noita IEXPLORE.EXE ohjelmia avautuu itsestään ties kuinka monta
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:29:28, on 9.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
E:\Valmiit\HiJackThis_v2.0.0.0.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DiagAP8169] C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Security Tool] WinSecure.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Security Service] NTSecurity.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: verkko.bat
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
15 x IEXPLORE.EXE
4
1421
Vastaukset
- -----
• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta postiisi
===========
1.Lataa combofix.exe työpöydällesi yhdestä kolmesta linkistä:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
=========
Lataa SDFix by AndyManchesta
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan:
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä
Jossakin koneissa hakataan F8:sin sijasta F5:tä
• Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
• Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
• Paina Y käynnistääksesi skriptin.
• Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
• Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
• Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
• Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
• Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
• Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.- vikavikavika
Tässä pyydettyjä tietoja. Meni koko ilta/yö näiden vääntämiseen, toivottavasti asiat saadaan korjattua.
Uninstall list
Ad-Aware 2007
Adobe Flash Player Plugin
Adobe Reader 8.1.2 - Suomi
AMIP (remove only)
AnyDVD
a-squared Anti-Malware 3.1
a-squared HiJackFree 3.0
Auto Gordian Knot 1.95
avast! Antivirus
AVG Anti-Spyware 7.5
AviSynth 2.5
CCE SP Trial Version
CCleaner (remove only)
CDDRV_Installer
Chessmaster 10th Edition
CutePDF Printer Setup
dBpoweramp Music Converter
DC 0.699
DU Meter
DVD Decoder Pak for Windows XP
DVD Decrypter (Remove Only)
DVD Rebuilder
DVD Shrink 3.2
DVDAuthorGUI (remove only)
EasyCleaner
eMule
Euroword 2004 Pro
EVEREST Ultimate Edition v4.00
ffdshow [rev 1642] [2007-11-26]
FM Modifier 2.22
Football Manager 2008
Foxit Reader
FrameShots Video Screen Capture
GoldWave v5.22
High Definition Audio Driver Package - KB888111
HijackThis 2.0.0
Hotfix-päivitys Windows XP:lle (KB935448)
Java(TM) 6 Update 3
KhalInstallWrapper
LAN Utility
Logitech Audio Echo Cancellation Component
Logitech SetPoint
Logitech Z-series Software 1.04
Logitech® Camera -ohjain
Messenger Plus! Live
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - FIN
Microsoft .NET Framework 2.0 -tuotteen Security Update (KB928365)
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 Finnish Language Pack
Microsoft .NET Framework 3.0:n suomen kielipaketti
Microsoft Office Professional Edition 2003
Microsoft Visual C 2005 Redistributable
mIRC
Mozilla Firefox (2.0.0.12)
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MVision
Nero 7 Premium
Nokia Connectivity Cable Driver
Nokia Multimedia Factory
Nokia Multimedia Factory
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
Nokia Video Manager
Nokia Video Manager
NVIDIA Drivers
PC Connectivity Solution
PerfectDisk
Päivitys Windows XP:lle (KB894391)
Päivitys Windows XP:lle (KB898461)
Päivitys Windows XP:lle (KB900485)
Päivitys Windows XP:lle (KB908531)
Päivitys Windows XP:lle (KB910437)
Päivitys Windows XP:lle (KB911280)
Päivitys Windows XP:lle (KB916595)
Päivitys Windows XP:lle (KB920872)
Päivitys Windows XP:lle (KB922582)
Päivitys Windows XP:lle (KB925720)
Päivitys Windows XP:lle (KB927891)
Päivitys Windows XP:lle (KB930916)
Päivitys Windows XP:lle (KB933360)
Päivitys Windows XP:lle (KB936357)
Päivitys Windows XP:lle (KB938828)
Päivitys Windows XP:lle (KB942763)
Päivitys Windows XP:lle (KB942840)
Päivitys Windows XP:lle (KB946627)
Railroad Tycoon 3
Real Alternative 1.46
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
SopCast 2.0.4
Spelling Dictionaries Support For Adobe Reader 8
Subtitle Workshop 2.51
Sunbelt Personal Firewall
Suojauspäivitys ohjelmistolle Windows XP (KB923689)
Suojauspäivitys ohjelmistolle Windows XP (KB941569)
Suojauspäivitys Windows Media Player 6.4:lle (KB925398)
Suojauspäivitys Windows Media Player 9:lle (KB936782)
Suojauspäivitys Windows Media Playerille (KB911564)
Suojauspäivitys Windows XP:lle (KB890046)
Suojauspäivitys Windows XP:lle (KB893756)
Suojauspäivitys Windows XP:lle (KB896358)
Suojauspäivitys Windows XP:lle (KB896423)
Suojauspäivitys Windows XP:lle (KB896428)
Suojauspäivitys Windows XP:lle (KB899587)
Suojauspäivitys Windows XP:lle (KB899591)
Suojauspäivitys Windows XP:lle (KB900725)
Suojauspäivitys Windows XP:lle (KB901017)
Suojauspäivitys Windows XP:lle (KB901214)
Suojauspäivitys Windows XP:lle (KB902400)
Suojauspäivitys Windows XP:lle (KB904706)
Suojauspäivitys Windows XP:lle (KB905414)
Suojauspäivitys Windows XP:lle (KB905749)
Suojauspäivitys Windows XP:lle (KB908519)
Suojauspäivitys Windows XP:lle (KB911562)
Suojauspäivitys Windows XP:lle (KB911927)
Suojauspäivitys Windows XP:lle (KB913580)
Suojauspäivitys Windows XP:lle (KB914388)
Suojauspäivitys Windows XP:lle (KB914389)
Suojauspäivitys Windows XP:lle (KB917344)
Suojauspäivitys Windows XP:lle (KB917953)
Suojauspäivitys Windows XP:lle (KB918118)
Suojauspäivitys Windows XP:lle (KB918439)
Suojauspäivitys Windows XP:lle (KB919007)
Suojauspäivitys Windows XP:lle (KB920213)
Suojauspäivitys Windows XP:lle (KB920670)
Suojauspäivitys Windows XP:lle (KB920683)
Suojauspäivitys Windows XP:lle (KB920685)
Suojauspäivitys Windows XP:lle (KB921503)
Suojauspäivitys Windows XP:lle (KB922819)
Suojauspäivitys Windows XP:lle (KB923191)
Suojauspäivitys Windows XP:lle (KB923414)
Suojauspäivitys Windows XP:lle (KB923789)
Suojauspäivitys Windows XP:lle (KB923980)
Suojauspäivitys Windows XP:lle (KB924270)
Suojauspäivitys Windows XP:lle (KB924496)
Suojauspäivitys Windows XP:lle (KB924667)
Suojauspäivitys Windows XP:lle (KB925902)
Suojauspäivitys Windows XP:lle (KB926255)
Suojauspäivitys Windows XP:lle (KB926436)
Suojauspäivitys Windows XP:lle (KB927779)
Suojauspäivitys Windows XP:lle (KB927802)
Suojauspäivitys Windows XP:lle (KB928255)
Suojauspäivitys Windows XP:lle (KB928843)
Suojauspäivitys Windows XP:lle (KB929123)
Suojauspäivitys Windows XP:lle (KB930178)
Suojauspäivitys Windows XP:lle (KB931261)
Suojauspäivitys Windows XP:lle (KB931784)
Suojauspäivitys Windows XP:lle (KB932168)
Suojauspäivitys Windows XP:lle (KB933729)
Suojauspäivitys Windows XP:lle (KB935839)
Suojauspäivitys Windows XP:lle (KB935840)
Suojauspäivitys Windows XP:lle (KB936021)
Suojauspäivitys Windows XP:lle (KB937894)
Suojauspäivitys Windows XP:lle (KB938127)
Suojauspäivitys Windows XP:lle (KB938829)
Suojauspäivitys Windows XP:lle (KB939653)
Suojauspäivitys Windows XP:lle (KB941202)
Suojauspäivitys Windows XP:lle (KB941568)
Suojauspäivitys Windows XP:lle (KB941644)
Suojauspäivitys Windows XP:lle (KB942615)
Suojauspäivitys Windows XP:lle (KB943055)
Suojauspäivitys Windows XP:lle (KB943460)
Suojauspäivitys Windows XP:lle (KB943485)
Suojauspäivitys Windows XP:lle (KB944533)
Suojauspäivitys Windows XP:lle (KB944653)
Suojauspäivitys Windows XP:lle (KB946026)
System Requirements Lab
TMPGEnc DVD Author 1.6
Tweak-XP Pro 4
VideoLAN VLC media player 0.8.6d
Winamp
Windows Communication Foundation
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Liven kirjautumisavustaja
Windows Media Format Runtime
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (FIN)
Windows Workflow Foundation
Windows Workflow Foundation FI Language Pack
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windowsin ohjainpaketti - Nokia Modem (02/15/2007 3.1)
Windowsin ohjainpaketti - Nokia Modem (02/15/2007 3.1)
Windowsin ohjainpaketti - Nokia Modem (05/24/2007 6.84.0.1)
Windowsin ohjainpaketti - Nokia Modem (08/03/2007 6.84.0.2)
Windowsin ohjainpaketti - Nokia Modem (10/12/2007 3.6)
WinRAR-pakkausohjelma
VobSub v2.23 (Remove Only)
XML Paper Specification Shared Components Language Pack 1.0
XviD MPEG-4 Video Codec
combofixlog.txt
ComboFix 08-03-09.1 - Marko 2008-03-10 3:43:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.801 [GMT 2:00]
Running from: C:\Documents and Settings\Marko\Työpöytä\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-10 to 2008-03-10 )))))))))))))))))
.
2008-03-09 18:14 . 2008-03-10 03:30 d-------- C:\Program Files\a-squared Anti-Malware
2008-03-09 11:42 . 2008-03-09 11:44 104 --a------ C:\index.ini
2008-03-09 11:23 . 2008-03-09 11:23 d-------- C:\Program Files\Windows Defender
2008-03-09 05:10 . 2008-03-09 05:10 0 --a------ C:\23990098.$$$
2008-03-09 03:04 . 2008-03-09 03:12 d-------- C:\Downloads
2008-03-09 03:02 . 2008-03-09 03:12 d-------- C:\Kaspersky
2008-03-09 02:47 . 2008-03-09 11:39 d-------- C:\Program Files\a-squared HiJackFree
2008-03-09 02:37 . 2008-03-09 02:37 d-------- C:\Documents and Settings\Marko\Application Data\Grisoft
2008-03-09 02:37 . 2008-03-09 02:37 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-09 02:37 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-09 02:33 . 2008-03-09 02:33 106 --a------ C:\delete.bat
2008-03-08 01:15 . 2008-03-08 01:19 d-------- C:\Program Files\Railroad Tycoon 3
2008-03-08 01:10 . 2008-03-08 01:10 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-07 23:38 . 2008-03-07 23:38 32,256 --a------ C:\WINDOWS\system32\NTSecurity.exe
2008-03-07 16:39 . 2008-03-07 16:39 d-------- C:\Program Files\Common Files\Adobe
2008-03-05 13:25 . 2008-03-09 02:56 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-05 13:25 . 2008-03-05 13:25 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-03-05 13:23 . 2008-03-05 13:23 d-------- C:\Program Files\Lavasoft
2008-03-05 13:20 . 2008-03-05 13:20 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-05 13:13 . 2008-03-05 13:13 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-02 22:45 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-02 22:45 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-02 22:45 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-02 20:27 . 2008-03-02 20:27 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-02 20:27 . 2008-03-02 20:27 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-14 22:15 . 2008-02-14 22:16 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-14 06:18 . 2008-02-14 06:18 d-------- C:\Program Files\FM Modifier 2.2
2008-02-11 08:36 . 2008-02-11 08:36 8 --a------ C:\WINDOWS\NUMCD.GFN
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 16:11 291,884 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-09 00:53 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-03-08 18:26 --------- d-----w C:\Documents and Settings\Marko\Application Data\mIRC
2008-03-08 13:32 --------- d-----w C:\Program Files\Euroword2004
2008-03-08 06:58 --------- d-----w C:\Program Files\DVDAuthorGUI
2008-03-08 06:31 --------- d-----w C:\Documents and Settings\Marko\Application Data\dvdcss
2008-03-08 06:15 --------- d-----w C:\Program Files\mIRC
2008-03-07 23:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-06 15:32 --------- d-----w C:\Program Files\eMule
2008-03-05 11:16 --------- d-----w C:\Documents and Settings\Marko\Application Data\uTorrent
2008-03-02 18:28 --------- d-----w C:\Program Files\MSN Messenger
2008-03-02 18:27 --------- d-----w C:\Program Files\Windows Live
2008-03-02 16:39 --------- d-----w C:\Program Files\DC
2008-02-18 07:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-11 02:51 --------- d-----w C:\Program Files\Winamp
2008-02-11 02:30 --------- d-----w C:\Program Files\Screamer Radio
2008-02-04 12:58 --------- d-----w C:\Program Files\Foxit Software
2008-01-26 07:24 --------- d-----w C:\Program Files\Pegasys Inc
2008-01-26 07:20 86,016 ------w C:\WINDOWS\system32\pxwma.dll
2008-01-26 07:20 105,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-26 07:20 103,936 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-01-26 07:16 --------- d-----w C:\Documents and Settings\Marko\Application Data\Pegasys Inc
2008-01-26 06:53 53,248 ----a-w C:\WINDOWS\system32\GenSvcInst.exe
2008-01-26 06:53 33,408 ----a-w C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2008-01-26 06:53 118,784 ----a-w C:\WINDOWS\system32\bgsvcgen.exe
2008-01-23 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-01-10 18:23 --------- d-----w C:\Program Files\Bridge Construction Set
2008-01-06 02:09 720,896 ----a-w C:\WINDOWS\iun6002.exe
2007-12-18 13:34 9,684 ----a-w C:\WINDOWS\system32\Pvt.tmp
2007-12-18 13:34 34,308 ----a-w C:\WINDOWS\system32\Chip.dll
2007-12-15 22:30 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-12-14 09:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-11 21:38 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-12-11 21:38 389,120 ------w C:\WINDOWS\Setup1.exe
2004-09-28 03:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
2004-03-28 16:46 1,340,416 ----a-w C:\Program Files\mplayerc.exe
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 15:12 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 13:53 171464]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-18 15:12 1637312]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"DiagAP8169"="C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2004-08-25 10:26 1465856]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 16:54 774168]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 14:20 16844800 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 15:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
C:\Documents and Settings\Marko\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
verkko.bat [2006-12-30 16:59:26 134]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-25 12:53:32 692224]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"NTSpool"= NTSpool.exe
"Windows Security Tool"= WinSecure.exe
"NT Security Service"= NTSecurity.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S2 LANPkt;Realtek LANPkt Protocol;C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2003-09-17 15:57]
*Newly Created Service* - A2ANTIMALWARE
*Newly Created Service* - MCHINJDRV
*Newly Created Service* - WINDEFEND
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E555}]
E:\Valmiit\SlySoft\AnyDVD 6.3.0.0\AnyDVD leftover killer 1.3.exe -M
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-09 10:45:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 03:47:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-10 3:49:28
.
2008-03-05 11:20:18 --- E O F ---
sdfixreport
[b]SDFix: Version 1.154 [/b]
Run by J„rjestelm„nvalvoja on ma 10.03.2008 at 04:12
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\JRJEST~1\TYPYT~1\SDFix\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 07:47:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
IPC error: 2 Määritettyä tiedostoa ei löydy.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b6,17,3a,8a,af,9b,b1,74,76,6c,74,2a,5e,2a,28,b9,6c,68,ce,5b,10,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b9,a7,64,fa,16,1f,33,86,d9,cf,01,fb,47,05,14,25,8f,..
"khjeh"=hex:66,c4,e7,56,d6,d8,4e,ad,de,7c,b5,2f,be,e2,f2,8e,86,6a,8f,b4,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:65,ff,e0,20,22,33,c8,61,03,10,a4,56,61,39,32,05,f9,a0,f1,28,74,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:c4,c9,40,41,74,8e,81,fb,25,62,8b,9b,59,7b,65,54,1f,7a,80,cd,07,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:6b,62,a2,db,aa,a4,12,f7,9b,55,e0,ca,31,9b,6b,a2,ca,87,60,79,86,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b6,17,3a,8a,af,9b,b1,74,76,6c,74,2a,5e,2a,28,b9,6c,68,ce,5b,10,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b9,a7,64,fa,16,1f,33,86,d9,cf,01,fb,47,05,14,25,8f,..
"khjeh"=hex:66,c4,e7,56,d6,d8,4e,ad,de,7c,b5,2f,be,e2,f2,8e,86,6a,8f,b4,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:65,ff,e0,20,22,33,c8,61,03,10,a4,56,61,39,32,05,f9,a0,f1,28,74,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:c4,c9,40,41,74,8e,81,fb,25,62,8b,9b,59,7b,65,54,1f,7a,80,cd,07,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:6b,62,a2,db,aa,a4,12,f7,9b,55,e0,ca,31,9b,6b,a2,ca,87,60,79,86,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\JRJEST~1\TYPYT~1\SDFix\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Tue 18 Dec 2007 24 ..SH. --- "C:\WINDOWS\S16FF7C01.tmp"
Sat 22 Dec 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 5 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0fd78ad219f7a5373cb35ffe8ba1b5b1\BIT22.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT2.tmp"
Wed 5 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT20.tmp"
Wed 5 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT21.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT1.tmp"
[b]Finished![/b]
hijackthis.log
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:56:35, on 10.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSI\LAN Utility\DiagAP8169.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Valmiit\HiJackThis_v2.0.0.0.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DiagAP8169] C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Policies\Explorer\Run: [Windows Security Tool] WinSecure.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: verkko.bat
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
--
End of file - 9935 bytes - -----
vikavikavika kirjoitti:
Tässä pyydettyjä tietoja. Meni koko ilta/yö näiden vääntämiseen, toivottavasti asiat saadaan korjattua.
Uninstall list
Ad-Aware 2007
Adobe Flash Player Plugin
Adobe Reader 8.1.2 - Suomi
AMIP (remove only)
AnyDVD
a-squared Anti-Malware 3.1
a-squared HiJackFree 3.0
Auto Gordian Knot 1.95
avast! Antivirus
AVG Anti-Spyware 7.5
AviSynth 2.5
CCE SP Trial Version
CCleaner (remove only)
CDDRV_Installer
Chessmaster 10th Edition
CutePDF Printer Setup
dBpoweramp Music Converter
DC 0.699
DU Meter
DVD Decoder Pak for Windows XP
DVD Decrypter (Remove Only)
DVD Rebuilder
DVD Shrink 3.2
DVDAuthorGUI (remove only)
EasyCleaner
eMule
Euroword 2004 Pro
EVEREST Ultimate Edition v4.00
ffdshow [rev 1642] [2007-11-26]
FM Modifier 2.22
Football Manager 2008
Foxit Reader
FrameShots Video Screen Capture
GoldWave v5.22
High Definition Audio Driver Package - KB888111
HijackThis 2.0.0
Hotfix-päivitys Windows XP:lle (KB935448)
Java(TM) 6 Update 3
KhalInstallWrapper
LAN Utility
Logitech Audio Echo Cancellation Component
Logitech SetPoint
Logitech Z-series Software 1.04
Logitech® Camera -ohjain
Messenger Plus! Live
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - FIN
Microsoft .NET Framework 2.0 -tuotteen Security Update (KB928365)
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 Finnish Language Pack
Microsoft .NET Framework 3.0:n suomen kielipaketti
Microsoft Office Professional Edition 2003
Microsoft Visual C 2005 Redistributable
mIRC
Mozilla Firefox (2.0.0.12)
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MVision
Nero 7 Premium
Nokia Connectivity Cable Driver
Nokia Multimedia Factory
Nokia Multimedia Factory
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
Nokia Video Manager
Nokia Video Manager
NVIDIA Drivers
PC Connectivity Solution
PerfectDisk
Päivitys Windows XP:lle (KB894391)
Päivitys Windows XP:lle (KB898461)
Päivitys Windows XP:lle (KB900485)
Päivitys Windows XP:lle (KB908531)
Päivitys Windows XP:lle (KB910437)
Päivitys Windows XP:lle (KB911280)
Päivitys Windows XP:lle (KB916595)
Päivitys Windows XP:lle (KB920872)
Päivitys Windows XP:lle (KB922582)
Päivitys Windows XP:lle (KB925720)
Päivitys Windows XP:lle (KB927891)
Päivitys Windows XP:lle (KB930916)
Päivitys Windows XP:lle (KB933360)
Päivitys Windows XP:lle (KB936357)
Päivitys Windows XP:lle (KB938828)
Päivitys Windows XP:lle (KB942763)
Päivitys Windows XP:lle (KB942840)
Päivitys Windows XP:lle (KB946627)
Railroad Tycoon 3
Real Alternative 1.46
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
SopCast 2.0.4
Spelling Dictionaries Support For Adobe Reader 8
Subtitle Workshop 2.51
Sunbelt Personal Firewall
Suojauspäivitys ohjelmistolle Windows XP (KB923689)
Suojauspäivitys ohjelmistolle Windows XP (KB941569)
Suojauspäivitys Windows Media Player 6.4:lle (KB925398)
Suojauspäivitys Windows Media Player 9:lle (KB936782)
Suojauspäivitys Windows Media Playerille (KB911564)
Suojauspäivitys Windows XP:lle (KB890046)
Suojauspäivitys Windows XP:lle (KB893756)
Suojauspäivitys Windows XP:lle (KB896358)
Suojauspäivitys Windows XP:lle (KB896423)
Suojauspäivitys Windows XP:lle (KB896428)
Suojauspäivitys Windows XP:lle (KB899587)
Suojauspäivitys Windows XP:lle (KB899591)
Suojauspäivitys Windows XP:lle (KB900725)
Suojauspäivitys Windows XP:lle (KB901017)
Suojauspäivitys Windows XP:lle (KB901214)
Suojauspäivitys Windows XP:lle (KB902400)
Suojauspäivitys Windows XP:lle (KB904706)
Suojauspäivitys Windows XP:lle (KB905414)
Suojauspäivitys Windows XP:lle (KB905749)
Suojauspäivitys Windows XP:lle (KB908519)
Suojauspäivitys Windows XP:lle (KB911562)
Suojauspäivitys Windows XP:lle (KB911927)
Suojauspäivitys Windows XP:lle (KB913580)
Suojauspäivitys Windows XP:lle (KB914388)
Suojauspäivitys Windows XP:lle (KB914389)
Suojauspäivitys Windows XP:lle (KB917344)
Suojauspäivitys Windows XP:lle (KB917953)
Suojauspäivitys Windows XP:lle (KB918118)
Suojauspäivitys Windows XP:lle (KB918439)
Suojauspäivitys Windows XP:lle (KB919007)
Suojauspäivitys Windows XP:lle (KB920213)
Suojauspäivitys Windows XP:lle (KB920670)
Suojauspäivitys Windows XP:lle (KB920683)
Suojauspäivitys Windows XP:lle (KB920685)
Suojauspäivitys Windows XP:lle (KB921503)
Suojauspäivitys Windows XP:lle (KB922819)
Suojauspäivitys Windows XP:lle (KB923191)
Suojauspäivitys Windows XP:lle (KB923414)
Suojauspäivitys Windows XP:lle (KB923789)
Suojauspäivitys Windows XP:lle (KB923980)
Suojauspäivitys Windows XP:lle (KB924270)
Suojauspäivitys Windows XP:lle (KB924496)
Suojauspäivitys Windows XP:lle (KB924667)
Suojauspäivitys Windows XP:lle (KB925902)
Suojauspäivitys Windows XP:lle (KB926255)
Suojauspäivitys Windows XP:lle (KB926436)
Suojauspäivitys Windows XP:lle (KB927779)
Suojauspäivitys Windows XP:lle (KB927802)
Suojauspäivitys Windows XP:lle (KB928255)
Suojauspäivitys Windows XP:lle (KB928843)
Suojauspäivitys Windows XP:lle (KB929123)
Suojauspäivitys Windows XP:lle (KB930178)
Suojauspäivitys Windows XP:lle (KB931261)
Suojauspäivitys Windows XP:lle (KB931784)
Suojauspäivitys Windows XP:lle (KB932168)
Suojauspäivitys Windows XP:lle (KB933729)
Suojauspäivitys Windows XP:lle (KB935839)
Suojauspäivitys Windows XP:lle (KB935840)
Suojauspäivitys Windows XP:lle (KB936021)
Suojauspäivitys Windows XP:lle (KB937894)
Suojauspäivitys Windows XP:lle (KB938127)
Suojauspäivitys Windows XP:lle (KB938829)
Suojauspäivitys Windows XP:lle (KB939653)
Suojauspäivitys Windows XP:lle (KB941202)
Suojauspäivitys Windows XP:lle (KB941568)
Suojauspäivitys Windows XP:lle (KB941644)
Suojauspäivitys Windows XP:lle (KB942615)
Suojauspäivitys Windows XP:lle (KB943055)
Suojauspäivitys Windows XP:lle (KB943460)
Suojauspäivitys Windows XP:lle (KB943485)
Suojauspäivitys Windows XP:lle (KB944533)
Suojauspäivitys Windows XP:lle (KB944653)
Suojauspäivitys Windows XP:lle (KB946026)
System Requirements Lab
TMPGEnc DVD Author 1.6
Tweak-XP Pro 4
VideoLAN VLC media player 0.8.6d
Winamp
Windows Communication Foundation
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Liven kirjautumisavustaja
Windows Media Format Runtime
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (FIN)
Windows Workflow Foundation
Windows Workflow Foundation FI Language Pack
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windowsin ohjainpaketti - Nokia Modem (02/15/2007 3.1)
Windowsin ohjainpaketti - Nokia Modem (02/15/2007 3.1)
Windowsin ohjainpaketti - Nokia Modem (05/24/2007 6.84.0.1)
Windowsin ohjainpaketti - Nokia Modem (08/03/2007 6.84.0.2)
Windowsin ohjainpaketti - Nokia Modem (10/12/2007 3.6)
WinRAR-pakkausohjelma
VobSub v2.23 (Remove Only)
XML Paper Specification Shared Components Language Pack 1.0
XviD MPEG-4 Video Codec
combofixlog.txt
ComboFix 08-03-09.1 - Marko 2008-03-10 3:43:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.801 [GMT 2:00]
Running from: C:\Documents and Settings\Marko\Työpöytä\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-10 to 2008-03-10 )))))))))))))))))
.
2008-03-09 18:14 . 2008-03-10 03:30 d-------- C:\Program Files\a-squared Anti-Malware
2008-03-09 11:42 . 2008-03-09 11:44 104 --a------ C:\index.ini
2008-03-09 11:23 . 2008-03-09 11:23 d-------- C:\Program Files\Windows Defender
2008-03-09 05:10 . 2008-03-09 05:10 0 --a------ C:\23990098.$$$
2008-03-09 03:04 . 2008-03-09 03:12 d-------- C:\Downloads
2008-03-09 03:02 . 2008-03-09 03:12 d-------- C:\Kaspersky
2008-03-09 02:47 . 2008-03-09 11:39 d-------- C:\Program Files\a-squared HiJackFree
2008-03-09 02:37 . 2008-03-09 02:37 d-------- C:\Documents and Settings\Marko\Application Data\Grisoft
2008-03-09 02:37 . 2008-03-09 02:37 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-09 02:37 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-09 02:33 . 2008-03-09 02:33 106 --a------ C:\delete.bat
2008-03-08 01:15 . 2008-03-08 01:19 d-------- C:\Program Files\Railroad Tycoon 3
2008-03-08 01:10 . 2008-03-08 01:10 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-07 23:38 . 2008-03-07 23:38 32,256 --a------ C:\WINDOWS\system32\NTSecurity.exe
2008-03-07 16:39 . 2008-03-07 16:39 d-------- C:\Program Files\Common Files\Adobe
2008-03-05 13:25 . 2008-03-09 02:56 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-05 13:25 . 2008-03-05 13:25 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-03-05 13:23 . 2008-03-05 13:23 d-------- C:\Program Files\Lavasoft
2008-03-05 13:20 . 2008-03-05 13:20 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-05 13:13 . 2008-03-05 13:13 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-02 22:45 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-02 22:45 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-02 22:45 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-02 20:27 . 2008-03-02 20:27 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-02 20:27 . 2008-03-02 20:27 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-14 22:15 . 2008-02-14 22:16 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-14 06:18 . 2008-02-14 06:18 d-------- C:\Program Files\FM Modifier 2.2
2008-02-11 08:36 . 2008-02-11 08:36 8 --a------ C:\WINDOWS\NUMCD.GFN
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 16:11 291,884 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-09 00:53 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-03-08 18:26 --------- d-----w C:\Documents and Settings\Marko\Application Data\mIRC
2008-03-08 13:32 --------- d-----w C:\Program Files\Euroword2004
2008-03-08 06:58 --------- d-----w C:\Program Files\DVDAuthorGUI
2008-03-08 06:31 --------- d-----w C:\Documents and Settings\Marko\Application Data\dvdcss
2008-03-08 06:15 --------- d-----w C:\Program Files\mIRC
2008-03-07 23:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-06 15:32 --------- d-----w C:\Program Files\eMule
2008-03-05 11:16 --------- d-----w C:\Documents and Settings\Marko\Application Data\uTorrent
2008-03-02 18:28 --------- d-----w C:\Program Files\MSN Messenger
2008-03-02 18:27 --------- d-----w C:\Program Files\Windows Live
2008-03-02 16:39 --------- d-----w C:\Program Files\DC
2008-02-18 07:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-11 02:51 --------- d-----w C:\Program Files\Winamp
2008-02-11 02:30 --------- d-----w C:\Program Files\Screamer Radio
2008-02-04 12:58 --------- d-----w C:\Program Files\Foxit Software
2008-01-26 07:24 --------- d-----w C:\Program Files\Pegasys Inc
2008-01-26 07:20 86,016 ------w C:\WINDOWS\system32\pxwma.dll
2008-01-26 07:20 105,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-26 07:20 103,936 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-01-26 07:16 --------- d-----w C:\Documents and Settings\Marko\Application Data\Pegasys Inc
2008-01-26 06:53 53,248 ----a-w C:\WINDOWS\system32\GenSvcInst.exe
2008-01-26 06:53 33,408 ----a-w C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2008-01-26 06:53 118,784 ----a-w C:\WINDOWS\system32\bgsvcgen.exe
2008-01-23 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-01-10 18:23 --------- d-----w C:\Program Files\Bridge Construction Set
2008-01-06 02:09 720,896 ----a-w C:\WINDOWS\iun6002.exe
2007-12-18 13:34 9,684 ----a-w C:\WINDOWS\system32\Pvt.tmp
2007-12-18 13:34 34,308 ----a-w C:\WINDOWS\system32\Chip.dll
2007-12-15 22:30 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-12-14 09:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-11 21:38 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-12-11 21:38 389,120 ------w C:\WINDOWS\Setup1.exe
2004-09-28 03:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
2004-03-28 16:46 1,340,416 ----a-w C:\Program Files\mplayerc.exe
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 15:12 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 13:53 171464]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-18 15:12 1637312]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"DiagAP8169"="C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2004-08-25 10:26 1465856]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 16:54 774168]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 14:20 16844800 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 15:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
C:\Documents and Settings\Marko\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
verkko.bat [2006-12-30 16:59:26 134]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-25 12:53:32 692224]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"NTSpool"= NTSpool.exe
"Windows Security Tool"= WinSecure.exe
"NT Security Service"= NTSecurity.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S2 LANPkt;Realtek LANPkt Protocol;C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2003-09-17 15:57]
*Newly Created Service* - A2ANTIMALWARE
*Newly Created Service* - MCHINJDRV
*Newly Created Service* - WINDEFEND
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E555}]
E:\Valmiit\SlySoft\AnyDVD 6.3.0.0\AnyDVD leftover killer 1.3.exe -M
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-09 10:45:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 03:47:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-10 3:49:28
.
2008-03-05 11:20:18 --- E O F ---
sdfixreport
[b]SDFix: Version 1.154 [/b]
Run by J„rjestelm„nvalvoja on ma 10.03.2008 at 04:12
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\JRJEST~1\TYPYT~1\SDFix\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 07:47:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
IPC error: 2 Määritettyä tiedostoa ei löydy.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b6,17,3a,8a,af,9b,b1,74,76,6c,74,2a,5e,2a,28,b9,6c,68,ce,5b,10,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b9,a7,64,fa,16,1f,33,86,d9,cf,01,fb,47,05,14,25,8f,..
"khjeh"=hex:66,c4,e7,56,d6,d8,4e,ad,de,7c,b5,2f,be,e2,f2,8e,86,6a,8f,b4,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:65,ff,e0,20,22,33,c8,61,03,10,a4,56,61,39,32,05,f9,a0,f1,28,74,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:c4,c9,40,41,74,8e,81,fb,25,62,8b,9b,59,7b,65,54,1f,7a,80,cd,07,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:6b,62,a2,db,aa,a4,12,f7,9b,55,e0,ca,31,9b,6b,a2,ca,87,60,79,86,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b6,17,3a,8a,af,9b,b1,74,76,6c,74,2a,5e,2a,28,b9,6c,68,ce,5b,10,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b9,a7,64,fa,16,1f,33,86,d9,cf,01,fb,47,05,14,25,8f,..
"khjeh"=hex:66,c4,e7,56,d6,d8,4e,ad,de,7c,b5,2f,be,e2,f2,8e,86,6a,8f,b4,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:65,ff,e0,20,22,33,c8,61,03,10,a4,56,61,39,32,05,f9,a0,f1,28,74,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:c4,c9,40,41,74,8e,81,fb,25,62,8b,9b,59,7b,65,54,1f,7a,80,cd,07,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:6b,62,a2,db,aa,a4,12,f7,9b,55,e0,ca,31,9b,6b,a2,ca,87,60,79,86,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\JRJEST~1\TYPYT~1\SDFix\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Tue 18 Dec 2007 24 ..SH. --- "C:\WINDOWS\S16FF7C01.tmp"
Sat 22 Dec 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 5 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0fd78ad219f7a5373cb35ffe8ba1b5b1\BIT22.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT2.tmp"
Wed 5 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT20.tmp"
Wed 5 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT21.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT1.tmp"
[b]Finished![/b]
hijackthis.log
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:56:35, on 10.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSI\LAN Utility\DiagAP8169.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Valmiit\HiJackThis_v2.0.0.0.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DiagAP8169] C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Policies\Explorer\Run: [Windows Security Tool] WinSecure.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: verkko.bat
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
--
End of file - 9935 bytesEscan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg
scannaa
jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl A.
Kopioi rivit komennolla Ctrl C.
Liitä rivit komennolla Ctrl V.
Laita virus log tänne. - ----
vikavikavika kirjoitti:
Tässä pyydettyjä tietoja. Meni koko ilta/yö näiden vääntämiseen, toivottavasti asiat saadaan korjattua.
Uninstall list
Ad-Aware 2007
Adobe Flash Player Plugin
Adobe Reader 8.1.2 - Suomi
AMIP (remove only)
AnyDVD
a-squared Anti-Malware 3.1
a-squared HiJackFree 3.0
Auto Gordian Knot 1.95
avast! Antivirus
AVG Anti-Spyware 7.5
AviSynth 2.5
CCE SP Trial Version
CCleaner (remove only)
CDDRV_Installer
Chessmaster 10th Edition
CutePDF Printer Setup
dBpoweramp Music Converter
DC 0.699
DU Meter
DVD Decoder Pak for Windows XP
DVD Decrypter (Remove Only)
DVD Rebuilder
DVD Shrink 3.2
DVDAuthorGUI (remove only)
EasyCleaner
eMule
Euroword 2004 Pro
EVEREST Ultimate Edition v4.00
ffdshow [rev 1642] [2007-11-26]
FM Modifier 2.22
Football Manager 2008
Foxit Reader
FrameShots Video Screen Capture
GoldWave v5.22
High Definition Audio Driver Package - KB888111
HijackThis 2.0.0
Hotfix-päivitys Windows XP:lle (KB935448)
Java(TM) 6 Update 3
KhalInstallWrapper
LAN Utility
Logitech Audio Echo Cancellation Component
Logitech SetPoint
Logitech Z-series Software 1.04
Logitech® Camera -ohjain
Messenger Plus! Live
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - FIN
Microsoft .NET Framework 2.0 -tuotteen Security Update (KB928365)
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 Finnish Language Pack
Microsoft .NET Framework 3.0:n suomen kielipaketti
Microsoft Office Professional Edition 2003
Microsoft Visual C 2005 Redistributable
mIRC
Mozilla Firefox (2.0.0.12)
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MVision
Nero 7 Premium
Nokia Connectivity Cable Driver
Nokia Multimedia Factory
Nokia Multimedia Factory
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
Nokia Video Manager
Nokia Video Manager
NVIDIA Drivers
PC Connectivity Solution
PerfectDisk
Päivitys Windows XP:lle (KB894391)
Päivitys Windows XP:lle (KB898461)
Päivitys Windows XP:lle (KB900485)
Päivitys Windows XP:lle (KB908531)
Päivitys Windows XP:lle (KB910437)
Päivitys Windows XP:lle (KB911280)
Päivitys Windows XP:lle (KB916595)
Päivitys Windows XP:lle (KB920872)
Päivitys Windows XP:lle (KB922582)
Päivitys Windows XP:lle (KB925720)
Päivitys Windows XP:lle (KB927891)
Päivitys Windows XP:lle (KB930916)
Päivitys Windows XP:lle (KB933360)
Päivitys Windows XP:lle (KB936357)
Päivitys Windows XP:lle (KB938828)
Päivitys Windows XP:lle (KB942763)
Päivitys Windows XP:lle (KB942840)
Päivitys Windows XP:lle (KB946627)
Railroad Tycoon 3
Real Alternative 1.46
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
SopCast 2.0.4
Spelling Dictionaries Support For Adobe Reader 8
Subtitle Workshop 2.51
Sunbelt Personal Firewall
Suojauspäivitys ohjelmistolle Windows XP (KB923689)
Suojauspäivitys ohjelmistolle Windows XP (KB941569)
Suojauspäivitys Windows Media Player 6.4:lle (KB925398)
Suojauspäivitys Windows Media Player 9:lle (KB936782)
Suojauspäivitys Windows Media Playerille (KB911564)
Suojauspäivitys Windows XP:lle (KB890046)
Suojauspäivitys Windows XP:lle (KB893756)
Suojauspäivitys Windows XP:lle (KB896358)
Suojauspäivitys Windows XP:lle (KB896423)
Suojauspäivitys Windows XP:lle (KB896428)
Suojauspäivitys Windows XP:lle (KB899587)
Suojauspäivitys Windows XP:lle (KB899591)
Suojauspäivitys Windows XP:lle (KB900725)
Suojauspäivitys Windows XP:lle (KB901017)
Suojauspäivitys Windows XP:lle (KB901214)
Suojauspäivitys Windows XP:lle (KB902400)
Suojauspäivitys Windows XP:lle (KB904706)
Suojauspäivitys Windows XP:lle (KB905414)
Suojauspäivitys Windows XP:lle (KB905749)
Suojauspäivitys Windows XP:lle (KB908519)
Suojauspäivitys Windows XP:lle (KB911562)
Suojauspäivitys Windows XP:lle (KB911927)
Suojauspäivitys Windows XP:lle (KB913580)
Suojauspäivitys Windows XP:lle (KB914388)
Suojauspäivitys Windows XP:lle (KB914389)
Suojauspäivitys Windows XP:lle (KB917344)
Suojauspäivitys Windows XP:lle (KB917953)
Suojauspäivitys Windows XP:lle (KB918118)
Suojauspäivitys Windows XP:lle (KB918439)
Suojauspäivitys Windows XP:lle (KB919007)
Suojauspäivitys Windows XP:lle (KB920213)
Suojauspäivitys Windows XP:lle (KB920670)
Suojauspäivitys Windows XP:lle (KB920683)
Suojauspäivitys Windows XP:lle (KB920685)
Suojauspäivitys Windows XP:lle (KB921503)
Suojauspäivitys Windows XP:lle (KB922819)
Suojauspäivitys Windows XP:lle (KB923191)
Suojauspäivitys Windows XP:lle (KB923414)
Suojauspäivitys Windows XP:lle (KB923789)
Suojauspäivitys Windows XP:lle (KB923980)
Suojauspäivitys Windows XP:lle (KB924270)
Suojauspäivitys Windows XP:lle (KB924496)
Suojauspäivitys Windows XP:lle (KB924667)
Suojauspäivitys Windows XP:lle (KB925902)
Suojauspäivitys Windows XP:lle (KB926255)
Suojauspäivitys Windows XP:lle (KB926436)
Suojauspäivitys Windows XP:lle (KB927779)
Suojauspäivitys Windows XP:lle (KB927802)
Suojauspäivitys Windows XP:lle (KB928255)
Suojauspäivitys Windows XP:lle (KB928843)
Suojauspäivitys Windows XP:lle (KB929123)
Suojauspäivitys Windows XP:lle (KB930178)
Suojauspäivitys Windows XP:lle (KB931261)
Suojauspäivitys Windows XP:lle (KB931784)
Suojauspäivitys Windows XP:lle (KB932168)
Suojauspäivitys Windows XP:lle (KB933729)
Suojauspäivitys Windows XP:lle (KB935839)
Suojauspäivitys Windows XP:lle (KB935840)
Suojauspäivitys Windows XP:lle (KB936021)
Suojauspäivitys Windows XP:lle (KB937894)
Suojauspäivitys Windows XP:lle (KB938127)
Suojauspäivitys Windows XP:lle (KB938829)
Suojauspäivitys Windows XP:lle (KB939653)
Suojauspäivitys Windows XP:lle (KB941202)
Suojauspäivitys Windows XP:lle (KB941568)
Suojauspäivitys Windows XP:lle (KB941644)
Suojauspäivitys Windows XP:lle (KB942615)
Suojauspäivitys Windows XP:lle (KB943055)
Suojauspäivitys Windows XP:lle (KB943460)
Suojauspäivitys Windows XP:lle (KB943485)
Suojauspäivitys Windows XP:lle (KB944533)
Suojauspäivitys Windows XP:lle (KB944653)
Suojauspäivitys Windows XP:lle (KB946026)
System Requirements Lab
TMPGEnc DVD Author 1.6
Tweak-XP Pro 4
VideoLAN VLC media player 0.8.6d
Winamp
Windows Communication Foundation
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Liven kirjautumisavustaja
Windows Media Format Runtime
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (FIN)
Windows Workflow Foundation
Windows Workflow Foundation FI Language Pack
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windowsin ohjainpaketti - Nokia Modem (02/15/2007 3.1)
Windowsin ohjainpaketti - Nokia Modem (02/15/2007 3.1)
Windowsin ohjainpaketti - Nokia Modem (05/24/2007 6.84.0.1)
Windowsin ohjainpaketti - Nokia Modem (08/03/2007 6.84.0.2)
Windowsin ohjainpaketti - Nokia Modem (10/12/2007 3.6)
WinRAR-pakkausohjelma
VobSub v2.23 (Remove Only)
XML Paper Specification Shared Components Language Pack 1.0
XviD MPEG-4 Video Codec
combofixlog.txt
ComboFix 08-03-09.1 - Marko 2008-03-10 3:43:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.801 [GMT 2:00]
Running from: C:\Documents and Settings\Marko\Työpöytä\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-10 to 2008-03-10 )))))))))))))))))
.
2008-03-09 18:14 . 2008-03-10 03:30 d-------- C:\Program Files\a-squared Anti-Malware
2008-03-09 11:42 . 2008-03-09 11:44 104 --a------ C:\index.ini
2008-03-09 11:23 . 2008-03-09 11:23 d-------- C:\Program Files\Windows Defender
2008-03-09 05:10 . 2008-03-09 05:10 0 --a------ C:\23990098.$$$
2008-03-09 03:04 . 2008-03-09 03:12 d-------- C:\Downloads
2008-03-09 03:02 . 2008-03-09 03:12 d-------- C:\Kaspersky
2008-03-09 02:47 . 2008-03-09 11:39 d-------- C:\Program Files\a-squared HiJackFree
2008-03-09 02:37 . 2008-03-09 02:37 d-------- C:\Documents and Settings\Marko\Application Data\Grisoft
2008-03-09 02:37 . 2008-03-09 02:37 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-09 02:37 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-09 02:33 . 2008-03-09 02:33 106 --a------ C:\delete.bat
2008-03-08 01:15 . 2008-03-08 01:19 d-------- C:\Program Files\Railroad Tycoon 3
2008-03-08 01:10 . 2008-03-08 01:10 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-07 23:38 . 2008-03-07 23:38 32,256 --a------ C:\WINDOWS\system32\NTSecurity.exe
2008-03-07 16:39 . 2008-03-07 16:39 d-------- C:\Program Files\Common Files\Adobe
2008-03-05 13:25 . 2008-03-09 02:56 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-05 13:25 . 2008-03-05 13:25 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-03-05 13:23 . 2008-03-05 13:23 d-------- C:\Program Files\Lavasoft
2008-03-05 13:20 . 2008-03-05 13:20 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-05 13:13 . 2008-03-05 13:13 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-02 22:45 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-02 22:45 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-02 22:45 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-02 20:27 . 2008-03-02 20:27 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-02 20:27 . 2008-03-02 20:27 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-14 22:15 . 2008-02-14 22:16 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-14 06:18 . 2008-02-14 06:18 d-------- C:\Program Files\FM Modifier 2.2
2008-02-11 08:36 . 2008-02-11 08:36 8 --a------ C:\WINDOWS\NUMCD.GFN
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 16:11 291,884 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-09 00:53 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-03-08 18:26 --------- d-----w C:\Documents and Settings\Marko\Application Data\mIRC
2008-03-08 13:32 --------- d-----w C:\Program Files\Euroword2004
2008-03-08 06:58 --------- d-----w C:\Program Files\DVDAuthorGUI
2008-03-08 06:31 --------- d-----w C:\Documents and Settings\Marko\Application Data\dvdcss
2008-03-08 06:15 --------- d-----w C:\Program Files\mIRC
2008-03-07 23:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-06 15:32 --------- d-----w C:\Program Files\eMule
2008-03-05 11:16 --------- d-----w C:\Documents and Settings\Marko\Application Data\uTorrent
2008-03-02 18:28 --------- d-----w C:\Program Files\MSN Messenger
2008-03-02 18:27 --------- d-----w C:\Program Files\Windows Live
2008-03-02 16:39 --------- d-----w C:\Program Files\DC
2008-02-18 07:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-11 02:51 --------- d-----w C:\Program Files\Winamp
2008-02-11 02:30 --------- d-----w C:\Program Files\Screamer Radio
2008-02-04 12:58 --------- d-----w C:\Program Files\Foxit Software
2008-01-26 07:24 --------- d-----w C:\Program Files\Pegasys Inc
2008-01-26 07:20 86,016 ------w C:\WINDOWS\system32\pxwma.dll
2008-01-26 07:20 105,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-26 07:20 103,936 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-01-26 07:16 --------- d-----w C:\Documents and Settings\Marko\Application Data\Pegasys Inc
2008-01-26 06:53 53,248 ----a-w C:\WINDOWS\system32\GenSvcInst.exe
2008-01-26 06:53 33,408 ----a-w C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2008-01-26 06:53 118,784 ----a-w C:\WINDOWS\system32\bgsvcgen.exe
2008-01-23 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-01-10 18:23 --------- d-----w C:\Program Files\Bridge Construction Set
2008-01-06 02:09 720,896 ----a-w C:\WINDOWS\iun6002.exe
2007-12-18 13:34 9,684 ----a-w C:\WINDOWS\system32\Pvt.tmp
2007-12-18 13:34 34,308 ----a-w C:\WINDOWS\system32\Chip.dll
2007-12-15 22:30 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-12-14 09:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-11 21:38 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-12-11 21:38 389,120 ------w C:\WINDOWS\Setup1.exe
2004-09-28 03:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
2004-03-28 16:46 1,340,416 ----a-w C:\Program Files\mplayerc.exe
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 15:12 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 13:53 171464]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-18 15:12 1637312]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"DiagAP8169"="C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2004-08-25 10:26 1465856]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 16:54 774168]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 14:20 16844800 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 15:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
C:\Documents and Settings\Marko\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
verkko.bat [2006-12-30 16:59:26 134]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-25 12:53:32 692224]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"NTSpool"= NTSpool.exe
"Windows Security Tool"= WinSecure.exe
"NT Security Service"= NTSecurity.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S2 LANPkt;Realtek LANPkt Protocol;C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2003-09-17 15:57]
*Newly Created Service* - A2ANTIMALWARE
*Newly Created Service* - MCHINJDRV
*Newly Created Service* - WINDEFEND
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E555}]
E:\Valmiit\SlySoft\AnyDVD 6.3.0.0\AnyDVD leftover killer 1.3.exe -M
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-09 10:45:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 03:47:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-10 3:49:28
.
2008-03-05 11:20:18 --- E O F ---
sdfixreport
[b]SDFix: Version 1.154 [/b]
Run by J„rjestelm„nvalvoja on ma 10.03.2008 at 04:12
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\JRJEST~1\TYPYT~1\SDFix\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 07:47:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
IPC error: 2 Määritettyä tiedostoa ei löydy.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b6,17,3a,8a,af,9b,b1,74,76,6c,74,2a,5e,2a,28,b9,6c,68,ce,5b,10,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b9,a7,64,fa,16,1f,33,86,d9,cf,01,fb,47,05,14,25,8f,..
"khjeh"=hex:66,c4,e7,56,d6,d8,4e,ad,de,7c,b5,2f,be,e2,f2,8e,86,6a,8f,b4,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:65,ff,e0,20,22,33,c8,61,03,10,a4,56,61,39,32,05,f9,a0,f1,28,74,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:c4,c9,40,41,74,8e,81,fb,25,62,8b,9b,59,7b,65,54,1f,7a,80,cd,07,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:6b,62,a2,db,aa,a4,12,f7,9b,55,e0,ca,31,9b,6b,a2,ca,87,60,79,86,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b6,17,3a,8a,af,9b,b1,74,76,6c,74,2a,5e,2a,28,b9,6c,68,ce,5b,10,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b9,a7,64,fa,16,1f,33,86,d9,cf,01,fb,47,05,14,25,8f,..
"khjeh"=hex:66,c4,e7,56,d6,d8,4e,ad,de,7c,b5,2f,be,e2,f2,8e,86,6a,8f,b4,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:65,ff,e0,20,22,33,c8,61,03,10,a4,56,61,39,32,05,f9,a0,f1,28,74,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:c4,c9,40,41,74,8e,81,fb,25,62,8b,9b,59,7b,65,54,1f,7a,80,cd,07,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:6b,62,a2,db,aa,a4,12,f7,9b,55,e0,ca,31,9b,6b,a2,ca,87,60,79,86,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\JRJEST~1\TYPYT~1\SDFix\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Tue 18 Dec 2007 24 ..SH. --- "C:\WINDOWS\S16FF7C01.tmp"
Sat 22 Dec 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 5 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0fd78ad219f7a5373cb35ffe8ba1b5b1\BIT22.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT2.tmp"
Wed 5 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT20.tmp"
Wed 5 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT21.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT1.tmp"
[b]Finished![/b]
hijackthis.log
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:56:35, on 10.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSI\LAN Utility\DiagAP8169.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Valmiit\HiJackThis_v2.0.0.0.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DiagAP8169] C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Policies\Explorer\Run: [Windows Security Tool] WinSecure.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: verkko.bat
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
--
End of file - 9935 bytesscannaa hjt:llä merkkaa paina Fix checked
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Policies\Explorer\Run: [Windows Security Tool] WinSecure.exe
O4 - Startup: verkko.bat
=============
Poista koneelta
HijackThis 2.0.0
a-squared Anti-Malware 3.1
a-squared HiJackFree 3.0
Poista vikasiedossa kansiot
C:\Program Files\>> a-squared Anti-Malware Valmiit\HiJackThis_v2.0.0.0.exe
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Martinan uusi poikakaveri
Sielläpä se sitten on. Instastoorissa pienissä speedoissa retkottaa uusin kulta Martinan kanssa. Oikein sydämiä laitettu2063240Suomessa helteet ylittää vasta +30 astetta.
Etelä-Euroopassa on mitattu yli +40 asteen lämpötiloja. Lähi-Idässä +50 on ylitetty useasti Lämpöennätykset rikkoutuva2391640Laita mulle viesti!!
Laita viesti mesen (Facebook) kautta. Haluan keskustella mutta sinun ehdoilla en halua häiriköidä tms. Yhä välitän sinus951482- 921399
Vanhemmalle naiselle
alkuperäiseltä kirjoittajalta. On olemassa myös se toinen joka tarkoituksella käyttää samaa otsikkoa. Ihan sama kunhan e461344Fazer perustaa 400 miljoonan suklaatehtaan Lahteen
No eipä ihme miksi ovat kolminkertaistaneen suklaalevyjensä hinnan. Nehän on alkaneet keräämään rahaa tehdasta varten.1591265Ajattelen sinua tänäkin iltana
Olet huippuihana❤️ Ajattelen sinua jatkuvasti. Toivottavasti tapaamme pian. En malttaisi odottaa, mutta odotan kuitenkin121198Ökyrikkaat Fazerit saivat 20 MILJOONAA veronmaksajien varallisuutta!
"Yle uutisoi viime viikolla, että Business Finland on myöntänyt Fazerille noin 20 miljoonaa euroa investointitukea. Faze1231029Miehelle...
Oliko kaikki mökötus sen arvoista? Ei mukavalta tuntunut, kun aloit hiljaisesti osoittaa mieltä ja kohtelit välinpitämät89932Tuntuu liian hankalalta
Lähettää sulle viesti. Tarvitsen apuasi ottaa koppi tilanteesta. Miehelle meni.51838