Oliskohan taas aika tarjota tota logia jos joku ystävällinen asiasta ymmärtävä tarkistaisi sen... Kiitosta jo etukäteen.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:45, on 26.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\Launch Manager\Wbutton.exe
C:\Launch Manager\OSD.exe
C:\Launch Manager\OSDCtrl.exe
C:\Launch Manager\LaunchAp.exe
C:\Launch Manager\HotkeyApp.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\HJT\HiJackThis_v2.0.2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.kponet.fi:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154541645140
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
--
End of file - 5941 bytes
Heip...
4
567
Vastaukset
- ------
poista lisää poista sovelutuksesta
SweetIM For Internet Explorer
Poista vikasiedossa kansio
C:\Program Files\>>Macrogaming- Jaabadaaba
[b]SDFix: Version 1.177 [/b]
Run by xxxxxx on pe 02.05.2008 at 21:35
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\~1\~1\SDFix\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 21:52:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\~1\~1\SDFix\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\System Volume Information\_restore{E107D00D-1241-4CB1-874D-0A90ED4BE3B1}\RP579\A0130910.exe"
Sat 23 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\xxx\Application Data\U3\temp\Launchpad Removal.exe"
[b]Finished![/b] - Jaabadaaba
ComboFix 08-05-01.3 - 2008-05-02 20:52:44.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.200.2.252.1.135.1.92 [GMT 3:00]
Running from: C:\Documents and Settings\\Työpöytä\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-02 to 2008-05-02 )))))))))))))))))
.
2008-05-01 18:00 . 2008-05-01 18:01 d-------- C:\f6e8a834e6903d717c88c81de1bd6a
2008-04-27 17:34 . 2008-04-27 17:34 d-------- C:\f4b3122bd1b32c3f9004a1d41e
2008-04-27 17:24 . 2008-04-27 17:24 d-------- C:\Program Files\Elisa Tietoturvapalvelu
2008-04-24 16:12 . 2008-04-24 16:12 d-------- C:\Program Files\Lavalys
2008-04-23 18:00 . 2008-04-23 18:01 d-------- C:\d29cc705f1b8f368c2b6d4
2008-04-19 17:41 . 2008-04-19 17:41 d-------- C:\Program Files\Windows Installer Clean Up
2008-04-19 17:40 . 2008-04-19 17:40 d-------- C:\Program Files\MSECACHE
2008-04-18 23:27 . 2008-04-18 23:27 d-------- C:\e76e49d7245aba64133cd97ab6c369f9
2008-04-18 23:04 . 2008-04-18 23:22 d-------- C:\Program Files\Opera
2008-04-16 18:02 . 2008-04-16 18:02 d-------- C:\563c3dcf2ab0f40e5c824194e38fde
2008-04-15 11:18 . 2008-04-15 11:18 d-------- C:\Program Files\SolidWorks Suomeksi
2008-04-14 22:48 . 2008-04-14 22:48 d-------- C:\temp
2008-04-14 18:05 . 2008-04-14 20:09 137 --a------ C:\WINDOWS\system32\accwiz.bin
2008-04-14 17:57 . 2008-04-14 18:33 d-------- C:\Program Files\SolidWorks Installation Manager
2008-04-14 17:54 . 2008-04-14 18:31 d-------- C:\Program Files\Common Files\eDrawings2007
2008-04-14 17:49 . 2008-04-16 17:02 d-------- C:\Program Files\SolidWorks
2008-04-13 22:25 . 2008-04-13 23:48 d-------- C:\Documents and Settings\Järjestelmänvalvoja.MAKE\Suosikit
2008-04-13 22:25 . 2008-04-13 23:48 d-------- C:\Documents and Settings\Järjestelmänvalvoja.MAKE\Mallit
2008-04-13 22:25 . 2008-04-13 23:48 d---s---- C:\Documents and Settings\Järjestelmänvalvoja.M
2008-04-13 22:25 . 2008-05-02 20:34 1,024 --ah----- C:\Documents and Settings\Järjestelmänvalvoja.\ntuser.dat.LOG
2008-04-13 15:44 . 2008-04-29 23:17 d-------- C:\Program Files\CncSimulator
2008-04-13 11:32 . 2008-04-13 11:39 d-------- C:\Program Files\RocketDock
2008-04-12 19:16 . 2008-04-12 19:16 d-------- C:\WINDOWS\SOLIDWORKS.2003.LICENSE.ONLY-RORiSO
2008-04-12 12:16 . 2008-04-13 13:51 135 --a------ C:\WINDOWS\system32\netmsg.bin
2008-04-12 12:14 . 2008-04-13 13:51 135 --a------ C:\WINDOWS\system32\ole.inf
2008-04-12 12:12 . 2008-04-13 13:51 133 --a------ C:\WINDOWS\system32\winver.bin
2008-04-12 12:09 . 2008-04-12 12:16 137 --a------ C:\WINDOWS\system32\service.inf
2008-04-12 12:08 . 2008-04-12 12:16 139 --a------ C:\WINDOWS\system32\odbc.inf
2008-04-11 18:51 . 2008-04-13 13:57 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-04-11 16:14 . 2008-04-11 16:14 d-------- C:\Documents and Settings\M\Application Data\DassaultSystemes
2008-04-11 16:14 . 2008-04-11 16:14 d-------- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
2008-04-11 16:12 . 2008-05-01 21:51 d-------- C:\Documents and Settings\M\Application Data\SolidWorks
2008-04-11 16:10 . 2008-04-11 16:10 d-------- C:\Documents and Settings\M\Application Data\DWGeditor
2008-04-11 16:09 . 2008-04-14 18:36 d-------- C:\Program Files\DWGeditor
2008-04-11 16:09 . 2008-04-11 16:09 0 --a------ C:\WINDOWS\eDrawingOfficeAutomator.INI
2008-04-11 16:08 . 2004-11-05 11:08 670,208 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-04-11 16:07 . 2008-04-11 16:07 23 --ah----- C:\WINDOWS\yacht.xws
2008-04-11 16:03 . 2008-04-11 16:03 d-------- C:\WINDOWS\system32\GroupPolicy
2008-04-11 16:01 . 2008-04-14 18:31 d-------- C:\Program Files\Common Files\SolidWorks Shared
2008-04-11 16:00 . 2008-04-12 11:35 d-------- C:\Program Files\Common Files\Solidworks Data
2008-04-11 15:59 . 2008-04-14 20:08 d-------- C:\Program Files\Windows Desktop Search
2008-04-11 15:58 . 2008-04-11 15:58 42 --a------ C:\WINDOWS\trailer.xws
2008-04-10 22:17 . 2008-04-10 22:24 d-------- C:\Program Files\Common Files\Real
2008-04-07 22:54 . 2008-04-07 22:54 d-------- C:\Documents and Settings\M\Application Data\Media Player Classic
2008-04-07 22:40 . 2008-04-07 22:40 d-------- C:\Documents and Settings\M\Application Data\Uniblue
2008-04-06 13:38 . 2008-04-06 13:38 d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-04-06 13:37 . 2008-04-06 13:37 104,066 --a------ C:\WINDOWS\hpqins16.dat
2008-04-05 22:33 . 2008-04-09 16:19 d-------- C:\Documents and Settings\M\Application Data\Inkscape
2008-04-05 22:05 . 2008-04-05 22:05 d-------- C:\Program Files\Blender Foundation
2008-04-03 17:02 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-03 17:02 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 19:26 --------- d-----w C:\Documents and Settings\M\Application Data\U3
2008-04-30 15:29 --------- d-----w C:\Program Files\Macrogaming
2008-04-27 07:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-22 19:11 --------- d-----w C:\Program Files\Microsoft Works
2008-04-13 12:43 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-12 18:13 --------- d-----w C:\Program Files\DC
2008-04-10 16:44 --------- d-----w C:\Program Files\Google
2008-04-09 14:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Elisa
2008-04-09 12:53 --------- d-----w C:\Program Files\Common Files\HP
2008-04-08 15:48 --------- d-----w C:\Program Files\HP
2008-03-31 13:10 --------- d-----w C:\Program Files\MicroTech
2008-03-31 12:20 --------- d-----w C:\Program Files\CNC Consulting
2008-03-31 12:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\License
2008-03-28 13:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-28 13:51 --------- d-----w C:\Program Files\Common Files\WinMain
2008-03-28 13:51 --------- d-----w C:\Program Files\Codejock Software
2008-03-28 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-28 13:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-23 08:29 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2008-03-23 06:50 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-23 06:45 --------- d-----w C:\Program Files\Windows Live
2008-03-22 19:53 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-22 19:48 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-22 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-22 19:40 --------- d-----w C:\Program Files\MSN Messenger
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-19 20:27 --------- d-----w C:\Documents and Settings\M\Application Data\Thunderbird
2008-03-09 20:36 64,194 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-03-09 20:36 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-09 20:36 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-09 20:36 219,136 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-03-05 16:02 --------- d-----w C:\Program Files\Java
2008-03-05 15:59 --------- d-----w C:\Program Files\Common Files\Java
2008-03-01 15:31 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:56 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:55 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:38 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-18 19:07 496 ----a-w C:\Documents and Settings\Application Data\wklnhst.dat
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-01-18 08:54 146,944 ----a-w C:\Documents and Settings\\regedit.exe
2006-01-18 08:53 9,216 ----a-w C:\Documents and Settings\\find.exe
2006-01-18 08:53 28,160 ----a-w C:\Documents and Settings\M\findstr.exe
2006-01-18 08:53 11,264 ----a-w C:\Documents and Settings\M\attrib.exe
2007-05-09 10:04 10,240 --sha-w C:\WINDOWS\rnapxs\Rnapxs.dat
.
------- Sigcheck -------
2007-06-13 16:10 975872 4b9c8312419c1d7ab0566a8dfa486293 C:\WINDOWS\explorer.exe
2006-01-18 11:41 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\$NtUninstallKB884883$\explorer.exe
2006-01-18 11:54 1032704 1a3e2819261549ecad11f2759f8da16f C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 16:10 975872 4b9c8312419c1d7ab0566a8dfa486293 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-02_ )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-01 18:48:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-05-02 17:50:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-05-02 17:50:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_59c.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CtrlVol"="C:\Launch Manager\CtrlVol.exe" [2006-01-18 11:36 20480]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 20:37 79224]
"Wbutton"="C:\Launch Manager\Wbutton.exe" [2006-01-18 11:36 81920]
"LMgrVolOSD"="C:\Launch Manager\OSD.exe" [2006-01-18 11:36 204800]
"LMgrOSD"="C:\Launch Manager\OSDCtrl.exe" [2006-01-18 11:36 245760]
"LaunchAp"="C:\Launch Manager\LaunchAp.exe" [2006-01-18 11:36 32768]
"HotkeyApp"="C:\Launch Manager\HotkeyApp.exe" [2006-01-18 11:36 57344]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-01-18 11:53 15360]
C:\Documents and Settings\\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 01:05:02 630784]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^SolidWorks Suomeksi.lnk]
backup=C:\WINDOWS\pss\SolidWorks Suomeksi.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^^Käynnistä-valikko^Ohjelmat^Käynnistys^RocketDock.lnk]
path=C:\Documents and Settings\\Käynnistä-valikko\Ohjelmat\Käynnistys\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 12:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 18:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2006-01-18 11:53 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 13:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-06-27 17:21 1449984 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-01-18 11:54 77824 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2008-01-02 21:15 103712 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-01-18 11:41 737369 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 20:31]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2006-01-18 11:52]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20:35]
R2 BUFADPT;BUFADPT;C:\WINDOWS\system32\BUFADPT.SYS [2005-03-10 08:44]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d40da0dc-9a63-11dc-84f3-000ae4b5d82b}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f99bb65a-87fa-11da-88b2-000ae4a9347e}]
\Shell\AutoRun\command - D:\setupSNK.exe
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-04-25 14:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 20:55:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = C:\Launch Manager\CtrlVol.exe???????8???????@3??T??????|x??|????q??|?j?wQj?w????????,??? ???|???????????\??????|????????h?????@????????????????s???????s???sx??s@??????????????|h??sl??????????s?????????????????C?sc"?sx??s???????w??@?N'?s?>9?-6@???9????????
scanning hidden files ...
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
Completion time: 2008-05-02 20:58:01
ComboFix-quarantined-files.txt 2008-05-02 17:57:50
ComboFix2.txt 2008-05-02 17:38:56
Pre-Run: 19,731,054,592 tavua vapaana
Post-Run: 19,720,499,200 tavua vapaana
215 --- E O F --- 2008-05-02 15:01:13 - Jaabadaaba
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:42, on 2.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Launch Manager\Wbutton.exe
C:\Launch Manager\OSD.exe
C:\Launch Manager\OSDCtrl.exe
C:\Launch Manager\LaunchAp.exe
C:\Launch Manager\HotkeyApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\HJT\HiJackThis_v2.0.2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.kponet.fi:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154541645140
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
--
End of file - 5067 bytes
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Oletko kertonut jo muille tunteistasi?
Ystävillesi esimerkiksi? Minä en ole vielä kertonut kenellekään tästä meidän jutusta.774592- 1791829
- 1241530
- 351016
Miten minusta tuntuu että kaikki tietää sun tunteista mua kohtaan
Paitsi suoraan minä itse, vai mitä hlvettiä täällä tapahtuu ja miksi ihmiset susta kyselee minulta 🤔❤️16971- 92894
- 78893
Hyvää huomenta!
Mietin miten suhtaudut minuun, jos kerron tunteista. Voinko enää sen jälkeen olla samassa paikassa kanssasi, jos koet as78842- 45807
- 4788