Ostin käytetyn koneen. Onko jotain?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:15, on 17.3.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\EHTray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\hjt\HiJackThis_v2.0.2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O13 - Gopher Prefix:
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 5235 bytes
Onko jotain?
3
1245
Vastaukset
- -----
1.Lataa combofix.exe työpöydällesi yhdestä, kahdesta klinkistä:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.- jounes
ComboFix 08-03-18.1 - Käyttäjä 2008-03-20 18:03:37.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1226 [GMT 2:00]
Running from: C:\Users\Käyttäjä\Desktop\ComboFix.exe
* Created a new restore point
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-20 to 2008-03-20 )))))))))))))))))
.
2008-03-20 13:33 . 2008-03-20 14:06 d-------- C:\Users\All Users\GlobeTrotter Mobility Manager
2008-03-20 13:33 . 2008-03-20 14:06 d-------- C:\ProgramData\GlobeTrotter Mobility Manager
2008-03-19 22:56 . 2008-03-19 22:56 d-------- C:\Program Files\Lavasoft
2008-03-19 22:42 . 2008-03-19 22:42 d-------- C:\Users\Käyttäjä\AppData\Roaming\Thunderbird
2008-03-19 22:42 . 2008-03-19 22:42 d-------- C:\Users\Käyttäjä\AppData\Roaming\Thunderbird
2008-03-19 22:42 . 2008-03-19 22:42 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-19 22:38 . 2008-03-20 14:08 d-------- C:\Ohjelmia ja Paketteja
2008-03-18 21:07 . 2008-03-18 21:07 194,181,148 --a------ C:\Windows\MEMORY.DMP
2008-03-18 20:36 . 2008-03-18 20:37 d-------- C:\Windows\System32\ZoneLabs
2008-03-18 20:36 . 2008-03-18 20:36 d-------- C:\Users\All Users\CheckPoint
2008-03-18 20:36 . 2008-03-18 20:36 d-------- C:\ProgramData\CheckPoint
2008-03-18 20:36 . 2008-03-18 20:36 d-------- C:\Program Files\Zone Labs
2008-03-18 20:36 . 2008-01-09 03:31 1,086,952 --a------ C:\Windows\System32\zpeng24.dll
2008-03-18 20:36 . 2008-03-20 17:16 352,615 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-03-18 20:36 . 2008-01-09 03:32 276,368 --------- C:\Windows\System32\drivers\vsdatant.sys
2008-03-18 20:36 . 2008-01-09 03:32 276,368 --a------ C:\Windows\System32\drivers\~GLH0014.TMP
2008-03-18 18:54 . 2008-03-20 13:33 d-------- C:\Program Files\Option
2008-03-18 18:24 . 2007-12-04 15:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-03-18 18:24 . 2004-01-09 11:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-03-18 18:24 . 2007-12-04 14:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-03-18 18:24 . 2007-12-04 16:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-03-18 18:24 . 2007-12-04 16:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-03-18 18:24 . 2007-12-04 16:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2008-03-17 15:16 . 2008-03-17 15:17 d-------- C:\hjt
2008-02-27 17:36 . 2008-02-27 17:36 d-------- C:\Program Files\Microsoft Silverlight
2008-02-22 21:43 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-02-22 18:30 . 2008-02-22 18:30 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-22 18:30 . 2008-02-22 18:30 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-22 18:26 . 2008-02-22 18:26 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-22 18:26 . 2008-02-22 18:26 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-22 18:26 . 2008-02-22 18:26 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-22 18:26 . 2008-02-22 18:26 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-22 18:26 . 2008-02-22 18:26 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-22 18:26 . 2008-02-22 18:26 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-22 18:26 . 2008-02-22 18:26 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-02-22 18:25 . 2008-02-22 18:25 806,400 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-22 18:25 . 2008-02-22 18:25 217,144 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-22 18:25 . 2008-02-22 18:25 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-22 18:25 . 2008-02-22 18:25 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-22 18:25 . 2008-02-22 18:25 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-22 18:24 . 2008-02-22 18:24 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-22 18:24 . 2008-02-22 18:24 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-22 18:20 . 2008-02-22 18:20 1,244,672 --a------ C:\Windows\System32\mcmde.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 16:05 2,359,296 --sha-w C:\Users\Käyttäjä\ntuser.dat
2008-03-20 16:05 2,359,296 --sha-w C:\Users\Käyttäjä\ntuser.dat
2008-03-20 09:26 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-19 20:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-19 20:42 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Thunderbird
2008-03-19 20:42 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Thunderbird
2008-03-19 20:42 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Mozilla
2008-03-19 20:42 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Mozilla
2008-03-17 11:46 --------- d-s---w C:\Users\Käyttäjä\AppData\Roaming\Microsoft
2008-03-17 11:46 --------- d-s---w C:\Users\Käyttäjä\AppData\Roaming\Microsoft
2008-03-12 13:39 --------- d---a-w C:\ProgramData\TEMP
2008-03-12 13:33 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Comodo
2008-03-12 13:33 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Comodo
2008-03-12 13:33 --------- d-----w C:\Program Files\Google
2008-03-12 13:33 --------- d-----w C:\Program Files\COMODO
2008-03-12 13:29 --------- d-----w C:\Program Files\IrfanView
2008-03-12 13:28 --------- d-----w C:\Program Files\Windows Live
2008-03-12 13:26 --------- d-----w C:\Program Files\Opera
2008-02-29 18:42 --------- d-----w C:\Program Files\MSBuild
2008-02-22 17:24 28,124 ----a-w C:\Users\Käyttäjä\AppData\Roaming\nvModes.dat
2008-02-22 17:24 28,124 ----a-w C:\Users\Käyttäjä\AppData\Roaming\nvModes.dat
2008-02-22 16:24 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-22 16:24 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-22 16:24 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-22 16:24 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-22 16:21 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 16:21 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-22 16:21 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-22 16:21 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-22 10:57 --------- d-----w C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-02-22 10:57 --------- d-----w C:\Program Files\Raxco
2008-02-22 10:57 --------- d-----w C:\Program Files\Fingerprint Sensor
2008-02-22 10:56 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-02-15 14:46 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\ZoomBrowser EX
2008-02-15 14:46 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\ZoomBrowser EX
2008-02-07 09:30 --------- d-----w C:\ProgramData\NVIDIA
2008-02-01 09:17 586,752 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-30 21:38 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\VeriSoft Access Manager
2008-01-30 21:38 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\VeriSoft Access Manager
2008-01-30 20:38 --------- d-----w C:\ProgramData\Lavasoft
2008-01-28 17:07 --------- d-----w C:\Program Files\Diskeeper Corporation
2008-01-28 16:54 --------- d-----w C:\ProgramData\Nero
2008-01-28 16:54 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-25 19:01 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Macrovision
2008-01-25 19:01 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Macrovision
2008-01-25 18:47 39,936 ----a-w C:\Windows\System32\dwmapi.dll
2008-01-25 18:47 2,016,256 ----a-w C:\Windows\System32\milcore.dll
2008-01-25 18:45 132,864 ----a-w C:\Windows\system32\drivers\usbvideo.sys
2008-01-25 18:37 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Pavilion dv9500 Notebook PC_Y5335KV_0U_QCNF74667P9_E445841-DH3_4A_I30DA_SQuanta_V85.24_F.25_T071129_WV3-0_L40B_M2047_J160_7AMD_8F82_91.90_#071024_N10DE0450;14E44312_(GZ948EA#UUW)_XMOBILE_CN10_Z.MRK
2008-01-25 18:37 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-25 18:27 --------- d-----w C:\ProgramData\WLInstaller
2008-01-25 18:27 --------- d-----w C:\ProgramData\Roxio
2008-01-25 18:27 --------- d-----w C:\Program Files\WinTV
2008-01-25 18:08 --------- d-----w C:\ProgramData\Vodafone
2008-01-25 17:23 --------- d-----w C:\Program Files\Vodafone(14)
2008-01-25 16:16 --------- d-----w C:\ProgramData\Macrovision
2008-01-25 12:12 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Hewlett-Packard
2008-01-25 12:12 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Hewlett-Packard
2008-01-24 18:48 --------- d-----w C:\Program Files\Common Files\Canon
2008-01-23 21:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 21:44 --------- d-----w C:\Program Files\NetWaiting
2008-01-23 21:43 --------- d-----w C:\Program Files\CONEXANT
2008-01-23 21:41 --------- d-----w C:\Program Files\HP DVB-T TV Tuner
2008-01-23 21:24 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\InstallShield
2008-01-23 21:24 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\InstallShield
2008-01-23 20:44 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\NeroDCTemplates
2008-01-23 20:44 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\NeroDCTemplates
2008-01-23 19:04 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Nero
2008-01-23 19:04 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Nero
2008-01-23 18:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-23 18:37 --------- d-----w C:\Program Files\HP
2008-01-23 16:25 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-23 16:12 --------- d-----w C:\ProgramData\CyberLink
2008-01-22 10:03 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-21 21:11 715,248 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-01-21 21:05 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\LockTime
2008-01-21 21:05 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\LockTime
2008-01-21 20:49 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\WinRAR
2008-01-21 20:49 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\WinRAR
2008-01-21 20:13 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-21 20:13 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-01-21 20:13 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-01-21 20:13 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-01-21 20:13 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-01-21 20:13 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-01-21 20:13 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-01-21 20:13 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-21 20:13 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-01-21 20:13 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2008-01-21 20:13 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-21 20:12 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-21 20:12 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-21 20:12 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-21 20:10 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-21 20:10 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-21 20:10 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-21 20:10 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-21 17:20 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Adobe
2008-01-21 17:20 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Adobe
2008-01-21 15:15 --------- d-----w C:\Program Files\ToniArts
.
[code]
----a-w 325,204 2006-12-21 18:56:28 C:\SwSetup\SP34746\WCAMC\FW_210_Silence Install .exe
[/code]
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 22:12 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 10:54 50696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 12:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 15:12 317128]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 08:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 08:05 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 08:05 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 03:31 959976]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
GlobeTrotter Connect.lnk - C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2008-01-10 15:51:02 864256]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3701915778-2694378702-997071981-1001]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{242B6A18-50EC-4CBE-BC51-169A55862D1F}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4F367804-32CF-492A-A353-75745930A0E4}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{EB70CE5D-9CBD-4641-854C-E5ADC9E5C05E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ED86B6D1-5974-4004-B8A7-10270E79A72B}"= UDP:C:\Program Files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"{508BC9A2-7737-4B04-AB27-53E44751544A}"= TCP:C:\Program Files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"{7CC9DA64-AD4F-41CD-957F-B73C65DD30B6}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{0EB49EF1-371F-49CA-B72C-F056130C549C}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{81B9B611-7A87-4B11-9EBE-A2FB2172D618}"= UDP:C:\Program Files\SpywareBlaster\spywareblaster.exe:SpywareBlaster
"{D9658B1F-B016-4BD1-9190-ED3DD5051EAC}"= TCP:C:\Program Files\SpywareBlaster\spywareblaster.exe:SpywareBlaster
"{06D574BA-5C5C-4794-9A6D-4B955696366D}"= UDP:C:\Program Files\Opera\Opera.exe:Opera
"{EF7FF50E-40D2-4F40-BBFE-AEE2B8E8BBAB}"= TCP:C:\Program Files\Opera\Opera.exe:Opera
"{30D16193-FFAD-4CB8-9612-FAD975F896EA}"= UDP:C:\Program Files\NetLimiter\NetLimiter.exe:Netlimiter
"{8ED2ADBF-1A2B-4BF5-BE25-A5E79188D7D8}"= TCP:C:\Program Files\NetLimiter\NetLimiter.exe:Netlimiter
"{F6889BD5-DAC9-4F31-98EE-83235A9BCED1}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{A94D131C-9645-4FB9-BA29-E4C90A2F93A4}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
R2 GtDetectSc;GtDetectSc;"C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe" [2007-12-18 11:48]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-09-30 19:34]
R2 QPSched;QuickPlay Task Scheduler (QTS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-09-30 19:34]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27]
R3 GT72NDISIPXP;GT 72 IP NDIS;C:\Windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 15:50]
R3 GT72UBUS;GT 72 U BUS;C:\Windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 12:53]
R3 GTPTSER;GT PT SER;C:\Windows\system32\DRIVERS\gtptser.sys [2007-03-30 12:38]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 01:50]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 17:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d55b56c-cdb6-11dc-9c39-001b24ce6a57}]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d55b56d-cdb6-11dc-9c39-001b24ce6a57}]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67352b72-f509-11dc-bc32-001a73c872bc}]
\shell\AutoRun\command - F:\setup.exe AUTORUN=1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5adc66c-cb73-11dc-a44d-001b24ce6a57}]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5adc674-cb73-11dc-a44d-001b24ce6a57}]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 18:13:20
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-20 18:14:02
.
2008-03-20 09:26:29 --- E O F --- - -----
jounes kirjoitti:
ComboFix 08-03-18.1 - Käyttäjä 2008-03-20 18:03:37.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1226 [GMT 2:00]
Running from: C:\Users\Käyttäjä\Desktop\ComboFix.exe
* Created a new restore point
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-20 to 2008-03-20 )))))))))))))))))
.
2008-03-20 13:33 . 2008-03-20 14:06 d-------- C:\Users\All Users\GlobeTrotter Mobility Manager
2008-03-20 13:33 . 2008-03-20 14:06 d-------- C:\ProgramData\GlobeTrotter Mobility Manager
2008-03-19 22:56 . 2008-03-19 22:56 d-------- C:\Program Files\Lavasoft
2008-03-19 22:42 . 2008-03-19 22:42 d-------- C:\Users\Käyttäjä\AppData\Roaming\Thunderbird
2008-03-19 22:42 . 2008-03-19 22:42 d-------- C:\Users\Käyttäjä\AppData\Roaming\Thunderbird
2008-03-19 22:42 . 2008-03-19 22:42 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-19 22:38 . 2008-03-20 14:08 d-------- C:\Ohjelmia ja Paketteja
2008-03-18 21:07 . 2008-03-18 21:07 194,181,148 --a------ C:\Windows\MEMORY.DMP
2008-03-18 20:36 . 2008-03-18 20:37 d-------- C:\Windows\System32\ZoneLabs
2008-03-18 20:36 . 2008-03-18 20:36 d-------- C:\Users\All Users\CheckPoint
2008-03-18 20:36 . 2008-03-18 20:36 d-------- C:\ProgramData\CheckPoint
2008-03-18 20:36 . 2008-03-18 20:36 d-------- C:\Program Files\Zone Labs
2008-03-18 20:36 . 2008-01-09 03:31 1,086,952 --a------ C:\Windows\System32\zpeng24.dll
2008-03-18 20:36 . 2008-03-20 17:16 352,615 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-03-18 20:36 . 2008-01-09 03:32 276,368 --------- C:\Windows\System32\drivers\vsdatant.sys
2008-03-18 20:36 . 2008-01-09 03:32 276,368 --a------ C:\Windows\System32\drivers\~GLH0014.TMP
2008-03-18 18:54 . 2008-03-20 13:33 d-------- C:\Program Files\Option
2008-03-18 18:24 . 2007-12-04 15:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-03-18 18:24 . 2004-01-09 11:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-03-18 18:24 . 2007-12-04 14:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-03-18 18:24 . 2007-12-04 16:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-03-18 18:24 . 2007-12-04 16:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-03-18 18:24 . 2007-12-04 16:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2008-03-17 15:16 . 2008-03-17 15:17 d-------- C:\hjt
2008-02-27 17:36 . 2008-02-27 17:36 d-------- C:\Program Files\Microsoft Silverlight
2008-02-22 21:43 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-02-22 18:30 . 2008-02-22 18:30 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-22 18:30 . 2008-02-22 18:30 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-22 18:26 . 2008-02-22 18:26 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-22 18:26 . 2008-02-22 18:26 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-22 18:26 . 2008-02-22 18:26 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-22 18:26 . 2008-02-22 18:26 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-22 18:26 . 2008-02-22 18:26 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-22 18:26 . 2008-02-22 18:26 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-22 18:26 . 2008-02-22 18:26 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-02-22 18:25 . 2008-02-22 18:25 806,400 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-22 18:25 . 2008-02-22 18:25 217,144 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-22 18:25 . 2008-02-22 18:25 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-22 18:25 . 2008-02-22 18:25 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-22 18:25 . 2008-02-22 18:25 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-22 18:24 . 2008-02-22 18:24 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-22 18:24 . 2008-02-22 18:24 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-22 18:20 . 2008-02-22 18:20 1,244,672 --a------ C:\Windows\System32\mcmde.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 16:05 2,359,296 --sha-w C:\Users\Käyttäjä\ntuser.dat
2008-03-20 16:05 2,359,296 --sha-w C:\Users\Käyttäjä\ntuser.dat
2008-03-20 09:26 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-19 20:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-19 20:42 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Thunderbird
2008-03-19 20:42 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Thunderbird
2008-03-19 20:42 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Mozilla
2008-03-19 20:42 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Mozilla
2008-03-17 11:46 --------- d-s---w C:\Users\Käyttäjä\AppData\Roaming\Microsoft
2008-03-17 11:46 --------- d-s---w C:\Users\Käyttäjä\AppData\Roaming\Microsoft
2008-03-12 13:39 --------- d---a-w C:\ProgramData\TEMP
2008-03-12 13:33 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Comodo
2008-03-12 13:33 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Comodo
2008-03-12 13:33 --------- d-----w C:\Program Files\Google
2008-03-12 13:33 --------- d-----w C:\Program Files\COMODO
2008-03-12 13:29 --------- d-----w C:\Program Files\IrfanView
2008-03-12 13:28 --------- d-----w C:\Program Files\Windows Live
2008-03-12 13:26 --------- d-----w C:\Program Files\Opera
2008-02-29 18:42 --------- d-----w C:\Program Files\MSBuild
2008-02-22 17:24 28,124 ----a-w C:\Users\Käyttäjä\AppData\Roaming\nvModes.dat
2008-02-22 17:24 28,124 ----a-w C:\Users\Käyttäjä\AppData\Roaming\nvModes.dat
2008-02-22 16:24 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-22 16:24 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-22 16:24 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-22 16:24 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-22 16:21 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 16:21 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-22 16:21 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-22 16:21 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-22 10:57 --------- d-----w C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-02-22 10:57 --------- d-----w C:\Program Files\Raxco
2008-02-22 10:57 --------- d-----w C:\Program Files\Fingerprint Sensor
2008-02-22 10:56 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-02-15 14:46 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\ZoomBrowser EX
2008-02-15 14:46 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\ZoomBrowser EX
2008-02-07 09:30 --------- d-----w C:\ProgramData\NVIDIA
2008-02-01 09:17 586,752 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-30 21:38 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\VeriSoft Access Manager
2008-01-30 21:38 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\VeriSoft Access Manager
2008-01-30 20:38 --------- d-----w C:\ProgramData\Lavasoft
2008-01-28 17:07 --------- d-----w C:\Program Files\Diskeeper Corporation
2008-01-28 16:54 --------- d-----w C:\ProgramData\Nero
2008-01-28 16:54 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-25 19:01 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Macrovision
2008-01-25 19:01 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Macrovision
2008-01-25 18:47 39,936 ----a-w C:\Windows\System32\dwmapi.dll
2008-01-25 18:47 2,016,256 ----a-w C:\Windows\System32\milcore.dll
2008-01-25 18:45 132,864 ----a-w C:\Windows\system32\drivers\usbvideo.sys
2008-01-25 18:37 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Pavilion dv9500 Notebook PC_Y5335KV_0U_QCNF74667P9_E445841-DH3_4A_I30DA_SQuanta_V85.24_F.25_T071129_WV3-0_L40B_M2047_J160_7AMD_8F82_91.90_#071024_N10DE0450;14E44312_(GZ948EA#UUW)_XMOBILE_CN10_Z.MRK
2008-01-25 18:37 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-25 18:27 --------- d-----w C:\ProgramData\WLInstaller
2008-01-25 18:27 --------- d-----w C:\ProgramData\Roxio
2008-01-25 18:27 --------- d-----w C:\Program Files\WinTV
2008-01-25 18:08 --------- d-----w C:\ProgramData\Vodafone
2008-01-25 17:23 --------- d-----w C:\Program Files\Vodafone(14)
2008-01-25 16:16 --------- d-----w C:\ProgramData\Macrovision
2008-01-25 12:12 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Hewlett-Packard
2008-01-25 12:12 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Hewlett-Packard
2008-01-24 18:48 --------- d-----w C:\Program Files\Common Files\Canon
2008-01-23 21:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 21:44 --------- d-----w C:\Program Files\NetWaiting
2008-01-23 21:43 --------- d-----w C:\Program Files\CONEXANT
2008-01-23 21:41 --------- d-----w C:\Program Files\HP DVB-T TV Tuner
2008-01-23 21:24 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\InstallShield
2008-01-23 21:24 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\InstallShield
2008-01-23 20:44 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\NeroDCTemplates
2008-01-23 20:44 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\NeroDCTemplates
2008-01-23 19:04 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Nero
2008-01-23 19:04 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Nero
2008-01-23 18:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-23 18:37 --------- d-----w C:\Program Files\HP
2008-01-23 16:25 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-23 16:12 --------- d-----w C:\ProgramData\CyberLink
2008-01-22 10:03 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-21 21:11 715,248 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-01-21 21:05 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\LockTime
2008-01-21 21:05 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\LockTime
2008-01-21 20:49 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\WinRAR
2008-01-21 20:49 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\WinRAR
2008-01-21 20:13 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-21 20:13 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-01-21 20:13 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-01-21 20:13 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-01-21 20:13 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-01-21 20:13 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-01-21 20:13 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-01-21 20:13 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-21 20:13 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-01-21 20:13 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2008-01-21 20:13 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-21 20:12 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-21 20:12 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-21 20:12 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-21 20:10 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-21 20:10 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-21 20:10 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-21 20:10 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-21 17:20 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Adobe
2008-01-21 17:20 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Adobe
2008-01-21 15:15 --------- d-----w C:\Program Files\ToniArts
.
[code]
----a-w 325,204 2006-12-21 18:56:28 C:\SwSetup\SP34746\WCAMC\FW_210_Silence Install .exe
[/code]
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 22:12 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 10:54 50696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 12:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 15:12 317128]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 08:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 08:05 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 08:05 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 03:31 959976]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
GlobeTrotter Connect.lnk - C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2008-01-10 15:51:02 864256]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3701915778-2694378702-997071981-1001]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{242B6A18-50EC-4CBE-BC51-169A55862D1F}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4F367804-32CF-492A-A353-75745930A0E4}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{EB70CE5D-9CBD-4641-854C-E5ADC9E5C05E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ED86B6D1-5974-4004-B8A7-10270E79A72B}"= UDP:C:\Program Files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"{508BC9A2-7737-4B04-AB27-53E44751544A}"= TCP:C:\Program Files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"{7CC9DA64-AD4F-41CD-957F-B73C65DD30B6}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{0EB49EF1-371F-49CA-B72C-F056130C549C}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{81B9B611-7A87-4B11-9EBE-A2FB2172D618}"= UDP:C:\Program Files\SpywareBlaster\spywareblaster.exe:SpywareBlaster
"{D9658B1F-B016-4BD1-9190-ED3DD5051EAC}"= TCP:C:\Program Files\SpywareBlaster\spywareblaster.exe:SpywareBlaster
"{06D574BA-5C5C-4794-9A6D-4B955696366D}"= UDP:C:\Program Files\Opera\Opera.exe:Opera
"{EF7FF50E-40D2-4F40-BBFE-AEE2B8E8BBAB}"= TCP:C:\Program Files\Opera\Opera.exe:Opera
"{30D16193-FFAD-4CB8-9612-FAD975F896EA}"= UDP:C:\Program Files\NetLimiter\NetLimiter.exe:Netlimiter
"{8ED2ADBF-1A2B-4BF5-BE25-A5E79188D7D8}"= TCP:C:\Program Files\NetLimiter\NetLimiter.exe:Netlimiter
"{F6889BD5-DAC9-4F31-98EE-83235A9BCED1}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{A94D131C-9645-4FB9-BA29-E4C90A2F93A4}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
R2 GtDetectSc;GtDetectSc;"C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe" [2007-12-18 11:48]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-09-30 19:34]
R2 QPSched;QuickPlay Task Scheduler (QTS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-09-30 19:34]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27]
R3 GT72NDISIPXP;GT 72 IP NDIS;C:\Windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 15:50]
R3 GT72UBUS;GT 72 U BUS;C:\Windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 12:53]
R3 GTPTSER;GT PT SER;C:\Windows\system32\DRIVERS\gtptser.sys [2007-03-30 12:38]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 01:50]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 17:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d55b56c-cdb6-11dc-9c39-001b24ce6a57}]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d55b56d-cdb6-11dc-9c39-001b24ce6a57}]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67352b72-f509-11dc-bc32-001a73c872bc}]
\shell\AutoRun\command - F:\setup.exe AUTORUN=1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5adc66c-cb73-11dc-a44d-001b24ce6a57}]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5adc674-cb73-11dc-a44d-001b24ce6a57}]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 18:13:20
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-20 18:14:02
.
2008-03-20 09:26:29 --- E O F ---Lataa tuolta http://www.ccleaner.com/download/builds.aspx
CCleaner v2.05.555- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
laita asetukset näin:
Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.
aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Oletko kertonut jo muille tunteistasi?
Ystävillesi esimerkiksi? Minä en ole vielä kertonut kenellekään tästä meidän jutusta.774592- 1791829
- 1241530
- 351016
Miten minusta tuntuu että kaikki tietää sun tunteista mua kohtaan
Paitsi suoraan minä itse, vai mitä hlvettiä täällä tapahtuu ja miksi ihmiset susta kyselee minulta 🤔❤️16971- 92894
- 78893
Hyvää huomenta!
Mietin miten suhtaudut minuun, jos kerron tunteista. Voinko enää sen jälkeen olla samassa paikassa kanssasi, jos koet as78842- 45807
- 4788