35 --------- d-----w C:\Users\eDy\AppData\Roaming\Xfire
    2008-09-12 13:35 --------- d-----w C:\Program Files\Steam
    2008-09-12 13:34 --------- d-----w C:\Users\eDy\AppData\Roaming\uTorrent
    2008-09-12 11:57 --------- d-----w C:\ProgramData\Xfire
    2008-09-11 19:43 --------- d-----w C:\ProgramData\Microsoft Help
    2008-09-10 15:10 --------- d-----w C:\Program Files\Common Files\Steam
    2008-09-08 00:15 --------- d-----w C:\Users\eDy\AppData\Roaming\mIRC
    2008-09-07 20:58 --------- d-----w C:\Users\eDy\AppData\Roaming\LimeWire
    2008-09-07 20:35 --------- d-----w C:\Program Files\mIRC
    2008-09-07 13:31 --------- d---a-w C:\ProgramData\TEMP
    2008-09-07 13:30 --------- d-----w C:\Program Files\Fraps
    2008-09-04 16:10 --------- d-----w C:\Program Files\Xfire
    2008-09-04 11:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-03 21:34 --------- d-----w C:\Program Files\Electronic Arts
    2008-09-03 12:08 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
    2008-08-30 21:51 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-08-30 21:07 --------- d-----w C:\Program Files\Winamp
    2008-08-18 17:26 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-08-14 17:49 --------- d-----w C:\Program Files\Windows Mail
    2008-08-13 11:51 --------- d-----w C:\Program Files\ATI
    2008-08-10 12:05 --------- d-----w C:\ProgramData\Codemasters
    2008-08-10 12:01 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
    2008-08-10 12:01 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
    2008-08-10 12:01 --------- d-----w C:\Program Files\OpenAL
    2008-08-09 18:45 --------- d-----w C:\ProgramData\Apple
    2008-08-09 18:45 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-04 22:50 --------- d-----w C:\ProgramData\Symantec
    2008-08-02 13:58 --------- d-----w C:\Program Files\Boris FX, Inc
    2008-07-31 17:17 --------- d-----w C:\Program Files\VASST
    2008-07-31 17:15 --------- d-----w C:\Program Files\Sonic Foundry
    2008-07-31 17:15 --------- d-----w C:\Program Files\DebugMode
    2008-07-31 07:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll
    2008-07-31 07:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll
    2008-07-31 07:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll
    2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-07-30 14:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
    2008-07-30 14:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
    2008-07-30 14:28 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
    2008-07-27 23:45 --------- d-----w C:\Users\eDy\AppData\Roaming\Hamachi
    2008-07-27 10:27 --------- d-----w C:\Program Files\LimeWire
    2008-07-26 11:52 --------- d-----w C:\Program Files\DC++
    2008-07-26 10:04 --------- d-----w C:\Program Files\uTorrent Acceleration Tool
    2008-07-26 10:03 --------- d-----w C:\Program Files\LimeWire(2)
    2008-07-24 09:40 --------- d-----w C:\Program Files\AGEIA Technologies
    2008-07-24 09:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-07-23 10:50 --------- d-----w C:\Program Files\Teamspeak2_RC2
    2008-07-23 10:44 --------- d-----w C:\Users\eDy\AppData\Roaming\teamspeak2
    2008-07-23 00:38 --------- d-----w C:\Program Files\Bonjour
    2008-07-23 00:25 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
    2008-07-21 23:50 --------- d-----w C:\Users\eDy\AppData\Roaming\Winamp
    2008-07-21 21:38 --------- d-----w C:\Program Files\Audacity
    2008-07-21 17:00 --------- d-----w C:\ProgramData\TrackMania United
    2008-07-21 11:35 --------- d-----w C:\Program Files\TrackMania United
    2008-07-20 20:31 --------- d-----w C:\Program Files\IDoser v4
    2008-07-18 03:33 --------- d-----w C:\ProgramData\TrackMania
    2008-07-16 12:48 --------- d-----w C:\ProgramData\WindowsSearch
    2008-07-16 10:36 --------- d-----w C:\ProgramData\River Past G5
    2008-07-12 05:18 467,984 ----a-w C:\Windows\System32\d3dx10_39.dll
    2008-07-12 05:18 3,851,784 ----a-w C:\Windows\System32\D3DX9_39.dll
    2008-07-12 05:18 1,493,528 ----a-w C:\Windows\System32\D3DCompiler_39.dll
    2008-07-09 18:30 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe
    2008-07-09 18:27 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
    2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
    2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
    2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
    2008-06-19 20:43 319,456 ----a-w C:\Windows\DIFxAPI.dll
    2008-06-19 20:31 315,392 ----a-w C:\Windows\HideWin.exe
    2008-06-19 18:43 174 --sha-w C:\Program Files\desktop.ini
    2008-06-19 15:06 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-06-19 15:06 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-06-13 10:52 6,183,456 ----a-w C:\Windows\RtHDVCpl.exe
    2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-05-12 12:40 22,328 ----a-w C:\Users\eDy\AppData\Roaming\PnkBstrK.sys
    2008-01-29 18:10 47,360 ----a-w C:\Users\eDy\AppData\Roaming\pcouffin.sys
    2008-01-26 12:05 81,920 ----a-w C:\Users\eDy\AppData\Roaming\ezpinst.exe
    2007-12-23 22:35 808,448 --sh--r C:\Windows\odbconf.exe
    2008-03-13 12:35 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-13 12:35 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-13 12:37 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    2008-03-13 12:37 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    2008-03-13 12:37 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    2008-03-13 12:35 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2008-05-20 10:24 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051220080519\index.dat
    2008-05-26 10:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051920080526\index.dat
    2008-05-26 10:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052620080527\index.dat
    2008-05-27 10:15 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052720080528\index.dat
    2008-05-28 10:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052820080529\index.dat
    2008-05-30 08:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008053020080531\index.dat
    2008-06-01 10:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008060120080602\index.dat
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "appdsc"="C:\Windows\system32\glurahsh.exe" [2008-09-11 94208]
    "SrvChk"="C:\Windows\system32\cvchqvyl.exe" [2008-09-11 94208]
    "HlpChk"="C:\Windows\system32\dohivqhc.exe" [2008-09-12 98304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 228088]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 107112]
    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 22696]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 C:\Windows\RtHDVCpl.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "U0qJbeHJMj"="C:\ProgramData\nsfubuns\zwbolubu.exe" [2008-09-10 65536]

    C:\Users\eDy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-12-13 557568]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "LogonHoursAction"= 2 (0x2)
    "DontDisplayLogonHoursWarnings"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL ktfacl.dll dzvyyh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.XFR1"= xfcodec.dll
    "msacm.ac3filter"= ac3filter.acm
    "msacm.avis"= ff_acm.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001
    "UpdatesDisableNotify"="0x00000000"
    "AntiVirusDisableNotify"="0x00000000"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{6DE4EF4D-504D-414B-B1BD-EA857B9B8EA1}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{D26A1AB5-3DC8-41EC-BE73-E60A14C89BE6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{0F14D24A-D0E7-43D8-9718-D0DFA8336490}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
    "{AEAA3492-DAF6-429D-966D-3C14705A9575}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
    "{9F75219E-E733-4560-9EEB-AF6F3B8045D1}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "{9F5140EC-EA46-4050-A949-77C6675A0AAA}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "{798DB3DE-D704-42B5-82D5-AABD5BC5806E}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{80DAF794-CF15-4783-B4B7-7BDB0A3D96A4}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{3AD1C762-6D2F-4F9E-AC3F-64D794BDB041}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{12F5DA58-918C-4739-99EE-39E5ABD9604C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{5FF56F9D-7148-4B88-8E55-881FD36E119D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{41D88386-1868-4B7B-AE1B-6224121BB070}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{AAA1AC87-95D1-4A5E-9E84-B89E03817C0C}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{3E6B9D4F-CBFB-41A0-97A9-08E2B7519B7F}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
    "UDP Query User{5B95B573-C6C8-4FB8-B4CE-181F77E62F22}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
    "TCP Query User{E62A8DF0-5B32-4F7E-8C57-BE0C778D0BB3}C:\\program files\\trackmania sunrise\\tmsunrise.exe"= UDP:C:\program files\trackmania sunrise\tmsunrise.exe:TmSunrise
    "UDP Query User{F33B5F75-0BEB-48D4-AB5B-75960117A640}C:\\program files\\trackmania sunrise\\tmsunrise.exe"= TCP:C:\program files\trackmania sunrise\tmsunrise.exe:TmSunrise
    "TCP Query User{3E11A1C9-94ED-4E30-B37E-F2A4CF4C9AF2}C:\\program files\\[pc] splinter cell pandora tomorrow [rip] [dopeman]\\scpd\\splinter cell pandora tomorrow\\pandora.exe"= UDP:C:\program files\[pc] splinter cell pandora tomorrow [rip] [dopeman]\scpd\splinter cell pandora tomorrow\pandora.exe:pandora
    "UDP Query User{187EAD21-5932-47CE-BB51-4DA8614789B6}C:\\program files\\[pc] splinter cell pandora tomorrow [rip] [dopeman]\\scpd\\splinter cell pandora tomorrow\\pandora.exe"= TCP:C:\program files\[pc] splinter cell pandora tomorrow [rip] [dopeman]\scpd\splinter cell pandora tomorrow\pandora.exe:pandora
    "TCP Query User{CAA333D1-670A-42CA-BAF5-19351043585A}C:\\users\\edy\\appdata\\local\\xenocode\\appliancecaches\\kumaclient.exe_v71b24f3e\\native\\stubexe\\@programfiles@\\kuma games\\kuma.exe"= UDP:C:\users\edy\appdata\local\xenocode\appliancecaches\kumaclient.exe_v71b24f3e\native\stubexe\@programfiles@\kuma games\kuma.exe:kuma.exe
    "UDP Query User{547E73C9-8561-4BC6-AF97-0EAE0A405858}C:\\users\\edy\\appdata\\local\\xenocode\\appliancecaches\\kumaclient.exe_v71b24f3e\\native\\stubexe\\@programfiles@\\kuma games\\kuma.exe"= TCP:C:\users\edy\appdata\local\xenocode\appliancecaches\kumaclient.exe_v71b24f3e\native\stubexe\@programfiles@\kuma games\kuma.exe:kuma.exe
    "TCP Query User{A2BDBE65-7DD8-4F50-BBFA-67BA538B1D50}C:\\program files\\steam\\steamapps\\ts0mpi\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\counter-strike\hl.exe:Half-Life Launcher
    "UDP Query User{46736481-5D1C-46F0-BF0C-1785D9DA44C0}C:\\program files\\steam\\steamapps\\ts0mpi\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\counter-strike\hl.exe:Half-Life Launcher
    "TCP Query User{1724A2D6-38C2-46E6-8A1E-CE9655A9905B}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
    "UDP Query User{9891D4A0-A8C9-4EED-A1E6-CD7A7769E72D}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
    "TCP Query User{9F4BC339-CBD5-406C-8442-D2D91F2126F4}C:\\program files\\steam\\steamapps\\ts0mpi\\day of defeat\\hl.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\day of defeat\hl.exe:Half-Life Launcher
    "UDP Query User{FCA40045-0385-4845-B2C0-DE8EFECE0362}C:\\program files\\steam\\steamapps\\ts0mpi\\day of defeat\\hl.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\day of defeat\hl.exe:Half-Life Launcher
    "TCP Query User{270DEB84-E739-47E0-8BE2-61037403BC36}C:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:C:\program files\wolfenstein - enemy territory\et.exe:ET
    "UDP Query User{BCD5039E-D69D-4E7C-BDB0-FF0CBFA8F70E}C:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:C:\program files\wolfenstein - enemy territory\et.exe:ET
    "{FB4D5CBA-10FC-4F29-9679-2D161465CBD2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{52BBAB77-A961-4605-BF39-308CA8F42726}C:\\program files\\steam\\steamapps\\ts0mpi\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\team fortress 2\hl2.exe:hl2
    "UDP Query User{3D046931-D84E-4957-8E5A-8C613D7A99AB}C:\\program files\\steam\\steamapps\\ts0mpi\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\team fortress 2\hl2.exe:hl2
    "TCP Query User{9F1CFA65-E334-4CB3-8771-D30ED9DEA41E}C:\\program files\\steam\\steamapps\\ts0mpi\\source sdk base\\hl2.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\source sdk base\hl2.exe:hl2
    "UDP Query User{4141FADE-38D6-425B-90CA-D5F51C7414CE}C:\\program files\\steam\\steamapps\\ts0mpi\\source sdk base\\hl2.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\source sdk base\hl2.exe:hl2
    "TCP Query User{FEC3BB70-064E-4818-B824-89B0B9B459A4}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam
    "UDP Query User{75093C78-3FB3-4170-AF31-FB94A800E8A8}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam
    "TCP Query User{FDC87E98-388D-40B3-80D6-26CC29409717}C:\\program files\\steam\\steamapps\\ts0mpi\\half-life 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\half-life 2\hl2.exe:hl2
    "UDP Query User{0F6A8421-C83E-4A62-BB1C-2394577CFB02}C:\\program files\\steam\\steamapps\\ts0mpi\\half-life 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\half-life 2\hl2.exe:hl2
    "TCP Query User{62334EED-A011-4A3C-9852-F403B295891A}C:\\windows\\system32\\rxbot2.exe"= UDP:C:\windows\system32\rxbot2.exe:rxbot2
    "UDP Query User{EC9EF5C7-2A8E-4348-961A-A092886AAD8F}C:\\windows\\system32\\rxbot2.exe"= TCP:C:\windows\system32\rxbot2.exe:rxbot2
    "TCP Query User{957C8E02-2BE8-4A2B-9A1F-810AAEC206E5}C:\\windows\\system32\\wuamgrd.exe"= UDP:C:\windows\system32\wuamgrd.exe:wuamgrd
    "UDP Query User{0DB1F23A-B03B-4943-9A5C-323AC36C109E}C:\\windows\\system32\\wuamgrd.exe"= TCP:C:\windows\system32\wuamgrd.exe:wuamgrd
    "TCP Query User{44C1870D-5475-411A-BFB2-E8646DA5F3CD}C:\\users\\edy\\desktop\\downloads\\cabaltemp\\estsetuploader.exe"= UDP:C:\users\edy\desktop\downloads\cabaltemp\estsetuploader.exe:estsetuploader.exe
    "UDP Query User{FE173293-B7B2-4446-8604-2DCD233B49C4}C:\\users\\edy\\desktop\\downloads\\cabaltemp\\estsetuploader.exe"= TCP:C:\users\edy\desktop\downloads\cabaltemp\estsetuploader.exe:estsetuploader.exe
    "TCP Query User{DA206DEC-5B07-4992-AD1F-120922B7B68F}C:\\windows\\system32\\wuamgrd.exe"= UDP:C:\windows\system32\wuamgrd.exe:wuamgrd
    "UDP Query User{087B9389-EAB2-4C2B-961E-AD3A937BE263}C:\\windows\\system32\\wuamgrd.exe"= TCP:C:\windows\system32\wuamgrd.exe:wuamgrd
    "{B540D59B-B442-47DE-959C-D1D403CFDD71}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
    "{185E76E3-870F-4457-BE2D-6E1A819E1B70}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
    "TCP Query User{598CEE78-B17D-4541-BD4A-5731314BCA0D}C:\\program files\\steam\\steamapps\\ts0mpi\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\counter-strike\hl.exe:Half-Life Launcher
    "UDP Query User{C6BA753F-6DFD-48B0-B223-EC7C144A286C}C:\\program files\\steam\\steamapps\\ts0mpi\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\counter-strike\hl.exe:Half-Life Launcher
    "TCP Query User{63ED93EE-A909-486F-9D90-18D356C4A6B2}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
    "UDP Query User{AC32CB46-527A-49D9-860B-136C61474967}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
    "TCP Query User{EF148274-31E4-4DC6-AB35-50687970A7A4}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
    "UDP Query User{F2D28122-7122-4D37-8C3E-A34AF0A8F105}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
    "TCP Query User{64F11094-F81F-4CBA-B4CC-46FA11BE6DCD}C:\\program files\\rainbow six vegas\\rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:C:\program files\rainbow six vegas\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
    "UDP Query User{5900BE55-CD12-4C79-8892-C39D9EAAF8DD}C:\\program files\\rainbow six vegas\\rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:C:\program files\rainbow six vegas\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
    "TCP Query User{C7AE8A31-3B66-47FF-8D36-C0D6D945AF8C}C:\\program files\\e frontier\\poser 7\\poser.exe"= UDP:C:\program files\e frontier\poser 7\poser.exe:poser executable file
    "UDP Query User{81EDF152-C02D-481D-A374-AD6EC7F06F85}C:\\program files\\e frontier\\poser 7\\poser.exe"= TCP:C:\program files\e frontier\poser 7\poser.exe:poser executable file
    "TCP Query User{B5165048-77AC-4CDD-8F1F-D2184E0B5127}C:\\program files\\walaber's trampoline\\bin\\release\\trampolinegame.exe"= UDP:C:\program files\walaber's trampoline\bin\release\trampolinegame.exe:TrampolineGame
    "UDP Query User{1FF480FE-9D76-41B5-ADA9-D06BBD323C73}C:\\program files\\walaber's trampoline\\bin\\release\\trampolinegame.exe"= TCP:C:\program files\walaber's trampoline\bin\release\trampolinegame.exe:TrampolineGame
    "{6D10385D-F158-429E-869D-CA6DC8A4686B}"= UDP:C:\Windows\System32\PnkBstrA.exe:pnkBstrA
    "{A98DDC02-7B32-4973-B34B-E083BA9AAF15}"= TCP:C:\Windows\System32\PnkBstrA.exe:pnkBstrA
    "{D6D09900-76C4-4C3A-8E39-5D05EBC74E80}"= UDP:C:\Windows\System32\PnkBstrB.exe:pnkBstrB
    "{955F1414-05D1-426A-A663-9F68DD06A8DC}"= TCP:C:\Windows\System32\PnkBstrB.exe:pnkBstrB
    "{E6FC0035-7F98-4C06-9D0E-D95E595B8E6C}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
    "{E5A6D4C8-58DB-4CDD-988F-5DB0DA7CA99F}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
    "{10F1FF13-7399-4362-818F-9B37EA841F90}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
    "{DA3B9536-18ED-4B9C-ABEF-43885DCFE724}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
    "TCP Query User{6E382DEC-44BF-41FA-AA27-332099A38221}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
    "UDP Query User{1FD3E02A-AA52-417B-AF28-3033268A4B75}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
    "TCP Query User{AA0A43B3-F79B-4D73-A6EF-F6E214ED42FA}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{1526C467-66B4-420A-992B-B527E7246308}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{0099635C-4701-4D06-938E-952D22D096FD}C:\\program files\\ut2004\\ut2004\\system\\ut2004.exe"= UDP:C:\program files\ut2004\ut2004\system\ut2004.exe:UT2004
    "UDP Query User{714D4099-F9F3-4EAF-B034-BBA0E91171CE}C:\\program files\\ut2004\\ut2004\\system\\ut2004.exe"= TCP:C:\program files\ut2004\ut2004\system\ut2004.exe:UT2004
    "TCP Query User{CFB10CFF-CBD6-4C5C-9D1D-C51643D8C6D9}C:\\program files\\id software\\quake 4\\quake4ded.exe"= UDP:C:\program files\id software\quake 4\quake4ded.exe:Quake 4
    "UDP Query User{5AFE1615-C6B5-4F30-AF7B-DC0C5BC5BDED}C:\\program files\\id software\\quake 4\\quake4ded.exe"= TCP:C:\program files\id software\quake 4\quake4ded.exe:Quake 4
    "{35CDD6A8-35E4-49A9-8591-B857824DF2A1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{1046B40D-12A5-49C7-8550-C977653B20A8}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{BE9F02C3-9306-46D1-80C0-BF3880E45AF8}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{77628A07-FB76-42BD-811F-85AA6B12F47F}"= UDP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
    "{AB3C9EB8-3396-4A91-B823-C61AAC4932F9}"= TCP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
    "{60F9669C-AE0F-4B71-87C4-D239F8207E7D}"= UDP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
    "{AA89A1F9-6571-4D0F-B289-314351F46CB1}"= TCP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)
    "DoNotAllowExceptions"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071204.001\IDSvix86.sys [2007-11-06 180272]
    R2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-22 554616]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-03 3695104]
    R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-05-13 43520]
    R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 37936]
    R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
    S3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-11-15 816512]
    S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-09-21 43520]
    S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-10 92656]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
    \shell\AutoRun\command - J:\OblivionLauncher.exe

    *Newly Created Service* - COMHOST
    .
    'Ajoitetut tehtävät'-kansion sisältö
    .
    .
    ------- Täydentävä tarkistus -------
    .
    FireFox -: Profile - C:\Users\eDy\AppData\Roaming\Mozilla\Firefox\Profiles\q2prvqpp.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - afterdawn.fi
    FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMFireLauncher.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-12 21:23:40
    Windows 6.0.6001 Service Pack 1 NTFS

    tarkistaa piilotettuja prosesseja ...

    tarkistaa piilotettuja käynnistysarvoja ...

    tarkistaa piilotettuja tiedostoja ...

    tarkistus on valmis
    piilotetut tiedostot: 0

    **************************************************************************
    .
    Valmistumisajankohta: 2008-09-12 21:28:22
    ComboFix-quarantined-files.txt 2008-09-12 18:28:10

    Pre-Run: 224,488,230,912 tavua vapaana
    Post-Run: 224,501,219,328 tavua vapaana

    347 --- E O F --- 2008-09-11 19:46:27
     
  16. Hujo

    Hujo Guest

    päivitä Malwarebytes' Anti-Malware ja aja täysi scannaus

    ==========

    Luo poistolista:
    • Avaa HiJackThis
    • Klikkaa "Configure" valintaa oikealla alhaalla
    • Klikkaa "Misc Tools"
    • Klikkaa boxia joka sanoo "Uninstall Manager"
    • Klikkaa valintaa "Save list"
    • Kopioi ja liitä kyseinen lista muistiosta ketjuusi

    ==========

    laita uusi hjt:n loki viimisenä.
     
    Moderaattorin viimeksi muokkaama: 12.09.2008
  17. EDYSTERi

    EDYSTERi Member

    Liittynyt:
    31.05.2008
    Viestejä:
    0
    Kiitokset:
    0
    Pisteet:
    10
    Malwarebytes löys 20 troijalaist päivityksen jälkee. Täs ois hjt uninstall list:

    µTorrent
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    Absolute Fretboard Trainer PRO
    AC3Filter (remove only)
    Ad-Aware
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe After Effects CS3
    Adobe After Effects CS3
    Adobe After Effects CS3 Presets
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge 1.0
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player ActiveX
    Adobe Flash Player Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe Illustrator CS3
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Photoshop CS3
    Adobe Reader 8
    Adobe Reader 8.1.2
    Adobe Setup
    Adobe Setup
    Adobe Setup
    Adobe Setup
    Adobe Setup
    Adobe Shockwave Player 11
    Adobe Stock Photos 1.0
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Video Profiles
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AGEIA PhysX v7.09.13
    AppCore
    Apple Software Update
    Audacity 1.2.6
    Audiosurf
    AV
    Avanquest update
    Avi2Dvd 0.4.5 beta
    AviSynth 2.5
    Boris FX
    ccCommon
    CCleaner (remove only)
    Combined Community Codec Pack 2007-07-22
    Condition Zero
    ConvertXtoDVD 2.2.3.258h
    Counter-Strike: Source
    Creator 9
    Day of Defeat
    DC++ 0.707
    DebugMode Wax 2.0
    Dev-C++ 5 beta 9 release (4.9.9.2)
    DEVIL MAY CRY 4
    DivX Codec
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    DVDAuthorGUI (remove only)
    EA Download Manager
    ffdshow [rev 1579] [2007-10-26]
    Flash Player plugins 9
    Fraps (remove only)
    Frets On Fire
    Google Earth Pro
    Google Toolbar for Firefox
    GRID
    Guitar Pro 5.2
    Half-Life 2
    Half-Life 2: Deathmatch
    Half-Life 2: Episode One
    Half-Life 2: Episode Two
    Half-Life 2: Lost Coast
    Hamachi 1.0.2.5
    HijackThis 2.0.2
    ImgBurn (Remove Only)
    Infocentre Rev. 2.0
    Install(US)2
    Insurgency ( Remove only)
    Insurgency Mod
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Killing Floor 2.5
    KPT 6
    L&H TTS3000 British English
    Lernout & Hauspie TruVoice American English TTS Engine
    LimeWire PRO 4.18.2
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Magic ISO Maker v5.4 (build 0251)
    MagicDisc 2.5.79
    MainConcept MPEG Encoder
    Malwarebytes' Anti-Malware
    Mass Effect
    MCE Software Encoder 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB929729)
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access MUI (Finnish) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel MUI (Finnish) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove MUI (Finnish) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office InfoPath MUI (Finnish) 2007
    Microsoft Office Language Pack 2007 - Finnish/suomi
    Microsoft Office O MUI (Finnish) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office OneNote MUI (Finnish) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office Outlook MUI (Finnish) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint MUI (Finnish) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (Finnish) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Swedish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (Finnish) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Publisher MUI (Finnish) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (Finnish) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
    Microsoft Office SharePoint Designer MUI (Finnish) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word MUI (Finnish) 2007
    Microsoft Office X MUI (Finnish) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable
    mIRC
    Mozilla Firefox (3.0.1)
    MPlugin
    MSRedist
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    Need for Speed™ ProStreet
    Nero 8
    neroxml
    NIS2007
    Norton AntiVirus
    Norton Confidential Browser Component
    Norton Confidential Web Protection Component
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security (Symantec Corporation)
    Norton Protection Center
    OpenAL
    Packard Bell - Skype 2.5
    Packard Bell Updator
    PDF Settings
    Peggle Extreme
    Portal
    PowerISO
    PunkBuster Services
    Quake 4(TM)
    QuickTime
    Realtek HD Audio V6.0.1.5322
    Realtek High Definition Audio Driver
    Roxio Creator 9 LE
    Security Update for 2007 Microsoft Office System (KB951596)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB951546)
    Security Update for Microsoft Office OneNote 2007 (KB950130)
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)
    Security Update for Microsoft Office Publisher 2007 (KB950114)
    Security Update for Microsoft Office system 2007 (KB951808)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office Word 2007 (KB950113)
    Security Update for Visio 2007 (KB947590)
    SetUp My PC
    Skype 2.5.2.151
    Sony Ericsson PC Suite 3.209.00
    Sony Vegas Pro 8.0
    Source SDK Base
    SPBBC 32bit
    SPORE™
    Srt2Sup a4.03
    Steam
    Steam
    Subtitle Workshop 2.51
    SWF & FLV Toolbox 3.5 (build 3.5.14.202)
    System Requirements Lab
    Team Fortress 2
    TeamSpeak 2 RC2
    TMPGEnc DVD Author 3 with DivX Authoring
    TMPGEnc Plus 2.5
    Tom Clancy's Rainbow Six Vegas 2
    TrackMania Nations Forever
    TrackMania Sunrise Extreme 1.5.0
    TrackMania United 0.2.0.0
    TVTUNER TIGER V1.3.3.4a
    Update for Microsoft Office Outlook 2007 (KB952142)
    Update for Office 2007 (KB946691)
    Update for Outlook 2007 Junk Email Filter (kb956080)
    Walaber's Trampoline
    VASST Ultimate S3 3.0.3
    VCRedistSetup
    Ventrilo Client
    Ventrilo Server
    VIA Rhine Family Fast Ethernet Adapter
    Video ATI v8.31
    Winamp
    WinAVI Video Converter 9.0
    Windows Live installer
    Windows Live Messenger
    Windows Liven kirjautumisavustaja
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Wolfenstein - Enemy Territory
    X10 Hardware(TM)
    Xfire (remove only)

    hjt loki:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:54, on 2008-09-13
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Trend Micro\HijackThis\hijackthis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
    O13 - Gopher Prefix:
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL ktfacl.dll dzvyyh.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 9060 bytes


     
  18. Hujo

    Hujo Guest

    Poista lisää poista sovelutuksesta

    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5




    Poista kansio vikasiedossa

    C:\Program Files\Java

    =================

    laitas se Malwarebytes' Anti-Malware loki

    =================

    tuolla ylhäällä on tämä
    Tarkista Kaspersky Online Skannerilla ajas tuo
     
    Moderaattorin viimeksi muokkaama: 13.09.2008
  19. EDYSTERi

    EDYSTERi Member

    Liittynyt:
    31.05.2008
    Viestejä:
    0
    Kiitokset:
    0
    Pisteet:
    10
    Malwarebytes loki:

    Malwarebytes' Anti-Malware 1.28
    Tietokantaversio: 1134
    Windows 6.0.6001 Service Pack 1

    2008-09-13 00:44:35
    mbam-log-2008-09-13 (00-44-35).txt

    Tarkistustyyppi: Täysi tarkistus (C:\|)
    Tarkistetut kohteet: 265310
    Kulunut aika: 2 hour(s), 46 minute(s), 18 second(s)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 0
    Saastuneita rekisteriavaimia: 5
    Saastuneita rekisteriarvoja: 5
    Saastuneita rekisterikohteita: 0
    Saastuneita hakemistoja: 1
    Saastuneita tiedostoja: 9

    Saastuneita muistiprosesseja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita muistimoduuleja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriavaimia:
    HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

    Saastuneita rekisteriarvoja:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\appdsc (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\srvchk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hlpchk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\srvwebsh (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\u0qjbehjmj (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

    Saastuneita rekisterikohteita:
    (Haitallisia kohteita ei löydetty)

    Saastuneita hakemistoja:
    C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.

    Saastuneita tiedostoja:
    C:\Windows\System32\glurahsh.exe (Trojan.FakeAlert.H) -> Delete on reboot.
    C:\Windows\System32\cvchqvyl.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\Windows\System32\dohivqhc.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\Windows\System32\jifolude.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\ProgramData\nsfubuns\zwbolubu.exe (Trojan.FakeAlert.H) -> Delete on reboot.
    C:\Program Files\Mjcore\Mjcore.dll (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\Windows\System32\MSa.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
    C:\Windows\System32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\x (Trojan.FakeAlert) -> Quarantined and deleted successfully.
     
  20. Hujo

    Hujo Guest

    sitten tämä

    Tarkista Kaspersky Online Skannerilla

    1. Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
    2. Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
    3. Kun lataus on valmis, klikkaa Settings.
    4. Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save:
    Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases

    5. Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
    6. Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
    7. Näet listan saastuneista kohteista. Klikkaa Save Report As....
    8. Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.
    9. Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera
     

Jaa tämä sivu