Jos gurut voisi auttaa....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:20, on 6.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\mservice.exe
C:\WINDOWS\service.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw 0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw 0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {787D6003-DFC4-406D-AEF2-4A624937496C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 22750 bytes
Jotakin ylimääräistä koneessa, mitä?
9
512
Vastaukset
- FixFix
Poista lisää poista sovelutuksesta
==> LogitechDesktop Messenger Spybot - Search & Destroy Spybot - Search & Destroy- juikis
Tässä tämä.
ComboFix 08-06-05.3 - Jukka 2008-06-06 16:06:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1594 [GMT 3:00]
Running from: C:\Documents and Settings\Jukka\Työpöytä\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\service.exe
C:\WINDOWS\ups.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-06 to 2008-06-06 )))))))))))))))))
.
2008-06-06 16:11 . 2008-06-06 16:11 49,156 -r-hs---- C:\WINDOWS\ups.exe
2008-06-06 14:58 . 2008-06-06 16:11 49,156 --a------ C:\sz.exe
2008-06-06 14:06 . 2008-06-06 14:06 2,232 --a------ C:\sexx22.exe
2008-06-06 14:06 . 2008-06-06 15:56 2,232 --a------ C:\sexx2.exe
2008-06-06 13:30 . 2008-06-06 13:30 49,156 --a------ C:\sex22.exe
2008-06-06 13:23 . 2008-06-06 13:55 49,156 --a------ C:\sex2.exe
2008-06-06 13:21 . 2008-06-06 13:21 49,156 --a------ C:\sex.exe
2008-06-06 10:41 . 2008-06-06 10:41 2,232 --a------ C:\sf.exe
2008-06-06 09:38 . 2008-06-06 15:50 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 09:22 . 2008-06-06 09:22 54 --a------ C:\WINDOWS\wininit.ini
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ C:\Documents and Settings\Jukka\stp.exe
2008-06-04 14:37 . 2008-06-04 16:03 3,424 --a------ C:\Documents and Settings\Jukka\setup.exe
2008-06-03 19:53 . 2008-06-04 14:31 3,423 --a------ C:\WINDOWS\is154890.exe
2008-06-03 18:36 . 2008-06-03 22:58 86,548 --a------ C:\Documents and Settings\Tuuli\setupa.exe
2008-06-03 16:25 . 2008-06-03 16:25 d-------- C:\Documents and Settings\Atte\Contacts
2008-06-03 08:45 . 2008-06-03 08:45 d-------- C:\Program Files\Trend Micro
2008-06-03 07:47 . 2008-06-03 07:47 d-------- C:\Program Files\Lavasoft
2008-06-03 07:47 . 2008-06-03 07:49 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-03 07:46 . 2008-06-03 07:46 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-02 22:29 . 2008-06-02 22:29 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-06-02 21:35 . 2008-06-03 18:18 96,950 --a------ C:\Documents and Settings\Tuuli\setup.exe
2008-06-02 21:23 . 2008-06-02 21:23 96,950 -r-hs---- C:\WINDOWS\mservice.exe
2008-06-01 16:46 . 2008-06-01 16:46 86,512 --a------ C:\irc.com
2008-05-31 18:53 . 2008-05-31 20:38 86,512 --a------ C:\Documents and Settings\Jukka\setup1.exe
2008-05-31 14:12 . 2008-05-31 14:12 86,512 --a------ C:\setup1.exe
2008-05-30 19:23 . 2008-05-30 22:12 60,132 --a------ C:\dcsi.exe
2008-05-30 18:08 . 2008-05-30 23:00 60,132 --a------ C:\dci.exe
2008-05-19 17:32 . 2008-05-19 17:32 d--h----- C:\WINDOWS\PIF
2008-05-18 14:56 . 2008-05-18 14:56 7,168 --ahs---- C:\Documents and Settings\Thumbs.db
2008-05-17 14:30 . 2008-05-17 14:30 d-------- C:\Program Files\Pan Vision
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-15 20:46 . 2008-06-06 13:51 244 --ah----- C:\sqmnoopt19.sqm
2008-05-15 20:46 . 2008-06-06 13:51 232 --ah----- C:\sqmdata19.sqm
2008-05-15 08:58 . 2008-06-06 13:26 244 --ah----- C:\sqmnoopt18.sqm
2008-05-15 08:58 . 2008-06-06 13:26 232 --ah----- C:\sqmdata18.sqm
2008-05-14 22:48 . 2008-06-06 13:12 244 --ah----- C:\sqmnoopt17.sqm
2008-05-14 22:48 . 2008-06-06 13:12 232 --ah----- C:\sqmdata17.sqm
2008-05-13 22:40 . 2008-06-06 10:41 244 --ah----- C:\sqmnoopt16.sqm
2008-05-13 22:40 . 2008-06-06 10:41 232 --ah----- C:\sqmdata16.sqm
2008-05-12 23:49 . 2008-06-06 09:01 244 --ah----- C:\sqmnoopt15.sqm
2008-05-12 23:49 . 2008-06-06 09:01 232 --ah----- C:\sqmdata15.sqm
2008-05-11 23:52 . 2008-06-05 11:42 244 --ah----- C:\sqmnoopt14.sqm
2008-05-11 23:52 . 2008-06-05 11:42 232 --ah----- C:\sqmdata14.sqm
2008-05-10 23:27 . 2008-06-04 23:46 244 --ah----- C:\sqmnoopt13.sqm
2008-05-10 23:27 . 2008-06-04 23:46 232 --ah----- C:\sqmdata13.sqm
2008-05-10 11:31 . 2008-06-04 22:37 244 --ah----- C:\sqmnoopt12.sqm
2008-05-10 11:31 . 2008-06-04 22:37 232 --ah----- C:\sqmdata12.sqm
2008-05-10 02:55 . 2008-06-04 21:58 244 --ah----- C:\sqmnoopt11.sqm
2008-05-10 02:55 . 2008-06-04 21:58 232 --ah----- C:\sqmdata11.sqm
2008-05-09 23:02 . 2008-06-04 21:58 244 --ah----- C:\sqmnoopt10.sqm
2008-05-09 23:02 . 2008-06-04 21:58 232 --ah----- C:\sqmdata10.sqm
2008-05-09 15:29 . 2004-09-14 16:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-08 22:39 . 2008-06-04 21:52 244 --ah----- C:\sqmnoopt09.sqm
2008-05-08 22:39 . 2008-06-04 21:52 232 --ah----- C:\sqmdata09.sqm
2008-05-08 21:08 . 2008-06-04 15:48 244 --ah----- C:\sqmnoopt08.sqm
2008-05-08 21:08 . 2008-06-04 15:48 232 --ah----- C:\sqmdata08.sqm
2008-05-08 15:10 . 2008-05-08 15:10 d-------- C:\Program Files\LittleFighter2
2008-05-08 14:54 . 2008-06-04 15:37 244 --ah----- C:\sqmnoopt07.sqm
2008-05-08 14:54 . 2008-06-04 15:37 232 --ah----- C:\sqmdata07.sqm
2008-05-08 14:51 . 2008-06-04 15:13 244 --ah----- C:\sqmnoopt06.sqm
2008-05-08 14:51 . 2008-06-04 15:13 232 --ah----- C:\sqmdata06.sqm
2008-05-08 00:09 . 2008-06-04 14:31 244 --ah----- C:\sqmnoopt05.sqm
2008-05-08 00:09 . 2008-06-04 14:31 232 --ah----- C:\sqmdata05.sqm
2008-05-06 23:11 . 2008-06-04 08:29 244 --ah----- C:\sqmnoopt04.sqm
2008-05-06 23:11 . 2008-06-04 08:29 232 --ah----- C:\sqmdata04.sqm
2008-05-06 07:20 . 2008-05-06 07:23 d-------- C:\Program Files\Torpedo Software
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 12:49 --------- d-----w C:\Program Files\Logitech
2008-06-06 06:22 --------- d-----w C:\Program Files\Natulafree1
2008-06-04 08:18 --------- d-----w C:\Documents and Settings\Tuuli\Application Data\PC Suite
2008-06-03 05:20 --------- d-----w C:\Documents and Settings\Jukka\Application Data\PC Suite
2008-05-27 15:36 --------- d-----w C:\Program Files\GmRek2K
2008-05-15 15:32 --------- d-----w C:\Program Files\Eggsucker
2008-05-13 12:57 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-13 12:57 --------- d-----w C:\Program Files\Bejeweled 2 Deluxe
2008-05-05 14:48 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-05-05 14:47 --------- d-----w C:\Program Files\Shapes
2008-05-05 14:47 --------- d-----w C:\Program Files\Raptisoft
2008-05-05 14:34 --------- d-----w C:\Program Files\SuperTux
2008-05-05 14:23 --------- d-----w C:\Program Files\President Forever Demo
2008-05-01 17:19 --------- d-----w C:\Documents and Settings\Tuuli\Application Data\Skype
2008-05-01 17:18 --------- d-----w C:\Documents and Settings\Tuuli\Application Data\skypePM
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-26 09:56 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Skype
2008-04-25 14:24 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-25 14:24 --------- d-----w C:\Documents and Settings\Jukka\Application Data\skypePM
2008-04-25 14:16 --------- d-----w C:\Program Files\Skype
2008-04-25 14:16 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-25 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-04-17 17:17 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Nokia
2008-04-16 19:56 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-16 17:58 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Nokia Multimedia Player
2008-04-15 16:38 --------- d-----w C:\Program Files\Java
2008-04-15 16:35 --------- d-----w C:\Program Files\Common Files\Java
2008-04-15 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-15 14:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 14:44 --------- d-----w C:\Program Files\Common Files\Logitech
2008-04-15 14:43 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-04-15 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-15 14:30 --------- d-----w C:\Program Files\Windows Live
2008-04-15 14:26 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-13 18:36 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Vso
2008-04-08 14:41 --------- d-----w C:\Program Files\3DHockey
2008-04-08 14:13 --------- d-----w C:\Program Files\Alawar
2008-04-08 14:06 --------- d-----w C:\Program Files\PySol Solitaire
2008-04-01 14:14 27,336 ----a-w C:\Documents and Settings\Tuuli\Application Data\GDIPFONTCACHEV1.DAT
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-23 09:50 252,928 ----a-w C:\Documents and Settings\Jukka\Application Data\installer_fi[1].exe
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
1999-08-19 15:05 168,448 ----a-w C:\Documents and Settings\Tuuli\balls.exe
1999-08-19 14:47 96,762 ----a-w C:\Documents and Settings\Tuuli\makemap.exe
1998-03-01 19:34 160,256 ----a-w C:\Documents and Settings\Tuuli\MIDAS11.DLL
2008-02-12 20:04 8 --sh--r C:\WINDOWS\system32\3BDC8BB6A5.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 11:26 86016]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C6501Sound"="c6501.cpl" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 02:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 02:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 02:07 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 16:00 79224]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 08:34 360448]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-14 16:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 13:34 406016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 17:04 11776]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-05-10 17:04 110592]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:03 284184]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 21:58 746520]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01 244512]
"Windows svchost"="ups.exe" [2004-09-14 16:12 18432 C:\WINDOWS\system32\ups.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 16:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-12 20:16:37 113664]
BTTray.lnk - C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe [2004-11-30 14:30:00 565309]
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2008-02-12 19:16:01 73728]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2008-02-12 19:44:12 581632]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 13:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\SecTrap.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Eggsucker\\eggsucker.exe"=
"C:\\Program Files\\LittleFighter2\\LF2_v1.9\\lf2.exe"=
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\c6501.sys [2007-07-09 13:42]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-06 12:35:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 16:11:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\ups.exe 49156 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
Completion time: 2008-06-06 16:15:52
ComboFix-quarantined-files.txt 2008-06-06 13:15:39
Pre-Run: 37,792,325,632 tavua vapaana
Post-Run: 38,610,534,400 tavua vapaana
213 --- E O F --- 2008-05-16 17:38:42 - FixFix
juikis kirjoitti:
Tässä tämä.
ComboFix 08-06-05.3 - Jukka 2008-06-06 16:06:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1594 [GMT 3:00]
Running from: C:\Documents and Settings\Jukka\Työpöytä\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\service.exe
C:\WINDOWS\ups.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-06 to 2008-06-06 )))))))))))))))))
.
2008-06-06 16:11 . 2008-06-06 16:11 49,156 -r-hs---- C:\WINDOWS\ups.exe
2008-06-06 14:58 . 2008-06-06 16:11 49,156 --a------ C:\sz.exe
2008-06-06 14:06 . 2008-06-06 14:06 2,232 --a------ C:\sexx22.exe
2008-06-06 14:06 . 2008-06-06 15:56 2,232 --a------ C:\sexx2.exe
2008-06-06 13:30 . 2008-06-06 13:30 49,156 --a------ C:\sex22.exe
2008-06-06 13:23 . 2008-06-06 13:55 49,156 --a------ C:\sex2.exe
2008-06-06 13:21 . 2008-06-06 13:21 49,156 --a------ C:\sex.exe
2008-06-06 10:41 . 2008-06-06 10:41 2,232 --a------ C:\sf.exe
2008-06-06 09:38 . 2008-06-06 15:50 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 09:22 . 2008-06-06 09:22 54 --a------ C:\WINDOWS\wininit.ini
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ C:\Documents and Settings\Jukka\stp.exe
2008-06-04 14:37 . 2008-06-04 16:03 3,424 --a------ C:\Documents and Settings\Jukka\setup.exe
2008-06-03 19:53 . 2008-06-04 14:31 3,423 --a------ C:\WINDOWS\is154890.exe
2008-06-03 18:36 . 2008-06-03 22:58 86,548 --a------ C:\Documents and Settings\Tuuli\setupa.exe
2008-06-03 16:25 . 2008-06-03 16:25 d-------- C:\Documents and Settings\Atte\Contacts
2008-06-03 08:45 . 2008-06-03 08:45 d-------- C:\Program Files\Trend Micro
2008-06-03 07:47 . 2008-06-03 07:47 d-------- C:\Program Files\Lavasoft
2008-06-03 07:47 . 2008-06-03 07:49 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-03 07:46 . 2008-06-03 07:46 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-02 22:29 . 2008-06-02 22:29 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-06-02 21:35 . 2008-06-03 18:18 96,950 --a------ C:\Documents and Settings\Tuuli\setup.exe
2008-06-02 21:23 . 2008-06-02 21:23 96,950 -r-hs---- C:\WINDOWS\mservice.exe
2008-06-01 16:46 . 2008-06-01 16:46 86,512 --a------ C:\irc.com
2008-05-31 18:53 . 2008-05-31 20:38 86,512 --a------ C:\Documents and Settings\Jukka\setup1.exe
2008-05-31 14:12 . 2008-05-31 14:12 86,512 --a------ C:\setup1.exe
2008-05-30 19:23 . 2008-05-30 22:12 60,132 --a------ C:\dcsi.exe
2008-05-30 18:08 . 2008-05-30 23:00 60,132 --a------ C:\dci.exe
2008-05-19 17:32 . 2008-05-19 17:32 d--h----- C:\WINDOWS\PIF
2008-05-18 14:56 . 2008-05-18 14:56 7,168 --ahs---- C:\Documents and Settings\Thumbs.db
2008-05-17 14:30 . 2008-05-17 14:30 d-------- C:\Program Files\Pan Vision
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-15 20:46 . 2008-06-06 13:51 244 --ah----- C:\sqmnoopt19.sqm
2008-05-15 20:46 . 2008-06-06 13:51 232 --ah----- C:\sqmdata19.sqm
2008-05-15 08:58 . 2008-06-06 13:26 244 --ah----- C:\sqmnoopt18.sqm
2008-05-15 08:58 . 2008-06-06 13:26 232 --ah----- C:\sqmdata18.sqm
2008-05-14 22:48 . 2008-06-06 13:12 244 --ah----- C:\sqmnoopt17.sqm
2008-05-14 22:48 . 2008-06-06 13:12 232 --ah----- C:\sqmdata17.sqm
2008-05-13 22:40 . 2008-06-06 10:41 244 --ah----- C:\sqmnoopt16.sqm
2008-05-13 22:40 . 2008-06-06 10:41 232 --ah----- C:\sqmdata16.sqm
2008-05-12 23:49 . 2008-06-06 09:01 244 --ah----- C:\sqmnoopt15.sqm
2008-05-12 23:49 . 2008-06-06 09:01 232 --ah----- C:\sqmdata15.sqm
2008-05-11 23:52 . 2008-06-05 11:42 244 --ah----- C:\sqmnoopt14.sqm
2008-05-11 23:52 . 2008-06-05 11:42 232 --ah----- C:\sqmdata14.sqm
2008-05-10 23:27 . 2008-06-04 23:46 244 --ah----- C:\sqmnoopt13.sqm
2008-05-10 23:27 . 2008-06-04 23:46 232 --ah----- C:\sqmdata13.sqm
2008-05-10 11:31 . 2008-06-04 22:37 244 --ah----- C:\sqmnoopt12.sqm
2008-05-10 11:31 . 2008-06-04 22:37 232 --ah----- C:\sqmdata12.sqm
2008-05-10 02:55 . 2008-06-04 21:58 244 --ah----- C:\sqmnoopt11.sqm
2008-05-10 02:55 . 2008-06-04 21:58 232 --ah----- C:\sqmdata11.sqm
2008-05-09 23:02 . 2008-06-04 21:58 244 --ah----- C:\sqmnoopt10.sqm
2008-05-09 23:02 . 2008-06-04 21:58 232 --ah----- C:\sqmdata10.sqm
2008-05-09 15:29 . 2004-09-14 16:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-08 22:39 . 2008-06-04 21:52 244 --ah----- C:\sqmnoopt09.sqm
2008-05-08 22:39 . 2008-06-04 21:52 232 --ah----- C:\sqmdata09.sqm
2008-05-08 21:08 . 2008-06-04 15:48 244 --ah----- C:\sqmnoopt08.sqm
2008-05-08 21:08 . 2008-06-04 15:48 232 --ah----- C:\sqmdata08.sqm
2008-05-08 15:10 . 2008-05-08 15:10 d-------- C:\Program Files\LittleFighter2
2008-05-08 14:54 . 2008-06-04 15:37 244 --ah----- C:\sqmnoopt07.sqm
2008-05-08 14:54 . 2008-06-04 15:37 232 --ah----- C:\sqmdata07.sqm
2008-05-08 14:51 . 2008-06-04 15:13 244 --ah----- C:\sqmnoopt06.sqm
2008-05-08 14:51 . 2008-06-04 15:13 232 --ah----- C:\sqmdata06.sqm
2008-05-08 00:09 . 2008-06-04 14:31 244 --ah----- C:\sqmnoopt05.sqm
2008-05-08 00:09 . 2008-06-04 14:31 232 --ah----- C:\sqmdata05.sqm
2008-05-06 23:11 . 2008-06-04 08:29 244 --ah----- C:\sqmnoopt04.sqm
2008-05-06 23:11 . 2008-06-04 08:29 232 --ah----- C:\sqmdata04.sqm
2008-05-06 07:20 . 2008-05-06 07:23 d-------- C:\Program Files\Torpedo Software
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 12:49 --------- d-----w C:\Program Files\Logitech
2008-06-06 06:22 --------- d-----w C:\Program Files\Natulafree1
2008-06-04 08:18 --------- d-----w C:\Documents and Settings\Tuuli\Application Data\PC Suite
2008-06-03 05:20 --------- d-----w C:\Documents and Settings\Jukka\Application Data\PC Suite
2008-05-27 15:36 --------- d-----w C:\Program Files\GmRek2K
2008-05-15 15:32 --------- d-----w C:\Program Files\Eggsucker
2008-05-13 12:57 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-13 12:57 --------- d-----w C:\Program Files\Bejeweled 2 Deluxe
2008-05-05 14:48 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-05-05 14:47 --------- d-----w C:\Program Files\Shapes
2008-05-05 14:47 --------- d-----w C:\Program Files\Raptisoft
2008-05-05 14:34 --------- d-----w C:\Program Files\SuperTux
2008-05-05 14:23 --------- d-----w C:\Program Files\President Forever Demo
2008-05-01 17:19 --------- d-----w C:\Documents and Settings\Tuuli\Application Data\Skype
2008-05-01 17:18 --------- d-----w C:\Documents and Settings\Tuuli\Application Data\skypePM
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-26 09:56 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Skype
2008-04-25 14:24 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-25 14:24 --------- d-----w C:\Documents and Settings\Jukka\Application Data\skypePM
2008-04-25 14:16 --------- d-----w C:\Program Files\Skype
2008-04-25 14:16 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-25 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-04-17 17:17 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Nokia
2008-04-16 19:56 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-16 17:58 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Nokia Multimedia Player
2008-04-15 16:38 --------- d-----w C:\Program Files\Java
2008-04-15 16:35 --------- d-----w C:\Program Files\Common Files\Java
2008-04-15 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-15 14:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 14:44 --------- d-----w C:\Program Files\Common Files\Logitech
2008-04-15 14:43 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-04-15 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-15 14:30 --------- d-----w C:\Program Files\Windows Live
2008-04-15 14:26 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-13 18:36 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Vso
2008-04-08 14:41 --------- d-----w C:\Program Files\3DHockey
2008-04-08 14:13 --------- d-----w C:\Program Files\Alawar
2008-04-08 14:06 --------- d-----w C:\Program Files\PySol Solitaire
2008-04-01 14:14 27,336 ----a-w C:\Documents and Settings\Tuuli\Application Data\GDIPFONTCACHEV1.DAT
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-23 09:50 252,928 ----a-w C:\Documents and Settings\Jukka\Application Data\installer_fi[1].exe
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
1999-08-19 15:05 168,448 ----a-w C:\Documents and Settings\Tuuli\balls.exe
1999-08-19 14:47 96,762 ----a-w C:\Documents and Settings\Tuuli\makemap.exe
1998-03-01 19:34 160,256 ----a-w C:\Documents and Settings\Tuuli\MIDAS11.DLL
2008-02-12 20:04 8 --sh--r C:\WINDOWS\system32\3BDC8BB6A5.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 11:26 86016]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C6501Sound"="c6501.cpl" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 02:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 02:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 02:07 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 16:00 79224]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 08:34 360448]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-14 16:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 13:34 406016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 17:04 11776]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-05-10 17:04 110592]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:03 284184]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 21:58 746520]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01 244512]
"Windows svchost"="ups.exe" [2004-09-14 16:12 18432 C:\WINDOWS\system32\ups.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 16:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-12 20:16:37 113664]
BTTray.lnk - C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe [2004-11-30 14:30:00 565309]
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2008-02-12 19:16:01 73728]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2008-02-12 19:44:12 581632]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 13:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\SecTrap.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Eggsucker\\eggsucker.exe"=
"C:\\Program Files\\LittleFighter2\\LF2_v1.9\\lf2.exe"=
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\c6501.sys [2007-07-09 13:42]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-06 12:35:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 16:11:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\ups.exe 49156 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
Completion time: 2008-06-06 16:15:52
ComboFix-quarantined-files.txt 2008-06-06 13:15:39
Pre-Run: 37,792,325,632 tavua vapaana
Post-Run: 38,610,534,400 tavua vapaana
213 --- E O F --- 2008-05-16 17:38:42sillain hellästi ;)
*******
Poiista lisää poista sovelutuksesta
Logitech Desktop Messenger
Spybot - Search & Destroy
Poista kansio vikasiedossa
C:\Program Files\==> Spybot - Search & Destroy - juikis
FixFix kirjoitti:
sillain hellästi ;)
*******
Poiista lisää poista sovelutuksesta
Logitech Desktop Messenger
Spybot - Search & Destroy
Poista kansio vikasiedossa
C:\Program Files\==> Spybot - Search & DestroyNiin hommat on tehty jatuossa logia.
ComboFix 08-06-05.3 - Jukka 2008-06-06 17:32:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1573 [GMT 3:00]
Running from: C:\Documents and Settings\Jukka\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jukka\Työpöytä\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\dci.exe C:\sqmnoopt19.sqm
C:\dcsi.exe
C:\irc.com
C:\sex.exe
C:\sex2.exe
C:\sex22.exe
C:\sexx2.exe
C:\sexx22.exe
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\Windows\mservice.exe
C:\WINDOWS\service.exe
C:\WINDOWS\ups.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\dcsi.exe
C:\irc.com
C:\sex.exe
C:\sex2.exe
C:\sex22.exe
C:\sexx2.exe
C:\sexx22.exe
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\Windows\mservice.exe
C:\WINDOWS\ups.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-06 to 2008-06-06 )))))))))))))))))
.
2008-06-06 17:21 . 2008-06-06 17:21 49,156 --a------ C:\shz.exe
2008-06-06 14:58 . 2008-06-06 16:11 49,156 --a------ C:\sz.exe
2008-06-06 10:41 . 2008-06-06 10:41 2,232 --a------ C:\sf.exe
2008-06-06 09:38 . 2008-06-06 15:50 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 09:22 . 2008-06-06 09:22 54 --a------ C:\WINDOWS\wininit.ini
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ C:\Documents and Settings\Jukka\stp.exe
2008-06-04 14:37 . 2008-06-04 16:03 3,424 --a------ C:\Documents and Settings\Jukka\setup.exe
2008-06-03 19:53 . 2008-06-04 14:31 3,423 --a------ C:\WINDOWS\is154890.exe
2008-06-03 18:36 . 2008-06-03 22:58 86,548 --a------ C:\Documents and Settings\Tuuli\setupa.exe
2008-06-03 16:25 . 2008-06-03 16:25 d-------- C:\Documents and Settings\Atte\Contacts
2008-06-03 08:45 . 2008-06-03 08:45 d-------- C:\Program Files\Trend Micro
2008-06-03 07:47 . 2008-06-03 07:47 d-------- C:\Program Files\Lavasoft
2008-06-03 07:47 . 2008-06-03 07:49 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-03 07:46 . 2008-06-03 07:46 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-02 22:29 . 2008-06-02 22:29 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-06-02 21:35 . 2008-06-03 18:18 96,950 --a------ C:\Documents and Settings\Tuuli\setup.exe
2008-05-31 18:53 . 2008-05-31 20:38 86,512 --a------ C:\Documents and Settings\Jukka\setup1.exe
2008-05-31 14:12 . 2008-05-31 14:12 86,512 --a------ C:\setup1.exe
2008-05-30 18:08 . 2008-05-30 23:00 60,132 --a------ C:\dci.exe
2008-05-19 17:32 . 2008-05-19 17:32 d--h----- C:\WINDOWS\PIF
2008-05-18 14:56 . 2008-05-18 14:56 7,168 --ahs---- C:\Documents and Settings\Thumbs.db
2008-05-17 14:30 . 2008-05-17 14:30 d-------- C:\Program Files\Pan Vision
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-15 20:46 . 2008-06-06 13:51 244 --ah----- C:\sqmnoopt19.sqm
2008-05-09 15:29 . 2004-09-14 16:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-08 15:10 . 2008-05-08 15:10 d-------- C:\Program Files\LittleFighter2
2008-05-06 07:20 . 2008-05-06 07:23 d-------- C:\Program Files\Torpedo Software
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 12:49 --------- d-----w C:\Program Files\Logitech
2008-06-06 06:22 --------- d-----w C:\Program Files\Natulafree1
2008-06-04 08:18 --------- d-----w C:\Documents and Settings\Tuuli\Application Data\PC Suite
2008-06-03 05:20 --------- d-----w C:\Documents and Settings\Jukka\Application Data\PC Suite
2008-05-27 15:36 --------- d-----w C:\Program Files\GmRek2K
2008-05-15 15:32 --------- d-----w C:\Program Files\Eggsucker
2008-05-13 12:57 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-13 12:57 --------- d-----w C:\Program Files\Bejeweled 2 Deluxe
2008-05-05 14:48 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-05-05 14:47 --------- d-----w C:\Program Files\Shapes
2008-05-05 14:47 --------- d-----w C:\Program Files\Raptisoft
2008-05-05 14:34 --------- d-----w C:\Program Files\SuperTux
2008-05-05 14:23 --------- d-----w C:\Program Files\President Forever Demo
2008-05-01 17:19 --------- d-----w C:\Documents and Settings\Tuuli\Application Data\Skype
2008-05-01 17:18 --------- d-----w C:\Documents and Settings\Tuuli\Application Data\skypePM
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-26 09:56 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Skype
2008-04-25 14:24 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-25 14:24 --------- d-----w C:\Documents and Settings\Jukka\Application Data\skypePM
2008-04-25 14:16 --------- d-----w C:\Program Files\Skype
2008-04-25 14:16 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-25 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-04-17 17:17 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Nokia
2008-04-16 19:56 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-16 17:58 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Nokia Multimedia Player
2008-04-15 16:38 --------- d-----w C:\Program Files\Java
2008-04-15 16:35 --------- d-----w C:\Program Files\Common Files\Java
2008-04-15 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-15 14:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 14:44 --------- d-----w C:\Program Files\Common Files\Logitech
2008-04-15 14:43 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-04-15 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-15 14:30 --------- d-----w C:\Program Files\Windows Live
2008-04-15 14:26 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-13 18:36 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Vso
2008-04-08 14:41 --------- d-----w C:\Program Files\3DHockey
2008-04-08 14:13 --------- d-----w C:\Program Files\Alawar
2008-04-08 14:06 --------- d-----w C:\Program Files\PySol Solitaire
2008-04-01 14:14 27,336 ----a-w C:\Documents and Settings\Tuuli\Application Data\GDIPFONTCACHEV1.DAT
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-23 09:50 252,928 ----a-w C:\Documents and Settings\Jukka\Application Data\installer_fi[1].exe
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
1999-08-19 15:05 168,448 ----a-w C:\Documents and Settings\Tuuli\balls.exe
1999-08-19 14:47 96,762 ----a-w C:\Documents and Settings\Tuuli\makemap.exe
1998-03-01 19:34 160,256 ----a-w C:\Documents and Settings\Tuuli\MIDAS11.DLL
2008-02-12 20:04 8 --sh--r C:\WINDOWS\system32\3BDC8BB6A5.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 11:26 86016]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C6501Sound"="c6501.cpl" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 02:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 02:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 02:07 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 16:00 79224]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 08:34 360448]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-14 16:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 13:34 406016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 17:04 11776]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-05-10 17:04 110592]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:03 284184]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 21:58 746520]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01 244512]
"Windows svchost"="ups.exe" [2004-09-14 16:12 18432 C:\WINDOWS\system32\ups.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 16:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-12 20:16:37 113664]
BTTray.lnk - C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe [2004-11-30 14:30:00 565309]
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2008-02-12 19:16:01 73728]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2008-02-12 19:44:12 581632]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 13:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\SecTrap.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Eggsucker\\eggsucker.exe"=
"C:\\Program Files\\LittleFighter2\\LF2_v1.9\\lf2.exe"=
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\c6501.sys [2007-07-09 13:42]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-06 14:35:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 17:41:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-06 17:45:32
ComboFix-quarantined-files.txt 2008-06-06 14:45:18
ComboFix2.txt 2008-06-06 13:15:55
Pre-Run: 38,733,869,056 tavua vapaana
Post-Run: 38,724,337,664 tavua vapaana
256 --- E O F --- 2008-05-16 17:38:42
Malwarebytes' Anti-Malware 1.15
Tietokantaversio: 834
19:18:08 6.6.2008
mbam-log-6-6-2008 (19-18-08).txt
Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|F:\|G:\|H:\|)
Tarkistetut kohteet: 177100
Kulunut aika: 1 hour(s), 14 minute(s), 11 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 47
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows svchost (Backdoor.Bot) -> Quarantined and deleted successfully.
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\dci.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\setup1.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jukka\setup1.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tuuli\setup.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Alwil Software\Avast4\DATA\moved\cbXQgebA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Alwil Software\Avast4\DATA\moved\wvUnKebc.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\dcsi.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\irc.com.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\mservice.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP118\A0012079.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP118\A0012156.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP119\A0012170.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP119\A0012171.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP119\A0012206.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP119\A0012208.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP119\A0013212.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP119\A0014209.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP121\A0014248.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP121\A0014260.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP121\A0014273.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP121\A0014275.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP121\A0014278.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP122\A0014326.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP122\A0014356.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP122\A0014374.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP122\A0014376.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP122\A0014377.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP122\A0014378.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP122\A0014390.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP122\A0014416.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP123\A0014452.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP123\A0014454.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP124\A0014592.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP124\A0014597.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP124\A0014598.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP124\A0014599.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP124\A0014608.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP127\A0014879.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP127\A0014880.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP127\A0014881.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP128\A0014919.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP128\A0014920.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP128\A0014926.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
G:\DVD ohjelma\Dvd-Lab v1.3b7 Incl Keygen\Default.SFX (Rogue.Installer) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{C0D540F7-1A41-4E69-AA47-B45C765F6885}\RP345\A0067665.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ups.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jukka\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:23, on 6.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9739 bytes - FixFix
juikis kirjoitti:
Niin hommat on tehty jatuossa logia.
ComboFix 08-06-05.3 - Jukka 2008-06-06 17:32:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1573 [GMT 3:00]
Running from: C:\Documents and Settings\Jukka\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jukka\Työpöytä\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\dci.exe C:\sqmnoopt19.sqm
C:\dcsi.exe
C:\irc.com
C:\sex.exe
C:\sex2.exe
C:\sex22.exe
C:\sexx2.exe
C:\sexx22.exe
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\Windows\mservice.exe
C:\WINDOWS\service.exe
C:\WINDOWS\ups.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\dcsi.exe
C:\irc.com
C:\sex.exe
C:\sex2.exe
C:\sex22.exe
C:\sexx2.exe
C:\sexx22.exe
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\Windows\mservice.exe
C:\WINDOWS\ups.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-06 to 2008-06-06 )))))))))))))))))
.
2008-06-06 17:21 . 2008-06-06 17:21 49,156 --a------ C:\shz.exe
2008-06-06 14:58 . 2008-06-06 16:11 49,156 --a------ C:\sz.exe
2008-06-06 10:41 . 2008-06-06 10:41 2,232 --a------ C:\sf.exe
2008-06-06 09:38 . 2008-06-06 15:50 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 09:22 . 2008-06-06 09:22 54 --a------ C:\WINDOWS\wininit.ini
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ C:\Documents and Settings\Jukka\stp.exe
2008-06-04 14:37 . 2008-06-04 16:03 3,424 --a------ C:\Documents and Settings\Jukka\setup.exe
2008-06-03 19:53 . 2008-06-04 14:31 3,423 --a------ C:\WINDOWS\is154890.exe
2008-06-03 18:36 . 2008-06-03 22:58 86,548 --a------ C:\Documents and Settings\Tuuli\setupa.exe
2008-06-03 16:25 . 2008-06-03 16:25 d-------- C:\Documents and Settings\Atte\Contacts
2008-06-03 08:45 . 2008-06-03 08:45 d-------- C:\Program Files\Trend Micro
2008-06-03 07:47 . 2008-06-03 07:47 d-------- C:\Program Files\Lavasoft
2008-06-03 07:47 . 2008-06-03 07:49 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-03 07:46 . 2008-06-03 07:46 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-02 22:29 . 2008-06-02 22:29 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-06-02 21:35 . 2008-06-03 18:18 96,950 --a------ C:\Documents and Settings\Tuuli\setup.exe
2008-05-31 18:53 . 2008-05-31 20:38 86,512 --a------ C:\Documents and Settings\Jukka\setup1.exe
2008-05-31 14:12 . 2008-05-31 14:12 86,512 --a------ C:\setup1.exe
2008-05-30 18:08 . 2008-05-30 23:00 60,132 --a------ C:\dci.exe
2008-05-19 17:32 . 2008-05-19 17:32 d--h----- C:\WINDOWS\PIF
2008-05-18 14:56 . 2008-05-18 14:56 7,168 --ahs---- C:\Documents and Settings\Thumbs.db
2008-05-17 14:30 . 2008-05-17 14:30 d-------- C:\Program Files\Pan Vision
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-15 20:46 . 2008-06-06 13:51 244 --ah----- C:\sqmnoopt19.sqm
2008-05-09 15:29 . 2004-09-14 16:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-08 15:10 . 2008-05-08 15:10 d-------- C:\Program Files\LittleFighter2
2008-05-06 07:20 . 2008-05-06 07:23 d-------- C:\Program Files\Torpedo Software
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 12:49 --------- d-----w C:\Program Files\Logitech
2008-06-06 06:22 --------- d-----w C:\Program Files\Natulafree1
2008-06-04 08:18 --------- d-----w C:\Documents and Settings\Tuuli\Application Data\PC Suite
2008-06-03 05:20 --------- d-----w C:\Documents and Settings\Jukka\Application Data\PC Suite
2008-05-27 15:36 --------- d-----w C:\Program Files\GmRek2K
2008-05-15 15:32 --------- d-----w C:\Program Files\Eggsucker
2008-05-13 12:57 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-13 12:57 --------- d-----w C:\Program Files\Bejeweled 2 Deluxe
2008-05-05 14:48 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-05-05 14:47 --------- d-----w C:\Program Files\Shapes
2008-05-05 14:47 --------- d-----w C:\Program Files\Raptisoft
2008-05-05 14:34 --------- d-----w C:\Program Files\SuperTux
2008-05-05 14:23 --------- d-----w C:\Program Files\President Forever Demo
2008-05-01 17:19 --------- d-----w C:\Documents and Settings\Tuuli\Application Data\Skype
2008-05-01 17:18 --------- d-----w C:\Documents and Settings\Tuuli\Application Data\skypePM
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-26 09:56 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Skype
2008-04-25 14:24 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-25 14:24 --------- d-----w C:\Documents and Settings\Jukka\Application Data\skypePM
2008-04-25 14:16 --------- d-----w C:\Program Files\Skype
2008-04-25 14:16 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-25 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-04-17 17:17 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Nokia
2008-04-16 19:56 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-16 17:58 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Nokia Multimedia Player
2008-04-15 16:38 --------- d-----w C:\Program Files\Java
2008-04-15 16:35 --------- d-----w C:\Program Files\Common Files\Java
2008-04-15 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-15 14:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 14:44 --------- d-----w C:\Program Files\Common Files\Logitech
2008-04-15 14:43 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-04-15 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-15 14:30 --------- d-----w C:\Program Files\Windows Live
2008-04-15 14:26 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-13 18:36 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Vso
2008-04-08 14:41 --------- d-----w C:\Program Files\3DHockey
2008-04-08 14:13 --------- d-----w C:\Program Files\Alawar
2008-04-08 14:06 --------- d-----w C:\Program Files\PySol Solitaire
2008-04-01 14:14 27,336 ----a-w C:\Documents and Settings\Tuuli\Application Data\GDIPFONTCACHEV1.DAT
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-23 09:50 252,928 ----a-w C:\Documents and Settings\Jukka\Application Data\installer_fi[1].exe
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
1999-08-19 15:05 168,448 ----a-w C:\Documents and Settings\Tuuli\balls.exe
1999-08-19 14:47 96,762 ----a-w C:\Documents and Settings\Tuuli\makemap.exe
1998-03-01 19:34 160,256 ----a-w C:\Documents and Settings\Tuuli\MIDAS11.DLL
2008-02-12 20:04 8 --sh--r C:\WINDOWS\system32\3BDC8BB6A5.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 11:26 86016]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C6501Sound"="c6501.cpl" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 02:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 02:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 02:07 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 16:00 79224]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 08:34 360448]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-14 16:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 13:34 406016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 17:04 11776]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-05-10 17:04 110592]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:03 284184]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 21:58 746520]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01 244512]
"Windows svchost"="ups.exe" [2004-09-14 16:12 18432 C:\WINDOWS\system32\ups.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 16:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-12 20:16:37 113664]
BTTray.lnk - C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe [2004-11-30 14:30:00 565309]
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2008-02-12 19:16:01 73728]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2008-02-12 19:44:12 581632]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 13:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\SecTrap.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Eggsucker\\eggsucker.exe"=
"C:\\Program Files\\LittleFighter2\\LF2_v1.9\\lf2.exe"=
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\c6501.sys [2007-07-09 13:42]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-06 14:35:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 17:41:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-06 17:45:32
ComboFix-quarantined-files.txt 2008-06-06 14:45:18
ComboFix2.txt 2008-06-06 13:15:55
Pre-Run: 38,733,869,056 tavua vapaana
Post-Run: 38,724,337,664 tavua vapaana
256 --- E O F --- 2008-05-16 17:38:42
Malwarebytes' Anti-Malware 1.15
Tietokantaversio: 834
19:18:08 6.6.2008
mbam-log-6-6-2008 (19-18-08).txt
Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|F:\|G:\|H:\|)
Tarkistetut kohteet: 177100
Kulunut aika: 1 hour(s), 14 minute(s), 11 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 47
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows svchost (Backdoor.Bot) -> Quarantined and deleted successfully.
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\dci.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\setup1.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jukka\setup1.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tuuli\setup.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Alwil Software\Avast4\DATA\moved\cbXQgebA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Alwil Software\Avast4\DATA\moved\wvUnKebc.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\dcsi.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\irc.com.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\mservice.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP118\A0012079.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP118\A0012156.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP119\A0012170.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP119\A0012171.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP119\A0012206.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP119\A0012208.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP119\A0013212.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP119\A0014209.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP121\A0014248.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP121\A0014260.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP121\A0014273.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP121\A0014275.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP121\A0014278.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP122\A0014326.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP122\A0014356.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP122\A0014374.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP122\A0014376.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP122\A0014377.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP122\A0014378.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP122\A0014390.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP122\A0014416.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP123\A0014452.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP123\A0014454.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP124\A0014592.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP124\A0014597.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP124\A0014598.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP124\A0014599.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP124\A0014608.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP127\A0014879.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP127\A0014880.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP127\A0014881.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP128\A0014919.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP128\A0014920.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB2B19B4-F981-4DF7-A724-31A10A16D110}\RP128\A0014926.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
G:\DVD ohjelma\Dvd-Lab v1.3b7 Incl Keygen\Default.SFX (Rogue.Installer) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{C0D540F7-1A41-4E69-AA47-B45C765F6885}\RP345\A0067665.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ups.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jukka\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:23, on 6.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9739 bytesscannaa hjt:llä merkkaa paina Fix checked
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
==============
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
[quote]
File::
C:\setup1.exe
C:\dci.exe
C:\sqmnoopt19.sqm
C:\shz.exe
C:\sz.exe
C:\sf.exe
C:\WINDOWS\is154890.exe
[/quote]
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne. - juikis
FixFix kirjoitti:
scannaa hjt:llä merkkaa paina Fix checked
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
==============
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
[quote]
File::
C:\setup1.exe
C:\dci.exe
C:\sqmnoopt19.sqm
C:\shz.exe
C:\sz.exe
C:\sf.exe
C:\WINDOWS\is154890.exe
[/quote]
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.Tällasta....
ComboFix 08-06-05.3 - Jukka 2008-06-06 21:25:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1508 [GMT 3:00]
Running from: C:\Documents and Settings\Jukka\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jukka\Työpöytä\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\dci.exe
C:\setup1.exe
C:\sf.exe
C:\shz.exe
C:\sqmnoopt19.sqm
C:\sz.exe
C:\WINDOWS\is154890.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\sf.exe
C:\shz.exe
C:\sqmnoopt19.sqm
C:\sz.exe
C:\WINDOWS\is154890.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-06 to 2008-06-06 )))))))))))))))))
.
2008-06-06 18:00 . 2008-06-06 18:01 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 18:00 . 2008-06-06 18:00 d-------- C:\Documents and Settings\Jukka\Application Data\Malwarebytes
2008-06-06 18:00 . 2008-06-06 18:00 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 18:00 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 18:00 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 09:38 . 2008-06-06 15:50 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 09:22 . 2008-06-06 09:22 54 --a------ C:\WINDOWS\wininit.ini
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ C:\Documents and Settings\Jukka\stp.exe
2008-06-03 18:36 . 2008-06-03 22:58 86,548 --a------ C:\Documents and Settings\Tuuli\setupa.exe
2008-06-03 16:25 . 2008-06-03 16:25 d-------- C:\Documents and Settings\Atte\Contacts
2008-06-03 08:45 . 2008-06-03 08:45 d-------- C:\Program Files\Trend Micro
2008-06-03 07:47 . 2008-06-03 07:47 d-------- C:\Program Files\Lavasoft
2008-06-03 07:47 . 2008-06-03 07:49 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-03 07:46 . 2008-06-03 07:46 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-02 22:29 . 2008-06-02 22:29 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-05-19 17:32 . 2008-05-19 17:32 d--h----- C:\WINDOWS\PIF
2008-05-18 14:56 . 2008-05-18 14:56 7,168 --ahs---- C:\Documents and Settings\Thumbs.db
2008-05-17 14:30 . 2008-05-17 14:30 d-------- C:\Program Files\Pan Vision
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-09 15:29 . 2004-09-14 16:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-08 15:10 . 2008-05-08 15:10 d-------- C:\Program Files\LittleFighter2
2008-05-06 07:20 . 2008-05-06 07:23 d-------- C:\Program Files\Torpedo Software
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 12:49 --------- d-----w C:\Program Files\Logitech
2008-06-06 06:22 --------- d-----w C:\Program Files\Natulafree1
2008-06-04 08:18 --------- d-----w C:\Documents and Settings\Tuuli\Application Data\PC Suite
2008-06-03 05:20 --------- d-----w C:\Documents and Settings\Jukka\Application Data\PC Suite
2008-05-27 15:36 --------- d-----w C:\Program Files\GmRek2K
2008-05-15 15:32 --------- d-----w C:\Program Files\Eggsucker
2008-05-13 12:57 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-13 12:57 --------- d-----w C:\Program Files\Bejeweled 2 Deluxe
2008-05-05 14:48 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-05-05 14:47 --------- d-----w C:\Program Files\Shapes
2008-05-05 14:47 --------- d-----w C:\Program Files\Raptisoft
2008-05-05 14:34 --------- d-----w C:\Program Files\SuperTux
2008-05-05 14:23 --------- d-----w C:\Program Files\President Forever Demo
2008-05-01 17:19 --------- d-----w C:\Documents and Settings\Tuuli\Application Data\Skype
2008-05-01 17:18 --------- d-----w C:\Documents and Settings\Tuuli\Application Data\skypePM
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-26 09:56 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Skype
2008-04-25 14:24 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-25 14:24 --------- d-----w C:\Documents and Settings\Jukka\Application Data\skypePM
2008-04-25 14:16 --------- d-----w C:\Program Files\Skype
2008-04-25 14:16 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-25 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-04-17 17:17 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Nokia
2008-04-16 19:56 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-16 17:58 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Nokia Multimedia Player
2008-04-15 16:38 --------- d-----w C:\Program Files\Java
2008-04-15 16:35 --------- d-----w C:\Program Files\Common Files\Java
2008-04-15 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-15 14:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 14:44 --------- d-----w C:\Program Files\Common Files\Logitech
2008-04-15 14:43 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-04-15 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-15 14:30 --------- d-----w C:\Program Files\Windows Live
2008-04-15 14:26 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-13 18:36 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Vso
2008-04-08 14:41 --------- d-----w C:\Program Files\3DHockey
2008-04-08 14:13 --------- d-----w C:\Program Files\Alawar
2008-04-08 14:06 --------- d-----w C:\Program Files\PySol Solitaire
2008-04-01 14:14 27,336 ----a-w C:\Documents and Settings\Tuuli\Application Data\GDIPFONTCACHEV1.DAT
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-23 09:50 252,928 ----a-w C:\Documents and Settings\Jukka\Application Data\installer_fi[1].exe
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
1999-08-19 15:05 168,448 ----a-w C:\Documents and Settings\Tuuli\balls.exe
1999-08-19 14:47 96,762 ----a-w C:\Documents and Settings\Tuuli\makemap.exe
1998-03-01 19:34 160,256 ----a-w C:\Documents and Settings\Tuuli\MIDAS11.DLL
2008-02-12 20:04 8 --sh--r C:\WINDOWS\system32\3BDC8BB6A5.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-06_16.14.15,03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-06 12:56:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-06 14:54:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-06 14:54:07 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_678.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 11:26 86016]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C6501Sound"="c6501.cpl" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 02:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 02:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 02:07 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 16:00 79224]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 08:34 360448]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-14 16:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 13:34 406016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 17:04 11776]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-05-10 17:04 110592]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:03 284184]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 21:58 746520]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01 244512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 16:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-12 20:16:37 113664]
BTTray.lnk - C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe [2004-11-30 14:30:00 565309]
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2008-02-12 19:16:01 73728]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2008-02-12 19:44:12 581632]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 13:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\SecTrap.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Eggsucker\\eggsucker.exe"=
"C:\\Program Files\\LittleFighter2\\LF2_v1.9\\lf2.exe"=
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\c6501.sys [2007-07-09 13:42]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-06 17:35:57 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 21:28:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-06 21:29:50
ComboFix-quarantined-files.txt 2008-06-06 18:29:33
ComboFix2.txt 2008-06-06 14:45:34
ComboFix3.txt 2008-06-06 13:15:55
Pre-Run: 38,703,886,336 tavua vapaana
Post-Run: 38,697,291,776 tavua vapaana
186 --- E O F --- 2008-05-16 17:38:42 - FixFix
juikis kirjoitti:
Tällasta....
ComboFix 08-06-05.3 - Jukka 2008-06-06 21:25:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1508 [GMT 3:00]
Running from: C:\Documents and Settings\Jukka\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jukka\Työpöytä\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\dci.exe
C:\setup1.exe
C:\sf.exe
C:\shz.exe
C:\sqmnoopt19.sqm
C:\sz.exe
C:\WINDOWS\is154890.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\sf.exe
C:\shz.exe
C:\sqmnoopt19.sqm
C:\sz.exe
C:\WINDOWS\is154890.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-06 to 2008-06-06 )))))))))))))))))
.
2008-06-06 18:00 . 2008-06-06 18:01 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 18:00 . 2008-06-06 18:00 d-------- C:\Documents and Settings\Jukka\Application Data\Malwarebytes
2008-06-06 18:00 . 2008-06-06 18:00 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 18:00 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 18:00 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 09:38 . 2008-06-06 15:50 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 09:22 . 2008-06-06 09:22 54 --a------ C:\WINDOWS\wininit.ini
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ C:\Documents and Settings\Jukka\stp.exe
2008-06-03 18:36 . 2008-06-03 22:58 86,548 --a------ C:\Documents and Settings\Tuuli\setupa.exe
2008-06-03 16:25 . 2008-06-03 16:25 d-------- C:\Documents and Settings\Atte\Contacts
2008-06-03 08:45 . 2008-06-03 08:45 d-------- C:\Program Files\Trend Micro
2008-06-03 07:47 . 2008-06-03 07:47 d-------- C:\Program Files\Lavasoft
2008-06-03 07:47 . 2008-06-03 07:49 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-03 07:46 . 2008-06-03 07:46 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-02 22:29 . 2008-06-02 22:29 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-05-19 17:32 . 2008-05-19 17:32 d--h----- C:\WINDOWS\PIF
2008-05-18 14:56 . 2008-05-18 14:56 7,168 --ahs---- C:\Documents and Settings\Thumbs.db
2008-05-17 14:30 . 2008-05-17 14:30 d-------- C:\Program Files\Pan Vision
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-09 15:29 . 2004-09-14 16:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-08 15:10 . 2008-05-08 15:10 d-------- C:\Program Files\LittleFighter2
2008-05-06 07:20 . 2008-05-06 07:23 d-------- C:\Program Files\Torpedo Software
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 12:49 --------- d-----w C:\Program Files\Logitech
2008-06-06 06:22 --------- d-----w C:\Program Files\Natulafree1
2008-06-04 08:18 --------- d-----w C:\Documents and Settings\Tuuli\Application Data\PC Suite
2008-06-03 05:20 --------- d-----w C:\Documents and Settings\Jukka\Application Data\PC Suite
2008-05-27 15:36 --------- d-----w C:\Program Files\GmRek2K
2008-05-15 15:32 --------- d-----w C:\Program Files\Eggsucker
2008-05-13 12:57 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-13 12:57 --------- d-----w C:\Program Files\Bejeweled 2 Deluxe
2008-05-05 14:48 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-05-05 14:47 --------- d-----w C:\Program Files\Shapes
2008-05-05 14:47 --------- d-----w C:\Program Files\Raptisoft
2008-05-05 14:34 --------- d-----w C:\Program Files\SuperTux
2008-05-05 14:23 --------- d-----w C:\Program Files\President Forever Demo
2008-05-01 17:19 --------- d-----w C:\Documents and Settings\Tuuli\Application Data\Skype
2008-05-01 17:18 --------- d-----w C:\Documents and Settings\Tuuli\Application Data\skypePM
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-26 09:56 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Skype
2008-04-25 14:24 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-25 14:24 --------- d-----w C:\Documents and Settings\Jukka\Application Data\skypePM
2008-04-25 14:16 --------- d-----w C:\Program Files\Skype
2008-04-25 14:16 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-25 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-04-17 17:17 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Nokia
2008-04-16 19:56 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-16 17:58 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Nokia Multimedia Player
2008-04-15 16:38 --------- d-----w C:\Program Files\Java
2008-04-15 16:35 --------- d-----w C:\Program Files\Common Files\Java
2008-04-15 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-15 14:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 14:44 --------- d-----w C:\Program Files\Common Files\Logitech
2008-04-15 14:43 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-04-15 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-15 14:30 --------- d-----w C:\Program Files\Windows Live
2008-04-15 14:26 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-13 18:36 --------- d-----w C:\Documents and Settings\Jukka\Application Data\Vso
2008-04-08 14:41 --------- d-----w C:\Program Files\3DHockey
2008-04-08 14:13 --------- d-----w C:\Program Files\Alawar
2008-04-08 14:06 --------- d-----w C:\Program Files\PySol Solitaire
2008-04-01 14:14 27,336 ----a-w C:\Documents and Settings\Tuuli\Application Data\GDIPFONTCACHEV1.DAT
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-23 09:50 252,928 ----a-w C:\Documents and Settings\Jukka\Application Data\installer_fi[1].exe
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
1999-08-19 15:05 168,448 ----a-w C:\Documents and Settings\Tuuli\balls.exe
1999-08-19 14:47 96,762 ----a-w C:\Documents and Settings\Tuuli\makemap.exe
1998-03-01 19:34 160,256 ----a-w C:\Documents and Settings\Tuuli\MIDAS11.DLL
2008-02-12 20:04 8 --sh--r C:\WINDOWS\system32\3BDC8BB6A5.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-06_16.14.15,03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-06 12:56:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-06 14:54:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-06 14:54:07 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_678.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 11:26 86016]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C6501Sound"="c6501.cpl" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 02:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 02:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 02:07 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 16:00 79224]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 08:34 360448]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-14 16:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 13:34 406016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 17:04 11776]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-05-10 17:04 110592]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:03 284184]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 21:58 746520]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01 244512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 16:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-12 20:16:37 113664]
BTTray.lnk - C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe [2004-11-30 14:30:00 565309]
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2008-02-12 19:16:01 73728]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2008-02-12 19:44:12 581632]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 13:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\SecTrap.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Eggsucker\\eggsucker.exe"=
"C:\\Program Files\\LittleFighter2\\LF2_v1.9\\lf2.exe"=
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\c6501.sys [2007-07-09 13:42]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-06 17:35:57 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 21:28:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-06 21:29:50
ComboFix-quarantined-files.txt 2008-06-06 18:29:33
ComboFix2.txt 2008-06-06 14:45:34
ComboFix3.txt 2008-06-06 13:15:55
Pre-Run: 38,703,886,336 tavua vapaana
Post-Run: 38,697,291,776 tavua vapaana
186 --- E O F --- 2008-05-16 17:38:421. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK
******
kuinkas kone nyt tökkii - juikis
FixFix kirjoitti:
1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK
******
kuinkas kone nyt tökkiiToimivan nopeamminkin nyt. Eikä käynnistyksen yhteydessä aukea jokin dos ikkuna.
Kiitoksia valtavasti avusta Gurulle :) - FixFix
juikis kirjoitti:
Toimivan nopeamminkin nyt. Eikä käynnistyksen yhteydessä aukea jokin dos ikkuna.
Kiitoksia valtavasti avusta Gurulle :)et puksutteleee.
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Miksi jollain jää "talvi päälle"
Huvittaa kastoa ullkona jotain vahempaa äijää joka pukeutuu edelleen kun olisi +5 astetta lämmittä vaikka on helle keli3083137Mitä et hyväksy miehessä/naisessa josta olet kiinnostunut?
Itse en halua, että miehellä olisi lapsia!2221967Se katse silloin
Oli hetki, jolloin katseemme kohtasivat. Oli talvi vielä. Kerta toisensa jälkeen palaan tuohon jaettuun katseeseen. Tunt591602Tiesitkö? Farmi Suomi Kirsikka Simberg on tämän julkkisnaisen tytär - Katso tyrmäävät mallikuvat!
Oho, aikamoinen ylläri. Tiesitkö?! Kirsikka Simberg on yksi tämän kauden Farmi Suomi -kisaajista. Hänellä ei ole tuttu t41404- 811288
Tuhdit oluet kauppoihin. Miksi vastustaa?
8% oluet kauppoihin mutta mikä siinä on että osa politikoista vstustaa ? Kauppa kuitenkin hinnoittelee vahvan oluen ni2721213- 811064
Sinua tulen kyllä ikävöimään pitkään nainen
mutta oli pakko tehdä päätös oman mielenrauhan vuoksi. Toivottavasti saat elämältä kaiken mitä haluat.521051- 80991
Asiallinen lähestyminen
Mitä on asiallinen lähestyminen?? Tietääkö tai tajuaako kukaan, varsinkaan miehet??? Eilen NELJÄNNEN kerran jouduin isk145867