Oliskohan taas aika tarjota tota logia jos joku ystävällinen asiasta ymmärtävä tarkistaisi sen... Kiitosta jo etukäteen.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:45, on 26.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\Launch Manager\Wbutton.exe
C:\Launch Manager\OSD.exe
C:\Launch Manager\OSDCtrl.exe
C:\Launch Manager\LaunchAp.exe
C:\Launch Manager\HotkeyApp.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\HJT\HiJackThis_v2.0.2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.kponet.fi:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154541645140
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
--
End of file - 5941 bytes
Heip...
4
572
Vastaukset
- ------
poista lisää poista sovelutuksesta
SweetIM For Internet Explorer
Poista vikasiedossa kansio
C:\Program Files\>>Macrogaming- Jaabadaaba
[b]SDFix: Version 1.177 [/b]
Run by xxxxxx on pe 02.05.2008 at 21:35
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\~1\~1\SDFix\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 21:52:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\~1\~1\SDFix\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\System Volume Information\_restore{E107D00D-1241-4CB1-874D-0A90ED4BE3B1}\RP579\A0130910.exe"
Sat 23 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\xxx\Application Data\U3\temp\Launchpad Removal.exe"
[b]Finished![/b] - Jaabadaaba
ComboFix 08-05-01.3 - 2008-05-02 20:52:44.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.200.2.252.1.135.1.92 [GMT 3:00]
Running from: C:\Documents and Settings\\Työpöytä\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-02 to 2008-05-02 )))))))))))))))))
.
2008-05-01 18:00 . 2008-05-01 18:01 d-------- C:\f6e8a834e6903d717c88c81de1bd6a
2008-04-27 17:34 . 2008-04-27 17:34 d-------- C:\f4b3122bd1b32c3f9004a1d41e
2008-04-27 17:24 . 2008-04-27 17:24 d-------- C:\Program Files\Elisa Tietoturvapalvelu
2008-04-24 16:12 . 2008-04-24 16:12 d-------- C:\Program Files\Lavalys
2008-04-23 18:00 . 2008-04-23 18:01 d-------- C:\d29cc705f1b8f368c2b6d4
2008-04-19 17:41 . 2008-04-19 17:41 d-------- C:\Program Files\Windows Installer Clean Up
2008-04-19 17:40 . 2008-04-19 17:40 d-------- C:\Program Files\MSECACHE
2008-04-18 23:27 . 2008-04-18 23:27 d-------- C:\e76e49d7245aba64133cd97ab6c369f9
2008-04-18 23:04 . 2008-04-18 23:22 d-------- C:\Program Files\Opera
2008-04-16 18:02 . 2008-04-16 18:02 d-------- C:\563c3dcf2ab0f40e5c824194e38fde
2008-04-15 11:18 . 2008-04-15 11:18 d-------- C:\Program Files\SolidWorks Suomeksi
2008-04-14 22:48 . 2008-04-14 22:48 d-------- C:\temp
2008-04-14 18:05 . 2008-04-14 20:09 137 --a------ C:\WINDOWS\system32\accwiz.bin
2008-04-14 17:57 . 2008-04-14 18:33 d-------- C:\Program Files\SolidWorks Installation Manager
2008-04-14 17:54 . 2008-04-14 18:31 d-------- C:\Program Files\Common Files\eDrawings2007
2008-04-14 17:49 . 2008-04-16 17:02 d-------- C:\Program Files\SolidWorks
2008-04-13 22:25 . 2008-04-13 23:48 d-------- C:\Documents and Settings\Järjestelmänvalvoja.MAKE\Suosikit
2008-04-13 22:25 . 2008-04-13 23:48 d-------- C:\Documents and Settings\Järjestelmänvalvoja.MAKE\Mallit
2008-04-13 22:25 . 2008-04-13 23:48 d---s---- C:\Documents and Settings\Järjestelmänvalvoja.M
2008-04-13 22:25 . 2008-05-02 20:34 1,024 --ah----- C:\Documents and Settings\Järjestelmänvalvoja.\ntuser.dat.LOG
2008-04-13 15:44 . 2008-04-29 23:17 d-------- C:\Program Files\CncSimulator
2008-04-13 11:32 . 2008-04-13 11:39 d-------- C:\Program Files\RocketDock
2008-04-12 19:16 . 2008-04-12 19:16 d-------- C:\WINDOWS\SOLIDWORKS.2003.LICENSE.ONLY-RORiSO
2008-04-12 12:16 . 2008-04-13 13:51 135 --a------ C:\WINDOWS\system32\netmsg.bin
2008-04-12 12:14 . 2008-04-13 13:51 135 --a------ C:\WINDOWS\system32\ole.inf
2008-04-12 12:12 . 2008-04-13 13:51 133 --a------ C:\WINDOWS\system32\winver.bin
2008-04-12 12:09 . 2008-04-12 12:16 137 --a------ C:\WINDOWS\system32\service.inf
2008-04-12 12:08 . 2008-04-12 12:16 139 --a------ C:\WINDOWS\system32\odbc.inf
2008-04-11 18:51 . 2008-04-13 13:57 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-04-11 16:14 . 2008-04-11 16:14 d-------- C:\Documents and Settings\M\Application Data\DassaultSystemes
2008-04-11 16:14 . 2008-04-11 16:14 d-------- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
2008-04-11 16:12 . 2008-05-01 21:51 d-------- C:\Documents and Settings\M\Application Data\SolidWorks
2008-04-11 16:10 . 2008-04-11 16:10 d-------- C:\Documents and Settings\M\Application Data\DWGeditor
2008-04-11 16:09 . 2008-04-14 18:36 d-------- C:\Program Files\DWGeditor
2008-04-11 16:09 . 2008-04-11 16:09 0 --a------ C:\WINDOWS\eDrawingOfficeAutomator.INI
2008-04-11 16:08 . 2004-11-05 11:08 670,208 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-04-11 16:07 . 2008-04-11 16:07 23 --ah----- C:\WINDOWS\yacht.xws
2008-04-11 16:03 . 2008-04-11 16:03 d-------- C:\WINDOWS\system32\GroupPolicy
2008-04-11 16:01 . 2008-04-14 18:31 d-------- C:\Program Files\Common Files\SolidWorks Shared
2008-04-11 16:00 . 2008-04-12 11:35 d-------- C:\Program Files\Common Files\Solidworks Data
2008-04-11 15:59 . 2008-04-14 20:08 d-------- C:\Program Files\Windows Desktop Search
2008-04-11 15:58 . 2008-04-11 15:58 42 --a------ C:\WINDOWS\trailer.xws
2008-04-10 22:17 . 2008-04-10 22:24 d-------- C:\Program Files\Common Files\Real
2008-04-07 22:54 . 2008-04-07 22:54 d-------- C:\Documents and Settings\M\Application Data\Media Player Classic
2008-04-07 22:40 . 2008-04-07 22:40 d-------- C:\Documents and Settings\M\Application Data\Uniblue
2008-04-06 13:38 . 2008-04-06 13:38 d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-04-06 13:37 . 2008-04-06 13:37 104,066 --a------ C:\WINDOWS\hpqins16.dat
2008-04-05 22:33 . 2008-04-09 16:19 d-------- C:\Documents and Settings\M\Application Data\Inkscape
2008-04-05 22:05 . 2008-04-05 22:05 d-------- C:\Program Files\Blender Foundation
2008-04-03 17:02 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-03 17:02 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 19:26 --------- d-----w C:\Documents and Settings\M\Application Data\U3
2008-04-30 15:29 --------- d-----w C:\Program Files\Macrogaming
2008-04-27 07:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-22 19:11 --------- d-----w C:\Program Files\Microsoft Works
2008-04-13 12:43 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-12 18:13 --------- d-----w C:\Program Files\DC
2008-04-10 16:44 --------- d-----w C:\Program Files\Google
2008-04-09 14:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Elisa
2008-04-09 12:53 --------- d-----w C:\Program Files\Common Files\HP
2008-04-08 15:48 --------- d-----w C:\Program Files\HP
2008-03-31 13:10 --------- d-----w C:\Program Files\MicroTech
2008-03-31 12:20 --------- d-----w C:\Program Files\CNC Consulting
2008-03-31 12:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\License
2008-03-28 13:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-28 13:51 --------- d-----w C:\Program Files\Common Files\WinMain
2008-03-28 13:51 --------- d-----w C:\Program Files\Codejock Software
2008-03-28 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-28 13:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-23 08:29 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2008-03-23 06:50 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-23 06:45 --------- d-----w C:\Program Files\Windows Live
2008-03-22 19:53 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-22 19:48 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-22 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-22 19:40 --------- d-----w C:\Program Files\MSN Messenger
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-19 20:27 --------- d-----w C:\Documents and Settings\M\Application Data\Thunderbird
2008-03-09 20:36 64,194 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-03-09 20:36 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-09 20:36 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-09 20:36 219,136 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-03-05 16:02 --------- d-----w C:\Program Files\Java
2008-03-05 15:59 --------- d-----w C:\Program Files\Common Files\Java
2008-03-01 15:31 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:56 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:55 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:38 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-18 19:07 496 ----a-w C:\Documents and Settings\Application Data\wklnhst.dat
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-01-18 08:54 146,944 ----a-w C:\Documents and Settings\\regedit.exe
2006-01-18 08:53 9,216 ----a-w C:\Documents and Settings\\find.exe
2006-01-18 08:53 28,160 ----a-w C:\Documents and Settings\M\findstr.exe
2006-01-18 08:53 11,264 ----a-w C:\Documents and Settings\M\attrib.exe
2007-05-09 10:04 10,240 --sha-w C:\WINDOWS\rnapxs\Rnapxs.dat
.
------- Sigcheck -------
2007-06-13 16:10 975872 4b9c8312419c1d7ab0566a8dfa486293 C:\WINDOWS\explorer.exe
2006-01-18 11:41 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\$NtUninstallKB884883$\explorer.exe
2006-01-18 11:54 1032704 1a3e2819261549ecad11f2759f8da16f C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 16:10 975872 4b9c8312419c1d7ab0566a8dfa486293 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-02_ )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-01 18:48:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-05-02 17:50:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-05-02 17:50:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_59c.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CtrlVol"="C:\Launch Manager\CtrlVol.exe" [2006-01-18 11:36 20480]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 20:37 79224]
"Wbutton"="C:\Launch Manager\Wbutton.exe" [2006-01-18 11:36 81920]
"LMgrVolOSD"="C:\Launch Manager\OSD.exe" [2006-01-18 11:36 204800]
"LMgrOSD"="C:\Launch Manager\OSDCtrl.exe" [2006-01-18 11:36 245760]
"LaunchAp"="C:\Launch Manager\LaunchAp.exe" [2006-01-18 11:36 32768]
"HotkeyApp"="C:\Launch Manager\HotkeyApp.exe" [2006-01-18 11:36 57344]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-01-18 11:53 15360]
C:\Documents and Settings\\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 01:05:02 630784]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^SolidWorks Suomeksi.lnk]
backup=C:\WINDOWS\pss\SolidWorks Suomeksi.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^^Käynnistä-valikko^Ohjelmat^Käynnistys^RocketDock.lnk]
path=C:\Documents and Settings\\Käynnistä-valikko\Ohjelmat\Käynnistys\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 12:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 18:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2006-01-18 11:53 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 13:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-06-27 17:21 1449984 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-01-18 11:54 77824 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2008-01-02 21:15 103712 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-01-18 11:41 737369 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 20:31]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2006-01-18 11:52]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20:35]
R2 BUFADPT;BUFADPT;C:\WINDOWS\system32\BUFADPT.SYS [2005-03-10 08:44]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d40da0dc-9a63-11dc-84f3-000ae4b5d82b}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f99bb65a-87fa-11da-88b2-000ae4a9347e}]
\Shell\AutoRun\command - D:\setupSNK.exe
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-04-25 14:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 20:55:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = C:\Launch Manager\CtrlVol.exe???????8???????@3??T??????|x??|????q??|?j?wQj?w????????,??? ???|???????????\??????|????????h?????@????????????????s???????s???sx??s@??????????????|h??sl??????????s?????????????????C?sc"?sx??s???????w??@?N'?s?>9?-6@???9????????
scanning hidden files ...
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
Completion time: 2008-05-02 20:58:01
ComboFix-quarantined-files.txt 2008-05-02 17:57:50
ComboFix2.txt 2008-05-02 17:38:56
Pre-Run: 19,731,054,592 tavua vapaana
Post-Run: 19,720,499,200 tavua vapaana
215 --- E O F --- 2008-05-02 15:01:13 - Jaabadaaba
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:42, on 2.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Launch Manager\Wbutton.exe
C:\Launch Manager\OSD.exe
C:\Launch Manager\OSDCtrl.exe
C:\Launch Manager\LaunchAp.exe
C:\Launch Manager\HotkeyApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\HJT\HiJackThis_v2.0.2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.kponet.fi:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154541645140
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
--
End of file - 5067 bytes
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Taisin tehdä virheen
Kaipaan sua enemmän kuin kuvittelin. Luulin, että helpottuisin, mutta olinkin täysin väärässä. Vieläkö vastaisit minulle513326Hyvä että lähdit siitä
Ties mitä oisin keksinyt jos oisit jäänyt siihen, näit varmaan miten katoin sua.... 😘🤭😎💖472782Koronarokotus sattui oudon paljon nyt sairaanhoitaja Tanja 46 istuu pyörätuolissa
Pitkä piina piikistä Kun Tanja Vatka käy suihkussa, tuntuu kuin ihoa revittäisiin raastinraudalla irti. Hän on kärsinyt1412573Nyt tuntuu siltä, että on pakko päästä puhumaan kanssasi
Tuntuu että sekoan tämän kaiken takia. Miehelle572291Olisitko mies valmis?
Maksamaan naisellesi/vaimollesi/tyttöystävällesi elämisestä syntyvät kulut, ruokailun, vuokran ja muut välttämättömät me3552014- 1511634
- 761485
vieläkin sanoa voin...
💖💛💖💛💖💛💖💛💖 💛 Beijjjbeh 💛 Kaks vuotta tänään täällä. Miten hitossa jotkut on jaksaneet kymmeniä vuos231308Nainen onko sulla supervoimmia ?
Voisitko auttaa miestä mäessä? Tarjota auttavan käden ja jeesata tätä miestä? Tai antaa olla et sä kuitenkaan auta.351258- 241164