ja mikä se oikein on? Ei auta fiksaus.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52:07, on 19.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\Apuja\tinyresmeter097\TinyResMeter097.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\zabkat\xplorer2_lite\xplorer2_lite.exe
C:\HJT\HooJiiTee.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [WeatherWatcher] "C:\Program Files\Weather Watcher\ww.exe"
O4 - HKCU\..\Run: [TinyResMeter] "C:\Program Files\Apuja\tinyresmeter097\TinyResMeter097.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Tiny Watcher Logon Time.lnk = C:\Program Files\Watcher\Watcher.exe
O4 - Global Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 2935 bytes
miten
18
1058
Vastaukset
- 123321
tuolanen loki onko siinä kaikki?
1.Lataa combofix.exe työpöydällesi yhdestä, kahdesta klinkistä:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
===========
Lataa SDFix by AndyManchesta
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan:
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä
Jossakin koneissa hakataan F8:sin sijasta F5:tä
• Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
• Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
• Paina Y käynnistääksesi skriptin.
• Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
• Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
• Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
• Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
• Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
• Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.
=============
Lataa Malwarebytes' Anti-Malware työpöydällesi.
http://www.besttechie.net/tools/mbam-setup.exe
• Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
• Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
• Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
• Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
• Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
• Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
• Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
• Lähetä lokin sisältö seuraavassa viestissäsi.- ihmeessä
Kone on saletisti puhdas.
- FixFix
ihmeessä kirjoitti:
Kone on saletisti puhdas.
jos niin on niin missä on
R1 -
R0 -
O2 -
03 -
Rivit
=======
Lisäksi missä on palomuuri - oma muuri
FixFix kirjoitti:
jos niin on niin missä on
R1 -
R0 -
O2 -
03 -
Rivit
=======
Lisäksi missä on palomuuriIE:tä en käytä, niin en noita tarvitse.
- vai?
oma muuri kirjoitti:
IE:tä en käytä, niin en noita tarvitse.
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry - näitä?
vai? kirjoitti:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading RegistryR - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be - 123321
oma muuri kirjoitti:
IE:tä en käytä, niin en noita tarvitse.
ja tossa loki josssa käytetään firefoxsia
mutta joskus joutuu käyttämään ie:tä jos haluaa sekata konetta ja toimii vain ie:llä
et sileen.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:15, on 18.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Admin\Työpöytä\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wlannet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5542 bytes
====
ja laita se uusi hjtn loki noiten ajojen jälkeen
- 123321
Käynnistä > ohjauspaneli > näyttö > työpöytä > mukauta työpöytä nappi > web välilehti
Mitä sieltä löytyy ?- pä ole
web-välilehteä. General ainoastaan. Onko se joku activeX komponentti?
- 123321
pä ole kirjoitti:
web-välilehteä. General ainoastaan. Onko se joku activeX komponentti?
mitkä tuonne ylös laitoin
- haittoja
123321 kirjoitti:
mitkä tuonne ylös laitoin
Ehkäpä activex:t on estettynä?
- 123321
haittoja kirjoitti:
Ehkäpä activex:t on estettynä?
uusi hjt:n loki
- taja.
123321 kirjoitti:
uusi hjt:n loki
Puhtaalta näyttää ainakin minusta. Okei, nyt tuli web-välilehtikin näkyviin ja sain poistettua tuon 024:n. Kiitokset.
ComboFix 08-08-19.06 - Ismo 2008-08-21 8:54:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.313 [GMT 3:00]
Running from: C:\Documents and Settings\Ismo\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 )))))))))))))))))))))))))))))))
.
2008-08-20 17:41 . 2008-08-20 17:43 d-------- C:\Documents and Settings\Tiina\Application Data\SumatraPDF
2008-08-20 11:45 . 2008-08-20 11:45 d-------- C:\Program Files\MSXML 4.0
2008-08-19 19:03 . 2008-08-19 19:03 d-------- C:\Program Files\OperaIsmo
2008-08-19 10:25 . 2008-08-19 10:25 d-------- C:\Program Files\Watcher
2008-08-19 10:25 . 2008-08-19 10:25 d-------- C:\Documents and Settings\Ismo\Application Data\minuscule
2008-08-16 18:52 . 2008-08-16 18:52 d-------- C:\WINDOWS\Downloaded Installations
2008-08-16 18:52 . 2008-08-16 18:55 d-------- C:\Program Files\Neoretix
2008-08-16 17:04 . 2008-08-16 17:04 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-16 17:04 . 2008-08-16 17:04 d-------- C:\Program Files\Infogrames
2008-08-16 17:04 . 2008-08-16 17:04 d-------- C:\Program Files\Common Files\InstallShield
2008-08-16 16:52 . 2008-08-16 16:52 d-------- C:\Program Files\Microsoft Games
2008-08-16 13:52 . 2008-08-16 13:52 d-------- C:\Documents and Settings\Tiina\Application Data\vlc
2008-08-16 12:14 . 2008-08-16 12:14 d-------- C:\Documents and Settings\Ismo\Application Data\vlc
2008-08-15 22:33 . 2008-08-15 23:00 d-------- C:\Documents and Settings\Aksu\Application Data\Babylon
2008-08-14 23:06 . 2008-08-14 23:06 d-------- C:\Program Files\VideoLAN
2008-08-14 22:58 . 2008-08-14 22:58 d-------- C:\Program Files\ffdshow
2008-08-14 22:58 . 2006-12-10 23:32 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-08-14 22:58 . 2006-12-10 23:32 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-08-14 22:58 . 2008-06-08 23:58 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-08-14 22:58 . 2008-06-12 20:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-08-14 22:58 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-08-14 20:20 . 2008-08-14 20:21 d-------- C:\Program Files\jv16 PowerTools 2008
2008-08-14 11:26 . 2008-08-14 11:26 d-------- C:\Program Files\Babylon
2008-08-14 11:25 . 2008-08-14 11:57 d-------- C:\Documents and Settings\Ismo\Application Data\Babylon
2008-08-14 11:25 . 2008-08-21 07:56 d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2008-08-14 10:28 . 2008-08-14 10:28 d-------- C:\WINDOWS\Sun
2008-08-14 10:25 . 2008-08-14 10:25 d-------- C:\Program Files\Java
2008-08-14 10:25 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-13 12:28 . 2008-08-13 18:49 d-------- C:\Program Files\Unlocker
2008-08-12 22:35 . 2008-08-14 17:50 d-------- C:\Documents and Settings\Tiina\Application Data\Babylon
2008-08-12 18:08 . 2008-08-12 18:08 d-------- C:\Program Files\p-nand-q.com
2008-08-12 10:21 . 2008-08-12 10:21 d-------- C:\Program Files\Common Files\Java
2008-08-11 21:15 . 2008-08-11 21:24 d-------- C:\Program Files\Raxco
2008-08-11 21:15 . 2008-08-11 21:15 d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-08-11 21:15 . 2008-05-15 09:45 71,184 -ra------ C:\WINDOWS\system32\drivers\DefragFS.sys
2008-08-11 12:07 . 2008-08-11 12:10 d-------- C:\Documents and Settings\Aksu\Application Data\WeatherWatcher
2008-08-10 18:27 . 2008-08-10 18:27 d-------- C:\Program Files\Sublight
2008-08-10 15:29 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-08-10 15:29 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-08-10 11:43 . 2008-08-10 11:42 872,448 --a------ C:\WINDOWS\system32\libgfl211.dll
2008-08-10 11:40 . 2008-08-10 11:40 45 ---h----- C:\WINDOWS\dsez3524.dat
2008-08-10 11:38 . 2008-08-10 11:39 d-------- C:\Program Files\PhotoFiltre
2008-08-10 11:19 . 2008-08-10 11:54 d-------- C:\Program Files\Paint.NET
2008-08-10 11:16 . 2008-08-10 11:16 d-------- C:\WINDOWS\system32\fi-FI
2008-08-10 11:13 . 2008-08-10 11:16 d-------- C:\WINDOWS\system32\XPSViewer
2008-08-10 11:13 . 2008-08-10 11:13 d-------- C:\Program Files\Reference Assemblies
2008-08-10 11:13 . 2008-08-10 11:13 d-------- C:\Program Files\MSBuild
2008-08-10 11:12 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-08-09 23:47 . 2008-08-09 23:47 d-------- C:\Documents and Settings\Aksu\Contacts
2008-08-09 13:09 . 2008-08-09 13:09 d-------- C:\Program Files\ERUNT
2008-08-09 13:01 . 2008-08-09 13:01 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-08-09 12:55 . 2008-08-14 20:27 d-------- C:\Program Files\Sysinternal
2008-08-09 11:33 . 2008-08-09 11:33 d-------- C:\Documents and Settings\Ismo\Application Data\SumatraPDF
2008-08-09 11:08 . 2008-08-09 11:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-09 10:45 . 2008-08-17 11:08 d-------- C:\Program Files\shup
2008-08-09 10:33 . 2008-08-09 10:33 d-------- C:\Program Files\TC
2008-08-09 10:00 . 2008-08-09 10:01 d-------- C:\Program Files\KuvaKaappari
2008-08-09 09:59 . 2008-08-09 09:59 d-------- C:\Documents and Settings\Ismo\Application Data\Thinstall
2008-08-08 22:29 . 2008-08-08 22:29 d-------- C:\Program Files\Nettimittari
2008-08-08 18:51 . 2008-08-08 18:52 d-------- C:\Program Files\Poltto
2008-08-08 17:22 . 2008-04-14 15:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-08 14:55 . 2008-04-14 15:00 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-08-08 14:06 . 2008-08-08 14:06 d-------- C:\Program Files\SpeedFan
2008-08-08 14:06 . 2008-08-08 14:06 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-08-08 13:31 . 2008-08-12 19:37 d-------- C:\Program Files\Apuja
2008-08-08 11:12 . 2008-08-08 11:12 d-------- C:\Program Files\Belarc
2008-08-08 11:12 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-08-07 21:05 . 2008-08-07 21:05 4,444 --a------ C:\WINDOWS\system32\pid.PNF
2008-08-07 21:01 . 2008-04-14 08:42 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-08-07 21:00 . 2001-07-21 21:49 2,104,298 --a------ C:\WINDOWS\system32\drivers\2gmgsmt.sf2
2008-08-07 19:18 . 2008-08-15 02:56 d-------- C:\Program Files\LimeWire
2008-08-07 19:18 . 2008-08-17 13:01 d-------- C:\Documents and Settings\Ismo\Application Data\LimeWire
2008-08-07 18:38 . 2008-08-07 18:38 280 --ah----- C:\sqmdata00.sqm
2008-08-07 18:38 . 2008-08-07 18:38 244 --ah----- C:\sqmnoopt00.sqm
2008-08-07 18:33 . 2008-08-07 18:33 d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-07 17:19 . 2008-08-07 18:33 d-------- C:\Program Files\Windows Live
2008-08-07 17:19 . 2008-08-07 18:32 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-07 17:19 . 2008-08-07 18:27 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-07 15:47 . 2008-08-16 18:49 d-------- C:\Documents and Settings\Sasu
2008-08-07 14:38 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-07 14:38 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-07 14:38 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-07 14:35 . 2008-08-07 14:35 d-------- C:\Program Files\Microsoft Works
2008-08-07 14:31 . 2008-08-07 14:31 d-------- C:\WINDOWS\SHELLNEW
2008-08-07 14:30 . 2008-08-07 14:30 dr-h----- C:\MSOCache
2008-08-07 14:30 . 2008-08-14 09:19 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-07 13:48 . 2008-08-07 14:35 d-------- C:\Documents and Settings\Ismo\Application Data\WordWeb
2008-08-07 13:43 . 2008-08-07 13:43 d-------- C:\Program Files\SumatraPDF
2008-08-07 13:35 . 2008-08-07 13:35 d-------- C:\Program Files\WordWeb
2008-08-07 13:35 . 2008-06-14 14:17 1,291,456 --------- C:\WINDOWS\system32\wweb32.dll
2008-08-07 11:41 . 2008-08-20 20:35 d-------- C:\HJT
2008-08-07 09:59 . 2008-08-07 09:59 d-------- C:\Program Files\CCleaner
2008-08-07 09:41 . 2008-08-07 09:45 d-------- C:\Program Files\Your Uninstaller 2008
2008-08-07 09:41 . 2008-08-07 09:41 d-------- C:\Documents and Settings\Ismo\Application Data\URSoft
2008-08-07 09:41 . 2008-08-19 18:55 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-07 09:14 . 2008-08-18 09:52 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 09:14 . 2008-08-07 09:14 d-------- C:\Documents and Settings\Ismo\Application Data\Malwarebytes
2008-08-07 09:14 . 2008-08-07 09:14 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-07 09:14 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-07 09:14 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-06 23:59 . 2008-08-16 17:08 d-------- C:\Documents and Settings\Aksu
2008-08-06 23:17 . 2008-08-12 16:18 d-------- C:\Program Files\Ad Muncher
2008-08-06 23:17 . 2008-08-06 23:19 d-------- C:\Documents and Settings\All Users\Application Data\Ad Muncher
2008-08-06 22:12 . 2008-08-15 12:17 d-------- C:\Program Files\uTorrent
2008-08-06 22:12 . 2008-08-19 20:09 d-------- C:\Documents and Settings\Ismo\Application Data\uTorrent
2008-08-06 21:24 . 2008-08-06 21:24 d-------- C:\Program Files\zabkat
2008-08-06 19:17 . 2008-08-06 19:17 d-------- C:\Documents and Settings\Tiina\Application Data\Avira
2008-08-06 19:10 . 2008-08-19 22:23 d-------- C:\Documents and Settings\Tiina
2008-08-06 19:01 . 2008-08-19 18:53 d-------- C:\Program Files\Opera
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 10:52 --------- d-----w C:\Documents and Settings\Tiina\Application Data\vlc
2008-08-16 09:14 --------- d-----w C:\Documents and Settings\Ismo\Application Data\vlc
2008-08-09 10:58 24,064 ----a-w C:\WINDOWS\system32\devldr32.exe
2008-08-07 17:40 --------- d-----w C:\Program Files\Weather Watcher
2008-08-07 17:37 --------- d-----w C:\Documents and Settings\Ismo\Application Data\WeatherWatcher
2008-08-06 15:40 --------- d-----w C:\Documents and Settings\Ismo\Application Data\Avira
2008-08-06 15:36 --------- d-----w C:\Program Files\Avira
2008-08-06 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-08-06 15:18 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-18 12:02 230,664 ----a-w C:\WINDOWS\system32\PDBoot.exe
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"="C:\Program Files\Weather Watcher\ww.exe" [2008-07-26 09:12 1077248]
"TinyResMeter"="C:\Program Files\Apuja\tinyresmeter097\TinyResMeter097.exe" [2007-09-26 09:23 87040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 14:28 266497]
"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2008-08-06 23:17 779776]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-08-10 12:11 3563232]
C:\Documents and Settings\Ismo\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]
Tiny Watcher Logon Time.lnk - C:\Program Files\Watcher\Watcher.exe [2006-11-19 19:47:18 319488]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WordWeb Pro.lnk - C:\Program Files\WordWeb\wweb32.exe [2008-08-07 13:35:00 42176]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoNetworkConnections"= 01000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-11 12:23]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-06-12 14:59]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 13:22]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2008-04-14 01:05]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Ismo\Application Data\Mozilla\Firefox\Profiles\ls631coh.default\
FF -: plugin - C:\Program Files\Opera\program\plugins\NPMSWMP.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NPOFF12.DLL
FF -: plugin - C:\Program Files\Opera\program\plugins\NPSWF32_back.dll
FF -: plugin - C:\Program Files\OperaIsmo\program\plugins\npdsplay.dll
FF -: plugin - C:\Program Files\OperaIsmo\program\plugins\npwmsdrm.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 08:56:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-21 8:56:59
ComboFix-quarantined-files.txt 2008-08-21 05:56:54
Pre-Run: 32,490,631,168 bytes free
Post-Run: 32,480,206,848 bytes free
196 --- E O F --- 2008-08-20 08:45:30
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:56, on 21.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\Apuja\tinyresmeter097\TinyResMeter097.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\zabkat\xplorer2_lite\xplorer2_lite.exe
C:\HJT\HooJiiTee.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [WeatherWatcher] "C:\Program Files\Weather Watcher\ww.exe"
O4 - HKCU\..\Run: [TinyResMeter] "C:\Program Files\Apuja\tinyresmeter097\TinyResMeter097.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Tiny Watcher Logon Time.lnk = C:\Program Files\Watcher\Watcher.exe
O4 - Global Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 3275 bytes - 123321
taja. kirjoitti:
Puhtaalta näyttää ainakin minusta. Okei, nyt tuli web-välilehtikin näkyviin ja sain poistettua tuon 024:n. Kiitokset.
ComboFix 08-08-19.06 - Ismo 2008-08-21 8:54:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.313 [GMT 3:00]
Running from: C:\Documents and Settings\Ismo\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 )))))))))))))))))))))))))))))))
.
2008-08-20 17:41 . 2008-08-20 17:43 d-------- C:\Documents and Settings\Tiina\Application Data\SumatraPDF
2008-08-20 11:45 . 2008-08-20 11:45 d-------- C:\Program Files\MSXML 4.0
2008-08-19 19:03 . 2008-08-19 19:03 d-------- C:\Program Files\OperaIsmo
2008-08-19 10:25 . 2008-08-19 10:25 d-------- C:\Program Files\Watcher
2008-08-19 10:25 . 2008-08-19 10:25 d-------- C:\Documents and Settings\Ismo\Application Data\minuscule
2008-08-16 18:52 . 2008-08-16 18:52 d-------- C:\WINDOWS\Downloaded Installations
2008-08-16 18:52 . 2008-08-16 18:55 d-------- C:\Program Files\Neoretix
2008-08-16 17:04 . 2008-08-16 17:04 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-16 17:04 . 2008-08-16 17:04 d-------- C:\Program Files\Infogrames
2008-08-16 17:04 . 2008-08-16 17:04 d-------- C:\Program Files\Common Files\InstallShield
2008-08-16 16:52 . 2008-08-16 16:52 d-------- C:\Program Files\Microsoft Games
2008-08-16 13:52 . 2008-08-16 13:52 d-------- C:\Documents and Settings\Tiina\Application Data\vlc
2008-08-16 12:14 . 2008-08-16 12:14 d-------- C:\Documents and Settings\Ismo\Application Data\vlc
2008-08-15 22:33 . 2008-08-15 23:00 d-------- C:\Documents and Settings\Aksu\Application Data\Babylon
2008-08-14 23:06 . 2008-08-14 23:06 d-------- C:\Program Files\VideoLAN
2008-08-14 22:58 . 2008-08-14 22:58 d-------- C:\Program Files\ffdshow
2008-08-14 22:58 . 2006-12-10 23:32 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-08-14 22:58 . 2006-12-10 23:32 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-08-14 22:58 . 2008-06-08 23:58 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-08-14 22:58 . 2008-06-12 20:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-08-14 22:58 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-08-14 20:20 . 2008-08-14 20:21 d-------- C:\Program Files\jv16 PowerTools 2008
2008-08-14 11:26 . 2008-08-14 11:26 d-------- C:\Program Files\Babylon
2008-08-14 11:25 . 2008-08-14 11:57 d-------- C:\Documents and Settings\Ismo\Application Data\Babylon
2008-08-14 11:25 . 2008-08-21 07:56 d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2008-08-14 10:28 . 2008-08-14 10:28 d-------- C:\WINDOWS\Sun
2008-08-14 10:25 . 2008-08-14 10:25 d-------- C:\Program Files\Java
2008-08-14 10:25 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-13 12:28 . 2008-08-13 18:49 d-------- C:\Program Files\Unlocker
2008-08-12 22:35 . 2008-08-14 17:50 d-------- C:\Documents and Settings\Tiina\Application Data\Babylon
2008-08-12 18:08 . 2008-08-12 18:08 d-------- C:\Program Files\p-nand-q.com
2008-08-12 10:21 . 2008-08-12 10:21 d-------- C:\Program Files\Common Files\Java
2008-08-11 21:15 . 2008-08-11 21:24 d-------- C:\Program Files\Raxco
2008-08-11 21:15 . 2008-08-11 21:15 d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-08-11 21:15 . 2008-05-15 09:45 71,184 -ra------ C:\WINDOWS\system32\drivers\DefragFS.sys
2008-08-11 12:07 . 2008-08-11 12:10 d-------- C:\Documents and Settings\Aksu\Application Data\WeatherWatcher
2008-08-10 18:27 . 2008-08-10 18:27 d-------- C:\Program Files\Sublight
2008-08-10 15:29 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-08-10 15:29 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-08-10 11:43 . 2008-08-10 11:42 872,448 --a------ C:\WINDOWS\system32\libgfl211.dll
2008-08-10 11:40 . 2008-08-10 11:40 45 ---h----- C:\WINDOWS\dsez3524.dat
2008-08-10 11:38 . 2008-08-10 11:39 d-------- C:\Program Files\PhotoFiltre
2008-08-10 11:19 . 2008-08-10 11:54 d-------- C:\Program Files\Paint.NET
2008-08-10 11:16 . 2008-08-10 11:16 d-------- C:\WINDOWS\system32\fi-FI
2008-08-10 11:13 . 2008-08-10 11:16 d-------- C:\WINDOWS\system32\XPSViewer
2008-08-10 11:13 . 2008-08-10 11:13 d-------- C:\Program Files\Reference Assemblies
2008-08-10 11:13 . 2008-08-10 11:13 d-------- C:\Program Files\MSBuild
2008-08-10 11:12 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-08-09 23:47 . 2008-08-09 23:47 d-------- C:\Documents and Settings\Aksu\Contacts
2008-08-09 13:09 . 2008-08-09 13:09 d-------- C:\Program Files\ERUNT
2008-08-09 13:01 . 2008-08-09 13:01 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-08-09 12:55 . 2008-08-14 20:27 d-------- C:\Program Files\Sysinternal
2008-08-09 11:33 . 2008-08-09 11:33 d-------- C:\Documents and Settings\Ismo\Application Data\SumatraPDF
2008-08-09 11:08 . 2008-08-09 11:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-09 10:45 . 2008-08-17 11:08 d-------- C:\Program Files\shup
2008-08-09 10:33 . 2008-08-09 10:33 d-------- C:\Program Files\TC
2008-08-09 10:00 . 2008-08-09 10:01 d-------- C:\Program Files\KuvaKaappari
2008-08-09 09:59 . 2008-08-09 09:59 d-------- C:\Documents and Settings\Ismo\Application Data\Thinstall
2008-08-08 22:29 . 2008-08-08 22:29 d-------- C:\Program Files\Nettimittari
2008-08-08 18:51 . 2008-08-08 18:52 d-------- C:\Program Files\Poltto
2008-08-08 17:22 . 2008-04-14 15:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-08 14:55 . 2008-04-14 15:00 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-08-08 14:06 . 2008-08-08 14:06 d-------- C:\Program Files\SpeedFan
2008-08-08 14:06 . 2008-08-08 14:06 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-08-08 13:31 . 2008-08-12 19:37 d-------- C:\Program Files\Apuja
2008-08-08 11:12 . 2008-08-08 11:12 d-------- C:\Program Files\Belarc
2008-08-08 11:12 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-08-07 21:05 . 2008-08-07 21:05 4,444 --a------ C:\WINDOWS\system32\pid.PNF
2008-08-07 21:01 . 2008-04-14 08:42 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-08-07 21:00 . 2001-07-21 21:49 2,104,298 --a------ C:\WINDOWS\system32\drivers\2gmgsmt.sf2
2008-08-07 19:18 . 2008-08-15 02:56 d-------- C:\Program Files\LimeWire
2008-08-07 19:18 . 2008-08-17 13:01 d-------- C:\Documents and Settings\Ismo\Application Data\LimeWire
2008-08-07 18:38 . 2008-08-07 18:38 280 --ah----- C:\sqmdata00.sqm
2008-08-07 18:38 . 2008-08-07 18:38 244 --ah----- C:\sqmnoopt00.sqm
2008-08-07 18:33 . 2008-08-07 18:33 d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-07 17:19 . 2008-08-07 18:33 d-------- C:\Program Files\Windows Live
2008-08-07 17:19 . 2008-08-07 18:32 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-07 17:19 . 2008-08-07 18:27 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-07 15:47 . 2008-08-16 18:49 d-------- C:\Documents and Settings\Sasu
2008-08-07 14:38 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-07 14:38 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-07 14:38 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-07 14:35 . 2008-08-07 14:35 d-------- C:\Program Files\Microsoft Works
2008-08-07 14:31 . 2008-08-07 14:31 d-------- C:\WINDOWS\SHELLNEW
2008-08-07 14:30 . 2008-08-07 14:30 dr-h----- C:\MSOCache
2008-08-07 14:30 . 2008-08-14 09:19 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-07 13:48 . 2008-08-07 14:35 d-------- C:\Documents and Settings\Ismo\Application Data\WordWeb
2008-08-07 13:43 . 2008-08-07 13:43 d-------- C:\Program Files\SumatraPDF
2008-08-07 13:35 . 2008-08-07 13:35 d-------- C:\Program Files\WordWeb
2008-08-07 13:35 . 2008-06-14 14:17 1,291,456 --------- C:\WINDOWS\system32\wweb32.dll
2008-08-07 11:41 . 2008-08-20 20:35 d-------- C:\HJT
2008-08-07 09:59 . 2008-08-07 09:59 d-------- C:\Program Files\CCleaner
2008-08-07 09:41 . 2008-08-07 09:45 d-------- C:\Program Files\Your Uninstaller 2008
2008-08-07 09:41 . 2008-08-07 09:41 d-------- C:\Documents and Settings\Ismo\Application Data\URSoft
2008-08-07 09:41 . 2008-08-19 18:55 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-07 09:14 . 2008-08-18 09:52 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 09:14 . 2008-08-07 09:14 d-------- C:\Documents and Settings\Ismo\Application Data\Malwarebytes
2008-08-07 09:14 . 2008-08-07 09:14 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-07 09:14 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-07 09:14 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-06 23:59 . 2008-08-16 17:08 d-------- C:\Documents and Settings\Aksu
2008-08-06 23:17 . 2008-08-12 16:18 d-------- C:\Program Files\Ad Muncher
2008-08-06 23:17 . 2008-08-06 23:19 d-------- C:\Documents and Settings\All Users\Application Data\Ad Muncher
2008-08-06 22:12 . 2008-08-15 12:17 d-------- C:\Program Files\uTorrent
2008-08-06 22:12 . 2008-08-19 20:09 d-------- C:\Documents and Settings\Ismo\Application Data\uTorrent
2008-08-06 21:24 . 2008-08-06 21:24 d-------- C:\Program Files\zabkat
2008-08-06 19:17 . 2008-08-06 19:17 d-------- C:\Documents and Settings\Tiina\Application Data\Avira
2008-08-06 19:10 . 2008-08-19 22:23 d-------- C:\Documents and Settings\Tiina
2008-08-06 19:01 . 2008-08-19 18:53 d-------- C:\Program Files\Opera
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 10:52 --------- d-----w C:\Documents and Settings\Tiina\Application Data\vlc
2008-08-16 09:14 --------- d-----w C:\Documents and Settings\Ismo\Application Data\vlc
2008-08-09 10:58 24,064 ----a-w C:\WINDOWS\system32\devldr32.exe
2008-08-07 17:40 --------- d-----w C:\Program Files\Weather Watcher
2008-08-07 17:37 --------- d-----w C:\Documents and Settings\Ismo\Application Data\WeatherWatcher
2008-08-06 15:40 --------- d-----w C:\Documents and Settings\Ismo\Application Data\Avira
2008-08-06 15:36 --------- d-----w C:\Program Files\Avira
2008-08-06 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-08-06 15:18 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-18 12:02 230,664 ----a-w C:\WINDOWS\system32\PDBoot.exe
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"="C:\Program Files\Weather Watcher\ww.exe" [2008-07-26 09:12 1077248]
"TinyResMeter"="C:\Program Files\Apuja\tinyresmeter097\TinyResMeter097.exe" [2007-09-26 09:23 87040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 14:28 266497]
"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2008-08-06 23:17 779776]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-08-10 12:11 3563232]
C:\Documents and Settings\Ismo\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]
Tiny Watcher Logon Time.lnk - C:\Program Files\Watcher\Watcher.exe [2006-11-19 19:47:18 319488]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WordWeb Pro.lnk - C:\Program Files\WordWeb\wweb32.exe [2008-08-07 13:35:00 42176]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoNetworkConnections"= 01000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-11 12:23]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-06-12 14:59]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 13:22]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2008-04-14 01:05]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Ismo\Application Data\Mozilla\Firefox\Profiles\ls631coh.default\
FF -: plugin - C:\Program Files\Opera\program\plugins\NPMSWMP.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NPOFF12.DLL
FF -: plugin - C:\Program Files\Opera\program\plugins\NPSWF32_back.dll
FF -: plugin - C:\Program Files\OperaIsmo\program\plugins\npdsplay.dll
FF -: plugin - C:\Program Files\OperaIsmo\program\plugins\npwmsdrm.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 08:56:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-21 8:56:59
ComboFix-quarantined-files.txt 2008-08-21 05:56:54
Pre-Run: 32,490,631,168 bytes free
Post-Run: 32,480,206,848 bytes free
196 --- E O F --- 2008-08-20 08:45:30
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:56, on 21.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\Apuja\tinyresmeter097\TinyResMeter097.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\zabkat\xplorer2_lite\xplorer2_lite.exe
C:\HJT\HooJiiTee.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [WeatherWatcher] "C:\Program Files\Weather Watcher\ww.exe"
O4 - HKCU\..\Run: [TinyResMeter] "C:\Program Files\Apuja\tinyresmeter097\TinyResMeter097.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Tiny Watcher Logon Time.lnk = C:\Program Files\Watcher\Watcher.exe
O4 - Global Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 3275 bytesalla oleva suorita luukkuun ja paina OK
comfofix.exe /u - ....................
123321 kirjoitti:
alla oleva suorita luukkuun ja paina OK
comfofix.exe /ucombofix /u
sori et puutun - samaa
.................... kirjoitti:
combofix /u
sori et puutunEi ainakaan minun silmiin osu mitään ongelmia.
ComboFix 08-08-21.02 - Ismo 2008-08-22 9:13:37.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.290 [GMT 3:00]
Running from: C:\Documents and Settings\Ismo\Desktop\ComboFix.exe
Command switches used :: \u
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 )))))))))))))))))))))))))))))))
.
2008-08-21 15:40 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-08-20 17:41 . 2008-08-20 17:43 d-------- C:\Documents and Settings\Tiina\Application Data\SumatraPDF
2008-08-20 11:45 . 2008-08-20 11:45 d-------- C:\Program Files\MSXML 4.0
2008-08-19 19:03 . 2008-08-19 19:03 d-------- C:\Program Files\OperaIsmo
2008-08-19 10:25 . 2008-08-19 10:25 d-------- C:\Program Files\Watcher
2008-08-19 10:25 . 2008-08-19 10:25 d-------- C:\Documents and Settings\Ismo\Application Data\minuscule
2008-08-16 18:52 . 2008-08-16 18:52 d-------- C:\WINDOWS\Downloaded Installations
2008-08-16 18:52 . 2008-08-16 18:55 d-------- C:\Program Files\Neoretix
2008-08-16 17:04 . 2008-08-16 17:04 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-16 17:04 . 2008-08-16 17:04 d-------- C:\Program Files\Infogrames
2008-08-16 17:04 . 2008-08-16 17:04 d-------- C:\Program Files\Common Files\InstallShield
2008-08-16 16:52 . 2008-08-16 16:52 d-------- C:\Program Files\Microsoft Games
2008-08-16 13:52 . 2008-08-16 13:52 d-------- C:\Documents and Settings\Tiina\Application Data\vlc
2008-08-16 12:14 . 2008-08-16 12:14 d-------- C:\Documents and Settings\Ismo\Application Data\vlc
2008-08-15 22:33 . 2008-08-15 23:00 d-------- C:\Documents and Settings\Aksu\Application Data\Babylon
2008-08-14 23:06 . 2008-08-14 23:06 d-------- C:\Program Files\VideoLAN
2008-08-14 22:58 . 2008-08-14 22:58 d-------- C:\Program Files\ffdshow
2008-08-14 22:58 . 2006-12-10 23:32 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-08-14 22:58 . 2006-12-10 23:32 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-08-14 22:58 . 2008-06-08 23:58 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-08-14 22:58 . 2008-06-12 20:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-08-14 22:58 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-08-14 20:20 . 2008-08-14 20:21 d-------- C:\Program Files\jv16 PowerTools 2008
2008-08-14 11:26 . 2008-08-14 11:26 d-------- C:\Program Files\Babylon
2008-08-14 11:25 . 2008-08-14 11:57 d-------- C:\Documents and Settings\Ismo\Application Data\Babylon
2008-08-14 11:25 . 2008-08-22 08:24 d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2008-08-14 10:28 . 2008-08-14 10:28 d-------- C:\WINDOWS\Sun
2008-08-14 10:25 . 2008-08-14 10:25 d-------- C:\Program Files\Java
2008-08-14 10:25 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-13 12:28 . 2008-08-13 18:49 d-------- C:\Program Files\Unlocker
2008-08-12 22:35 . 2008-08-14 17:50 d-------- C:\Documents and Settings\Tiina\Application Data\Babylon
2008-08-12 18:08 . 2008-08-12 18:08 d-------- C:\Program Files\p-nand-q.com
2008-08-12 10:21 . 2008-08-12 10:21 d-------- C:\Program Files\Common Files\Java
2008-08-11 21:15 . 2008-08-11 21:24 d-------- C:\Program Files\Raxco
2008-08-11 21:15 . 2008-08-11 21:15 d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-08-11 21:15 . 2008-05-15 09:45 71,184 -ra------ C:\WINDOWS\system32\drivers\DefragFS.sys
2008-08-11 12:07 . 2008-08-11 12:10 d-------- C:\Documents and Settings\Aksu\Application Data\WeatherWatcher
2008-08-10 18:27 . 2008-08-10 18:27 d-------- C:\Program Files\Sublight
2008-08-10 15:29 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-08-10 15:29 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-08-10 11:43 . 2008-08-10 11:42 872,448 --a------ C:\WINDOWS\system32\libgfl211.dll
2008-08-10 11:40 . 2008-08-10 11:40 45 ---h----- C:\WINDOWS\dsez3524.dat
2008-08-10 11:38 . 2008-08-10 11:39 d-------- C:\Program Files\PhotoFiltre
2008-08-10 11:19 . 2008-08-10 11:54 d-------- C:\Program Files\Paint.NET
2008-08-10 11:16 . 2008-08-10 11:16 d-------- C:\WINDOWS\system32\fi-FI
2008-08-10 11:13 . 2008-08-10 11:16 d-------- C:\WINDOWS\system32\XPSViewer
2008-08-10 11:13 . 2008-08-10 11:13 d-------- C:\Program Files\Reference Assemblies
2008-08-10 11:13 . 2008-08-10 11:13 d-------- C:\Program Files\MSBuild
2008-08-10 11:12 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-08-09 23:47 . 2008-08-09 23:47 d-------- C:\Documents and Settings\Aksu\Contacts
2008-08-09 13:09 . 2008-08-09 13:09 d-------- C:\Program Files\ERUNT
2008-08-09 13:01 . 2008-08-09 13:01 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-08-09 12:55 . 2008-08-14 20:27 d-------- C:\Program Files\Sysinternal
2008-08-09 11:33 . 2008-08-09 11:33 d-------- C:\Documents and Settings\Ismo\Application Data\SumatraPDF
2008-08-09 11:08 . 2008-08-09 11:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-09 10:45 . 2008-08-17 11:08 d-------- C:\Program Files\shup
2008-08-09 10:33 . 2008-08-09 10:33 d-------- C:\Program Files\TC
2008-08-09 10:00 . 2008-08-09 10:01 d-------- C:\Program Files\KuvaKaappari
2008-08-09 09:59 . 2008-08-09 09:59 d-------- C:\Documents and Settings\Ismo\Application Data\Thinstall
2008-08-08 22:29 . 2008-08-08 22:29 d-------- C:\Program Files\Nettimittari
2008-08-08 18:51 . 2008-08-08 18:52 d-------- C:\Program Files\Poltto
2008-08-08 17:22 . 2008-04-14 15:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-08 14:55 . 2008-04-14 15:00 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-08-08 14:06 . 2008-08-08 14:06 d-------- C:\Program Files\SpeedFan
2008-08-08 14:06 . 2008-08-08 14:06 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-08-08 13:31 . 2008-08-12 19:37 d-------- C:\Program Files\Apuja
2008-08-08 11:12 . 2008-08-08 11:12 d-------- C:\Program Files\Belarc
2008-08-08 11:12 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-08-07 21:05 . 2008-08-07 21:05 4,444 --a------ C:\WINDOWS\system32\pid.PNF
2008-08-07 21:01 . 2008-04-14 08:42 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-08-07 21:00 . 2001-07-21 21:49 2,104,298 --a------ C:\WINDOWS\system32\drivers\2gmgsmt.sf2
2008-08-07 19:18 . 2008-08-15 02:56 d-------- C:\Program Files\LimeWire
2008-08-07 19:18 . 2008-08-17 13:01 d-------- C:\Documents and Settings\Ismo\Application Data\LimeWire
2008-08-07 18:38 . 2008-08-07 18:38 280 --ah----- C:\sqmdata00.sqm
2008-08-07 18:38 . 2008-08-07 18:38 244 --ah----- C:\sqmnoopt00.sqm
2008-08-07 18:33 . 2008-08-07 18:33 d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-07 17:19 . 2008-08-07 18:33 d-------- C:\Program Files\Windows Live
2008-08-07 17:19 . 2008-08-07 18:32 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-07 17:19 . 2008-08-07 18:27 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-07 15:47 . 2008-08-16 18:49 d-------- C:\Documents and Settings\Sasu
2008-08-07 14:38 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-07 14:38 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-07 14:38 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-07 14:35 . 2008-08-07 14:35 d-------- C:\Program Files\Microsoft Works
2008-08-07 14:31 . 2008-08-07 14:31 d-------- C:\WINDOWS\SHELLNEW
2008-08-07 14:30 . 2008-08-07 14:30 dr-h----- C:\MSOCache
2008-08-07 14:30 . 2008-08-14 09:19 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-07 13:48 . 2008-08-07 14:35 d-------- C:\Documents and Settings\Ismo\Application Data\WordWeb
2008-08-07 13:43 . 2008-08-07 13:43 d-------- C:\Program Files\SumatraPDF
2008-08-07 13:35 . 2008-08-07 13:35 d-------- C:\Program Files\WordWeb
2008-08-07 13:35 . 2008-06-14 14:17 1,291,456 --------- C:\WINDOWS\system32\wweb32.dll
2008-08-07 11:41 . 2008-08-21 09:04 d-------- C:\HJT
2008-08-07 09:59 . 2008-08-07 09:59 d-------- C:\Program Files\CCleaner
2008-08-07 09:41 . 2008-08-07 09:45 d-------- C:\Program Files\Your Uninstaller 2008
2008-08-07 09:41 . 2008-08-07 09:41 d-------- C:\Documents and Settings\Ismo\Application Data\URSoft
2008-08-07 09:41 . 2008-08-19 18:55 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-07 09:14 . 2008-08-18 09:52 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 09:14 . 2008-08-07 09:14 d-------- C:\Documents and Settings\Ismo\Application Data\Malwarebytes
2008-08-07 09:14 . 2008-08-07 09:14 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-07 09:14 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-07 09:14 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-06 23:59 . 2008-08-16 17:08 d-------- C:\Documents and Settings\Aksu
2008-08-06 23:17 . 2008-08-12 16:18 d-------- C:\Program Files\Ad Muncher
2008-08-06 23:17 . 2008-08-06 23:19 d-------- C:\Documents and Settings\All Users\Application Data\Ad Muncher
2008-08-06 22:12 . 2008-08-15 12:17 d-------- C:\Program Files\uTorrent
2008-08-06 22:12 . 2008-08-19 20:09 d-------- C:\Documents and Settings\Ismo\Application Data\uTorrent
2008-08-06 21:24 . 2008-08-06 21:24 d-------- C:\Program Files\zabkat
2008-08-06 19:17 . 2008-08-06 19:17 d-------- C:\Documents and Settings\Tiina\Application Data\Avira
2008-08-06 19:10 . 2008-08-19 22:23 d-------- C:\Documents and Settings\Tiina
2008-08-06 19:01 . 2008-08-19 18:53 d-------- C:\Program Files\Opera
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 10:52 --------- d-----w C:\Documents and Settings\Tiina\Application Data\vlc
2008-08-16 09:14 --------- d-----w C:\Documents and Settings\Ismo\Application Data\vlc
2008-08-09 10:58 24,064 ----a-w C:\WINDOWS\system32\devldr32.exe
2008-08-07 17:40 --------- d-----w C:\Program Files\Weather Watcher
2008-08-07 17:37 --------- d-----w C:\Documents and Settings\Ismo\Application Data\WeatherWatcher
2008-08-06 15:40 --------- d-----w C:\Documents and Settings\Ismo\Application Data\Avira
2008-08-06 15:36 --------- d-----w C:\Program Files\Avira
2008-08-06 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-08-06 15:18 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-18 12:02 230,664 ----a-w C:\WINDOWS\system32\PDBoot.exe
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
.
((((((((((((((((((((((((((((( snapshot@2008-08-21_ 8.56.32.19 )))))))))))))))))))))))))))))))))))))))))
.
2005-10-20 09:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\AutoBackup\22.8.2008\ERDNT.EXE
2008-08-22 05:24:04 1,605,632 ----a-w C:\WINDOWS\ERDNT\AutoBackup\22.8.2008\Users\[u]0[/u]0000001\ntuser.dat
2008-08-22 05:24:04 12,288 ----a-w C:\WINDOWS\ERDNT\AutoBackup\22.8.2008\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-08-20 15:32:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-08-21 14:36:24 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-20 15:32:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-08-21 14:36:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-20 15:32:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
2008-08-21 14:36:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"="C:\Program Files\Weather Watcher\ww.exe" [2008-07-26 09:12 1077248]
"TinyResMeter"="C:\Program Files\Apuja\tinyresmeter097\TinyResMeter097.exe" [2007-09-26 09:23 87040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 14:28 266497]
"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2008-08-06 23:17 779776]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-08-10 12:11 3563232]
C:\Documents and Settings\Ismo\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]
Tiny Watcher Logon Time.lnk - C:\Program Files\Watcher\Watcher.exe [2006-11-19 19:47:18 319488]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WordWeb Pro.lnk - C:\Program Files\WordWeb\wweb32.exe [2008-08-07 13:35:00 42176]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoNetworkConnections"= 01000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-11 12:23]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-06-12 14:59]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 13:22]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2008-04-14 01:05]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Ismo\Application Data\Mozilla\Firefox\Profiles\ls631coh.default\
FF -: plugin - C:\Program Files\Opera\program\plugins\NPMSWMP.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NPOFF12.DLL
FF -: plugin - C:\Program Files\Opera\program\plugins\NPSWF32_back.dll
FF -: plugin - C:\Program Files\OperaIsmo\program\plugins\npdsplay.dll
FF -: plugin - C:\Program Files\OperaIsmo\program\plugins\npwmsdrm.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-22 09:15:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-22 9:16:03
ComboFix-quarantined-files.txt 2008-08-22 06:16:00
ComboFix2.txt 2008-08-22 06:10:27
ComboFix3.txt 2008-08-21 05:57:00
Pre-Run: 33,004,707,840 bytes free
Post-Run: 32,996,044,800 bytes free
209 --- E O F --- 2008-08-20 08:45:30
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:33, on 22.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\Apuja\tinyresmeter097\TinyResMeter097.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\zabkat\xplorer2_lite\xplorer2_lite.exe
C:\HJT\HooJiiTee.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [WeatherWatcher] "C:\Program Files\Weather Watcher\ww.exe"
O4 - HKCU\..\Run: [TinyResMeter] "C:\Program Files\Apuja\tinyresmeter097\TinyResMeter097.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Tiny Watcher Logon Time.lnk = C:\Program Files\Watcher\Watcher.exe
O4 - Global Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
--
End of file - 3225 bytes - 123321
samaa kirjoitti:
Ei ainakaan minun silmiin osu mitään ongelmia.
ComboFix 08-08-21.02 - Ismo 2008-08-22 9:13:37.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.290 [GMT 3:00]
Running from: C:\Documents and Settings\Ismo\Desktop\ComboFix.exe
Command switches used :: \u
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 )))))))))))))))))))))))))))))))
.
2008-08-21 15:40 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-08-20 17:41 . 2008-08-20 17:43 d-------- C:\Documents and Settings\Tiina\Application Data\SumatraPDF
2008-08-20 11:45 . 2008-08-20 11:45 d-------- C:\Program Files\MSXML 4.0
2008-08-19 19:03 . 2008-08-19 19:03 d-------- C:\Program Files\OperaIsmo
2008-08-19 10:25 . 2008-08-19 10:25 d-------- C:\Program Files\Watcher
2008-08-19 10:25 . 2008-08-19 10:25 d-------- C:\Documents and Settings\Ismo\Application Data\minuscule
2008-08-16 18:52 . 2008-08-16 18:52 d-------- C:\WINDOWS\Downloaded Installations
2008-08-16 18:52 . 2008-08-16 18:55 d-------- C:\Program Files\Neoretix
2008-08-16 17:04 . 2008-08-16 17:04 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-16 17:04 . 2008-08-16 17:04 d-------- C:\Program Files\Infogrames
2008-08-16 17:04 . 2008-08-16 17:04 d-------- C:\Program Files\Common Files\InstallShield
2008-08-16 16:52 . 2008-08-16 16:52 d-------- C:\Program Files\Microsoft Games
2008-08-16 13:52 . 2008-08-16 13:52 d-------- C:\Documents and Settings\Tiina\Application Data\vlc
2008-08-16 12:14 . 2008-08-16 12:14 d-------- C:\Documents and Settings\Ismo\Application Data\vlc
2008-08-15 22:33 . 2008-08-15 23:00 d-------- C:\Documents and Settings\Aksu\Application Data\Babylon
2008-08-14 23:06 . 2008-08-14 23:06 d-------- C:\Program Files\VideoLAN
2008-08-14 22:58 . 2008-08-14 22:58 d-------- C:\Program Files\ffdshow
2008-08-14 22:58 . 2006-12-10 23:32 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-08-14 22:58 . 2006-12-10 23:32 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-08-14 22:58 . 2008-06-08 23:58 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-08-14 22:58 . 2008-06-12 20:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-08-14 22:58 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-08-14 20:20 . 2008-08-14 20:21 d-------- C:\Program Files\jv16 PowerTools 2008
2008-08-14 11:26 . 2008-08-14 11:26 d-------- C:\Program Files\Babylon
2008-08-14 11:25 . 2008-08-14 11:57 d-------- C:\Documents and Settings\Ismo\Application Data\Babylon
2008-08-14 11:25 . 2008-08-22 08:24 d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2008-08-14 10:28 . 2008-08-14 10:28 d-------- C:\WINDOWS\Sun
2008-08-14 10:25 . 2008-08-14 10:25 d-------- C:\Program Files\Java
2008-08-14 10:25 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-13 12:28 . 2008-08-13 18:49 d-------- C:\Program Files\Unlocker
2008-08-12 22:35 . 2008-08-14 17:50 d-------- C:\Documents and Settings\Tiina\Application Data\Babylon
2008-08-12 18:08 . 2008-08-12 18:08 d-------- C:\Program Files\p-nand-q.com
2008-08-12 10:21 . 2008-08-12 10:21 d-------- C:\Program Files\Common Files\Java
2008-08-11 21:15 . 2008-08-11 21:24 d-------- C:\Program Files\Raxco
2008-08-11 21:15 . 2008-08-11 21:15 d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-08-11 21:15 . 2008-05-15 09:45 71,184 -ra------ C:\WINDOWS\system32\drivers\DefragFS.sys
2008-08-11 12:07 . 2008-08-11 12:10 d-------- C:\Documents and Settings\Aksu\Application Data\WeatherWatcher
2008-08-10 18:27 . 2008-08-10 18:27 d-------- C:\Program Files\Sublight
2008-08-10 15:29 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-08-10 15:29 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-08-10 11:43 . 2008-08-10 11:42 872,448 --a------ C:\WINDOWS\system32\libgfl211.dll
2008-08-10 11:40 . 2008-08-10 11:40 45 ---h----- C:\WINDOWS\dsez3524.dat
2008-08-10 11:38 . 2008-08-10 11:39 d-------- C:\Program Files\PhotoFiltre
2008-08-10 11:19 . 2008-08-10 11:54 d-------- C:\Program Files\Paint.NET
2008-08-10 11:16 . 2008-08-10 11:16 d-------- C:\WINDOWS\system32\fi-FI
2008-08-10 11:13 . 2008-08-10 11:16 d-------- C:\WINDOWS\system32\XPSViewer
2008-08-10 11:13 . 2008-08-10 11:13 d-------- C:\Program Files\Reference Assemblies
2008-08-10 11:13 . 2008-08-10 11:13 d-------- C:\Program Files\MSBuild
2008-08-10 11:12 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-08-09 23:47 . 2008-08-09 23:47 d-------- C:\Documents and Settings\Aksu\Contacts
2008-08-09 13:09 . 2008-08-09 13:09 d-------- C:\Program Files\ERUNT
2008-08-09 13:01 . 2008-08-09 13:01 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-08-09 12:55 . 2008-08-14 20:27 d-------- C:\Program Files\Sysinternal
2008-08-09 11:33 . 2008-08-09 11:33 d-------- C:\Documents and Settings\Ismo\Application Data\SumatraPDF
2008-08-09 11:08 . 2008-08-09 11:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-09 10:45 . 2008-08-17 11:08 d-------- C:\Program Files\shup
2008-08-09 10:33 . 2008-08-09 10:33 d-------- C:\Program Files\TC
2008-08-09 10:00 . 2008-08-09 10:01 d-------- C:\Program Files\KuvaKaappari
2008-08-09 09:59 . 2008-08-09 09:59 d-------- C:\Documents and Settings\Ismo\Application Data\Thinstall
2008-08-08 22:29 . 2008-08-08 22:29 d-------- C:\Program Files\Nettimittari
2008-08-08 18:51 . 2008-08-08 18:52 d-------- C:\Program Files\Poltto
2008-08-08 17:22 . 2008-04-14 15:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-08 14:55 . 2008-04-14 15:00 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-08-08 14:06 . 2008-08-08 14:06 d-------- C:\Program Files\SpeedFan
2008-08-08 14:06 . 2008-08-08 14:06 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-08-08 13:31 . 2008-08-12 19:37 d-------- C:\Program Files\Apuja
2008-08-08 11:12 . 2008-08-08 11:12 d-------- C:\Program Files\Belarc
2008-08-08 11:12 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-08-07 21:05 . 2008-08-07 21:05 4,444 --a------ C:\WINDOWS\system32\pid.PNF
2008-08-07 21:01 . 2008-04-14 08:42 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-08-07 21:00 . 2001-07-21 21:49 2,104,298 --a------ C:\WINDOWS\system32\drivers\2gmgsmt.sf2
2008-08-07 19:18 . 2008-08-15 02:56 d-------- C:\Program Files\LimeWire
2008-08-07 19:18 . 2008-08-17 13:01 d-------- C:\Documents and Settings\Ismo\Application Data\LimeWire
2008-08-07 18:38 . 2008-08-07 18:38 280 --ah----- C:\sqmdata00.sqm
2008-08-07 18:38 . 2008-08-07 18:38 244 --ah----- C:\sqmnoopt00.sqm
2008-08-07 18:33 . 2008-08-07 18:33 d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-07 17:19 . 2008-08-07 18:33 d-------- C:\Program Files\Windows Live
2008-08-07 17:19 . 2008-08-07 18:32 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-07 17:19 . 2008-08-07 18:27 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-07 15:47 . 2008-08-16 18:49 d-------- C:\Documents and Settings\Sasu
2008-08-07 14:38 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-07 14:38 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-07 14:38 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-07 14:35 . 2008-08-07 14:35 d-------- C:\Program Files\Microsoft Works
2008-08-07 14:31 . 2008-08-07 14:31 d-------- C:\WINDOWS\SHELLNEW
2008-08-07 14:30 . 2008-08-07 14:30 dr-h----- C:\MSOCache
2008-08-07 14:30 . 2008-08-14 09:19 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-07 13:48 . 2008-08-07 14:35 d-------- C:\Documents and Settings\Ismo\Application Data\WordWeb
2008-08-07 13:43 . 2008-08-07 13:43 d-------- C:\Program Files\SumatraPDF
2008-08-07 13:35 . 2008-08-07 13:35 d-------- C:\Program Files\WordWeb
2008-08-07 13:35 . 2008-06-14 14:17 1,291,456 --------- C:\WINDOWS\system32\wweb32.dll
2008-08-07 11:41 . 2008-08-21 09:04 d-------- C:\HJT
2008-08-07 09:59 . 2008-08-07 09:59 d-------- C:\Program Files\CCleaner
2008-08-07 09:41 . 2008-08-07 09:45 d-------- C:\Program Files\Your Uninstaller 2008
2008-08-07 09:41 . 2008-08-07 09:41 d-------- C:\Documents and Settings\Ismo\Application Data\URSoft
2008-08-07 09:41 . 2008-08-19 18:55 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-07 09:14 . 2008-08-18 09:52 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 09:14 . 2008-08-07 09:14 d-------- C:\Documents and Settings\Ismo\Application Data\Malwarebytes
2008-08-07 09:14 . 2008-08-07 09:14 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-07 09:14 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-07 09:14 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-06 23:59 . 2008-08-16 17:08 d-------- C:\Documents and Settings\Aksu
2008-08-06 23:17 . 2008-08-12 16:18 d-------- C:\Program Files\Ad Muncher
2008-08-06 23:17 . 2008-08-06 23:19 d-------- C:\Documents and Settings\All Users\Application Data\Ad Muncher
2008-08-06 22:12 . 2008-08-15 12:17 d-------- C:\Program Files\uTorrent
2008-08-06 22:12 . 2008-08-19 20:09 d-------- C:\Documents and Settings\Ismo\Application Data\uTorrent
2008-08-06 21:24 . 2008-08-06 21:24 d-------- C:\Program Files\zabkat
2008-08-06 19:17 . 2008-08-06 19:17 d-------- C:\Documents and Settings\Tiina\Application Data\Avira
2008-08-06 19:10 . 2008-08-19 22:23 d-------- C:\Documents and Settings\Tiina
2008-08-06 19:01 . 2008-08-19 18:53 d-------- C:\Program Files\Opera
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 10:52 --------- d-----w C:\Documents and Settings\Tiina\Application Data\vlc
2008-08-16 09:14 --------- d-----w C:\Documents and Settings\Ismo\Application Data\vlc
2008-08-09 10:58 24,064 ----a-w C:\WINDOWS\system32\devldr32.exe
2008-08-07 17:40 --------- d-----w C:\Program Files\Weather Watcher
2008-08-07 17:37 --------- d-----w C:\Documents and Settings\Ismo\Application Data\WeatherWatcher
2008-08-06 15:40 --------- d-----w C:\Documents and Settings\Ismo\Application Data\Avira
2008-08-06 15:36 --------- d-----w C:\Program Files\Avira
2008-08-06 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-08-06 15:18 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-18 12:02 230,664 ----a-w C:\WINDOWS\system32\PDBoot.exe
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
.
((((((((((((((((((((((((((((( snapshot@2008-08-21_ 8.56.32.19 )))))))))))))))))))))))))))))))))))))))))
.
2005-10-20 09:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\AutoBackup\22.8.2008\ERDNT.EXE
2008-08-22 05:24:04 1,605,632 ----a-w C:\WINDOWS\ERDNT\AutoBackup\22.8.2008\Users\[u]0[/u]0000001\ntuser.dat
2008-08-22 05:24:04 12,288 ----a-w C:\WINDOWS\ERDNT\AutoBackup\22.8.2008\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-08-20 15:32:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-08-21 14:36:24 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-20 15:32:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-08-21 14:36:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-20 15:32:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
2008-08-21 14:36:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"="C:\Program Files\Weather Watcher\ww.exe" [2008-07-26 09:12 1077248]
"TinyResMeter"="C:\Program Files\Apuja\tinyresmeter097\TinyResMeter097.exe" [2007-09-26 09:23 87040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 14:28 266497]
"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2008-08-06 23:17 779776]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-08-10 12:11 3563232]
C:\Documents and Settings\Ismo\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]
Tiny Watcher Logon Time.lnk - C:\Program Files\Watcher\Watcher.exe [2006-11-19 19:47:18 319488]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WordWeb Pro.lnk - C:\Program Files\WordWeb\wweb32.exe [2008-08-07 13:35:00 42176]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoNetworkConnections"= 01000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-11 12:23]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-06-12 14:59]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 13:22]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2008-04-14 01:05]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Ismo\Application Data\Mozilla\Firefox\Profiles\ls631coh.default\
FF -: plugin - C:\Program Files\Opera\program\plugins\NPMSWMP.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NPOFF12.DLL
FF -: plugin - C:\Program Files\Opera\program\plugins\NPSWF32_back.dll
FF -: plugin - C:\Program Files\OperaIsmo\program\plugins\npdsplay.dll
FF -: plugin - C:\Program Files\OperaIsmo\program\plugins\npwmsdrm.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-22 09:15:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-22 9:16:03
ComboFix-quarantined-files.txt 2008-08-22 06:16:00
ComboFix2.txt 2008-08-22 06:10:27
ComboFix3.txt 2008-08-21 05:57:00
Pre-Run: 33,004,707,840 bytes free
Post-Run: 32,996,044,800 bytes free
209 --- E O F --- 2008-08-20 08:45:30
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:33, on 22.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\Apuja\tinyresmeter097\TinyResMeter097.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\zabkat\xplorer2_lite\xplorer2_lite.exe
C:\HJT\HooJiiTee.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [WeatherWatcher] "C:\Program Files\Weather Watcher\ww.exe"
O4 - HKCU\..\Run: [TinyResMeter] "C:\Program Files\Apuja\tinyresmeter097\TinyResMeter097.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Tiny Watcher Logon Time.lnk = C:\Program Files\Watcher\Watcher.exe
O4 - Global Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
--
End of file - 3225 bytesLataa http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
OTMoveIt ja tallenna se työpöydällesi.
Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.
HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.
- 123321
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:15, on 18.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Admin\Työpöytä\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wlannet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5542 bytes
tässäkin käytetää mozsilaa
ie:tä joutuu käyttään joskus pakosta
kun toimii vain ie selaimella
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Kotkalainen Demari Riku Pirinen vangittu Saksassa lapsipornosta
https://www.kymensanomat.fi/paikalliset/8081054 Kotkalainen Demari Riku Pirinen vangittu Saksassa lapsipornon hallussapi1233134Vanhalle ukon rähjälle
Satutit mua niin paljon kun erottiin. Oletko todella niin itsekäs että kuvittelet että huolisin sut kaiken tapahtuneen372496Olen tosi outo....
Päättelen palstajuttujen perusteella mitä mieltä minun kaipauksen kohde minusta on. Joskus kuvittelen tänne selkeitä tap302435Maisa on SALAKUVATTU huumepoliisinsa kanssa!
https://www.seiska.fi/vain-seiskassa/ensimmainen-yhteiskuva-maisa-torpan-ja-poliisikullan-lahiorakkaus-roihuaa/15256631112159- 1141700
Hommaatko kinkkua jouluksi?
Itse tein pakastimeen n. 3Kg:n murekkeen sienillä ja juustokuorrutuksella. Voihan se olla, että jonkun pienen, valmiin k1721406Nurmossa kuoli 2 Lasta..
Autokolarissa. Näin kertovat iltapäivälehdet juuri nyt. 22.11. Ja aina ennen Joulua näitä tulee. . .261345Aatteleppa ite!
Jos ei oltaisikaan nyt NATOssa, olisimme puolueettomana sivustakatsojia ja elelisimme tyytyväisenä rauhassa maassamme.2911239Mikko Koivu yrittää pestä mustan valkoiseksi
Ilmeisesti huomannut, että Helenan tukijoukot kasvaa kasvamistaan. Riistakamera paljasti hiljattain kylmän totuuden Mi2791231- 621077