Tällei käskettii tehä kun troijalainen vaivaa ankarasti eikä suostu poistumaan.. mutta mikä tossa on vikana ja mitä seuraavaksi?
kiitos paljon jo etukäteen...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:24, on 30.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
H:\PhoneConnectorVMC.exe
H:\vmc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: (no name) - {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} - C:\WINDOWS\system32\nnnmjhfG.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {D8A73CB6-E938-488C-B597-2DC8C13C2DF5} - C:\WINDOWS\system32\ljJASjKb.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BM672c8484] Rundll32.exe "C:\WINDOWS\system32\ovvefdfw.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2BBC324-9556-4AED-86D9-FCD2FF9A356D}: NameServer = 195.226.224.72 195.226.224.76
O20 - Winlogon Notify: nnnmjhfG - C:\WINDOWS\SYSTEM32\nnnmjhfG.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8116 bytes
logini...
8
353
Vastaukset
- ------
Lataa VundoFix.exe
http://www.atribune.org/ccount/click.php?id=4 työpöydällesi.
• Tupla-klikkaa VundoFix.exe ajaaksesi sen.
• Klikkaa Scan for Vundo valintaa.
• Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
• Sinulta kysytään haluatko poistaa filut - klikkaa YES.
• Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
• Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
• Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.
Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
=============
1.Lataa combofix.exe työpöydällesi yhdestä, kahdesta klinkistä:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
======
Lataa SDFix by AndyManchesta
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan:
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä
Jossakin koneissa hakataan F8:sin sijasta F5:tä
• Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
• Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
• Paina Y käynnistääksesi skriptin.
• Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
• Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
• Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
• Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
• Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
• Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.- juupghjghj
VundoFix V7.0.3
Scan started at 10:41:41 30.4.2008
Listing files found while scanning....
C:\Program Files\PowerISO\PWRISOSH.DLL
C:\WINDOWS\system32\gglwbjsn.dll
C:\WINDOWS\system32\nnnmjhfG.dll
C:\WINDOWS\system32\wdtlqung.dll
Beginning removal...
Attempting to delete C:\Program Files\PowerISO\PWRISOSH.DLL
C:\Program Files\PowerISO\PWRISOSH.DLL Has been deleted!
Attempting to delete C:\WINDOWS\system32\gglwbjsn.dll
C:\WINDOWS\system32\gglwbjsn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wdtlqung.dll
C:\WINDOWS\system32\wdtlqung.dll Has been deleted!
Performing Repairs to the registry.
Done! - judfhgdjgdgh
juupghjghj kirjoitti:
VundoFix V7.0.3
Scan started at 10:41:41 30.4.2008
Listing files found while scanning....
C:\Program Files\PowerISO\PWRISOSH.DLL
C:\WINDOWS\system32\gglwbjsn.dll
C:\WINDOWS\system32\nnnmjhfG.dll
C:\WINDOWS\system32\wdtlqung.dll
Beginning removal...
Attempting to delete C:\Program Files\PowerISO\PWRISOSH.DLL
C:\Program Files\PowerISO\PWRISOSH.DLL Has been deleted!
Attempting to delete C:\WINDOWS\system32\gglwbjsn.dll
C:\WINDOWS\system32\gglwbjsn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wdtlqung.dll
C:\WINDOWS\system32\wdtlqung.dll Has been deleted!
Performing Repairs to the registry.
Done!Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:09, on 30.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\system32\wuauclt.exe
H:\PhoneConnectorVMC.exe
H:\vmc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {D8A73CB6-E938-488C-B597-2DC8C13C2DF5} - C:\WINDOWS\system32\ljJASjKb.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BM672c8484] Rundll32.exe "C:\WINDOWS\system32\ovvefdfw.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2BBC324-9556-4AED-86D9-FCD2FF9A356D}: NameServer = 195.226.224.72 195.226.224.76
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8018 bytes - jyugjghg
judfhgdjgdgh kirjoitti:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:09, on 30.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\system32\wuauclt.exe
H:\PhoneConnectorVMC.exe
H:\vmc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {D8A73CB6-E938-488C-B597-2DC8C13C2DF5} - C:\WINDOWS\system32\ljJASjKb.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BM672c8484] Rundll32.exe "C:\WINDOWS\system32\ovvefdfw.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2BBC324-9556-4AED-86D9-FCD2FF9A356D}: NameServer = 195.226.224.72 195.226.224.76
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8018 bytesComboFix 08-04-29.3 - Otto 2008-04-30 11:00:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.106 [GMT 3:00]
Running from: C:\Documents and Settings\Otto\Työpöytä\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\atjociba.dll
C:\WINDOWS\system32\beaonqdh.ini
C:\WINDOWS\system32\bhfanahq.dll
C:\WINDOWS\system32\bKjSAJjl.ini
C:\WINDOWS\system32\bKjSAJjl.ini2
C:\WINDOWS\system32\bsxtjqyr.dll
C:\WINDOWS\system32\chnqfeay.dll
C:\WINDOWS\system32\chsjppli.dll
C:\WINDOWS\system32\cnysuoej.ini
C:\WINDOWS\system32\hbeivjny.ini
C:\WINDOWS\system32\hdqnoaeb.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJBRLec.dll
C:\WINDOWS\system32\naentvtv.dll
C:\WINDOWS\system32\nbvoprjo.ini
C:\WINDOWS\system32\okxgnrqp.dll
C:\WINDOWS\system32\opgeqjnm.dll
C:\WINDOWS\system32\plbkuunj.ini
C:\WINDOWS\system32\qeitxwko.dll
C:\WINDOWS\system32\rmrapspf.ini
C:\WINDOWS\system32\swlhljse.dll
C:\WINDOWS\system32\tulxmxjh.ini
C:\WINDOWS\system32\uiheiejs.ini
C:\WINDOWS\system32\wgfyemdb.dll
C:\WINDOWS\system32\vrfuoskn.ini
C:\WINDOWS\system32\vthhobaj.dll
C:\WINDOWS\system32\ybguklay.ini
.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-03-28 to 2008-04-30 )))))))))))))))))
.
2008-04-30 10:41 . 2008-04-30 10:52 d-------- C:\VundoFix Backups
2008-04-30 09:46 . 2008-04-30 09:46 d-------- C:\Program Files\Trend Micro
2008-04-25 09:25 . 2008-04-25 09:25 d-------- C:\Program Files\Opera
2008-04-21 19:18 . 2008-04-29 19:24 109,767 --a------ C:\WINDOWS\BM672c8484.xml
2008-04-20 16:18 . 2008-04-20 16:18 d-------- C:\Program Files\Alcohol Soft
2008-04-16 18:08 . 2008-04-16 18:08 d-------- C:\Program Files\LimeWire
2008-04-16 18:08 . 2008-04-29 07:13 d-------- C:\Documents and Settings\Otto\Application Data\LimeWire
2008-04-14 18:04 . 2008-04-14 18:04 d-------- C:\Documents and Settings\Otto\e-Safekey
2008-04-14 16:34 . 2008-04-14 16:35 d-------- C:\WINDOWS\system32\NtmsData
2008-04-12 23:47 . 2008-04-30 09:25 7,168 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-04-10 14:11 . 2001-10-05 15:59 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-10 14:11 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-09 12:26 . 2008-04-23 12:43 d-------- C:\Program Files\DOSBox-0.72
2008-03-31 19:15 . 2008-03-31 19:15 d-------- C:\Program Files\Common Files\Autodesk
2008-03-31 19:13 . 2008-03-31 19:13 d-------- C:\Program Files\DWG TrueView 2007
2008-03-31 19:12 . 2008-03-31 19:12 d-------- C:\Program Files\Microsoft WSE
2008-03-31 18:58 . 2008-03-31 20:05 d-------- C:\Program Files\AutoCAD Civil 3D 2008
2008-03-31 18:58 . 2008-03-31 20:05 d-------- C:\Documents and Settings\Otto\Application Data\Autodesk
2008-03-31 18:58 . 2008-03-31 19:17 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-03-31 18:58 . 2008-03-31 18:58 d-------- C:\Civil 3D Projects
2008-03-31 18:58 . 2008-03-31 18:58 d-------- C:\Civil 3D Project Templates
2008-03-31 18:56 . 2008-03-31 19:15 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-17 22:48 . 2008-03-17 22:48 268 --ah----- C:\sqmdata03.sqm
2008-03-17 22:48 . 2008-03-17 22:48 244 --ah----- C:\sqmnoopt03.sqm
2008-03-15 19:50 . 2008-03-15 19:50 d-------- C:\Program Files\ProPilkki2
2008-03-15 13:14 . 2008-03-15 13:14 d-------- C:\Documents and Settings\Otto\Application Data\vlc
2008-03-15 12:47 . 2008-03-15 12:47 d-------- C:\Program Files\VideoLAN
2008-03-15 12:26 . 2008-01-01 01:00 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-03-15 12:26 . 2008-03-06 18:42 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-03-15 12:26 . 2008-01-01 01:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-03-13 22:02 . 2008-04-30 10:29 d-------- C:\Documents and Settings\Otto\.xmoto
2008-03-12 07:36 . 2008-03-12 07:37 d-------- C:\WINDOWS\UbiSoft
2008-03-08 11:46 . 2008-04-25 09:21 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-04 23:01 . 2008-03-04 23:01 d-------- C:\Program Files\MSXML 6.0
2008-03-04 17:52 . 2008-03-17 16:01 14 --a------ C:\WINDOWS\popcinfo.dat
2008-03-03 18:40 . 2008-03-31 19:15 d-------- C:\Program Files\Autodesk
2008-03-02 20:47 . 2008-03-02 20:47 d-------- C:\Documents and Settings\Otto\Application Data\Qtrax1
2008-03-02 20:45 . 2008-03-02 20:45 d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-03-01 20:14 . 2008-03-01 20:14 268 --ah----- C:\sqmdata02.sqm
2008-03-01 20:14 . 2008-03-01 20:14 244 --ah----- C:\sqmnoopt02.sqm
2008-03-01 19:01 . 2008-03-01 19:01 268 --ah----- C:\sqmdata01.sqm
2008-03-01 19:01 . 2008-03-01 19:01 244 --ah----- C:\sqmnoopt01.sqm
2008-03-01 15:32 . 2008-04-22 11:27 40 --a------ C:\WINDOWS\nero.INI
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 07:52 --------- d-----w C:\Program Files\PowerISO
2008-04-30 07:29 --------- d-----w C:\Program Files\XMoto
2008-04-22 17:51 --------- d-----w C:\Documents and Settings\Otto\Application Data\uTorrent
2008-04-22 07:40 --------- d-----w C:\Program Files\Winamp
2008-04-22 07:23 --------- d-----w C:\Documents and Settings\Otto\Application Data\Winamp
2008-04-20 13:14 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-16 14:51 --------- d-----w C:\Program Files\DC
2008-04-03 05:50 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-15 10:14 --------- d-----w C:\Documents and Settings\Otto\Application Data\vlc
2008-03-15 09:27 --------- d-----w C:\Program Files\ffdshow
2008-03-12 09:34 --------- d-----w C:\Program Files\XviD
2008-03-01 12:48 --------- d-----w C:\Documents and Settings\Otto\Application Data\BSplayer Pro
2008-03-01 12:32 --------- d-----w C:\Documents and Settings\Otto\Application Data\NeroVision
2008-02-02 15:27 26,023 -c--a-w C:\WINDOWS\E220AutoRunLog.tmp
2008-01-30 16:29 315,392 -c--a-w C:\WINDOWS\HideWin.exe
2008-01-09 13:25 16,859,648 ----a-w C:\WINDOWS\RTHDCPL.exe
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D8A73CB6-E938-488C-B597-2DC8C13C2DF5}]
C:\WINDOWS\system32\ljJASjKb.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 16:34 3739672]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 13:48 157592]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 18:58 217544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-19 12:08 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-19 12:08 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-19 12:07 131072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 20:40 2577632]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16:25 16859648 C:\WINDOWS\RTHDCPL.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 03:12 483328]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 03:05 200704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"BM672c8484"="C:\WINDOWS\system32\ovvefdfw.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 16:12 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\DC \\DCPlusPlus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\ProPilkki2\\ProPilkki2.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 20:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20:35]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a77a7e0-d167-11dc-9c52-00030d60bdb3}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a77a7e2-d167-11dc-9c52-00030d60bdb3}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{504d60e8-cf57-11dc-9c4d-00030d60bdb3}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{504d60e9-cf57-11dc-9c4d-00030d60bdb3}]
\Shell\AutoRun\command - H:\VMC_PBStarter.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 11:04:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Sygate\SPF\Smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\RAXCO\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
.
**************************************************************************
.
Completion time: 2008-04-30 11:07:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-30 08:07:13
Pre-Run: 4,961,447,936 tavua vapaana
Post-Run: 4,968,648,704 tavua vapaana
181 --- E O F --- 2008-04-10 17:40:20 - dfhdfdfh
jyugjghg kirjoitti:
ComboFix 08-04-29.3 - Otto 2008-04-30 11:00:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.106 [GMT 3:00]
Running from: C:\Documents and Settings\Otto\Työpöytä\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\atjociba.dll
C:\WINDOWS\system32\beaonqdh.ini
C:\WINDOWS\system32\bhfanahq.dll
C:\WINDOWS\system32\bKjSAJjl.ini
C:\WINDOWS\system32\bKjSAJjl.ini2
C:\WINDOWS\system32\bsxtjqyr.dll
C:\WINDOWS\system32\chnqfeay.dll
C:\WINDOWS\system32\chsjppli.dll
C:\WINDOWS\system32\cnysuoej.ini
C:\WINDOWS\system32\hbeivjny.ini
C:\WINDOWS\system32\hdqnoaeb.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJBRLec.dll
C:\WINDOWS\system32\naentvtv.dll
C:\WINDOWS\system32\nbvoprjo.ini
C:\WINDOWS\system32\okxgnrqp.dll
C:\WINDOWS\system32\opgeqjnm.dll
C:\WINDOWS\system32\plbkuunj.ini
C:\WINDOWS\system32\qeitxwko.dll
C:\WINDOWS\system32\rmrapspf.ini
C:\WINDOWS\system32\swlhljse.dll
C:\WINDOWS\system32\tulxmxjh.ini
C:\WINDOWS\system32\uiheiejs.ini
C:\WINDOWS\system32\wgfyemdb.dll
C:\WINDOWS\system32\vrfuoskn.ini
C:\WINDOWS\system32\vthhobaj.dll
C:\WINDOWS\system32\ybguklay.ini
.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-03-28 to 2008-04-30 )))))))))))))))))
.
2008-04-30 10:41 . 2008-04-30 10:52 d-------- C:\VundoFix Backups
2008-04-30 09:46 . 2008-04-30 09:46 d-------- C:\Program Files\Trend Micro
2008-04-25 09:25 . 2008-04-25 09:25 d-------- C:\Program Files\Opera
2008-04-21 19:18 . 2008-04-29 19:24 109,767 --a------ C:\WINDOWS\BM672c8484.xml
2008-04-20 16:18 . 2008-04-20 16:18 d-------- C:\Program Files\Alcohol Soft
2008-04-16 18:08 . 2008-04-16 18:08 d-------- C:\Program Files\LimeWire
2008-04-16 18:08 . 2008-04-29 07:13 d-------- C:\Documents and Settings\Otto\Application Data\LimeWire
2008-04-14 18:04 . 2008-04-14 18:04 d-------- C:\Documents and Settings\Otto\e-Safekey
2008-04-14 16:34 . 2008-04-14 16:35 d-------- C:\WINDOWS\system32\NtmsData
2008-04-12 23:47 . 2008-04-30 09:25 7,168 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-04-10 14:11 . 2001-10-05 15:59 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-10 14:11 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-09 12:26 . 2008-04-23 12:43 d-------- C:\Program Files\DOSBox-0.72
2008-03-31 19:15 . 2008-03-31 19:15 d-------- C:\Program Files\Common Files\Autodesk
2008-03-31 19:13 . 2008-03-31 19:13 d-------- C:\Program Files\DWG TrueView 2007
2008-03-31 19:12 . 2008-03-31 19:12 d-------- C:\Program Files\Microsoft WSE
2008-03-31 18:58 . 2008-03-31 20:05 d-------- C:\Program Files\AutoCAD Civil 3D 2008
2008-03-31 18:58 . 2008-03-31 20:05 d-------- C:\Documents and Settings\Otto\Application Data\Autodesk
2008-03-31 18:58 . 2008-03-31 19:17 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-03-31 18:58 . 2008-03-31 18:58 d-------- C:\Civil 3D Projects
2008-03-31 18:58 . 2008-03-31 18:58 d-------- C:\Civil 3D Project Templates
2008-03-31 18:56 . 2008-03-31 19:15 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-17 22:48 . 2008-03-17 22:48 268 --ah----- C:\sqmdata03.sqm
2008-03-17 22:48 . 2008-03-17 22:48 244 --ah----- C:\sqmnoopt03.sqm
2008-03-15 19:50 . 2008-03-15 19:50 d-------- C:\Program Files\ProPilkki2
2008-03-15 13:14 . 2008-03-15 13:14 d-------- C:\Documents and Settings\Otto\Application Data\vlc
2008-03-15 12:47 . 2008-03-15 12:47 d-------- C:\Program Files\VideoLAN
2008-03-15 12:26 . 2008-01-01 01:00 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-03-15 12:26 . 2008-03-06 18:42 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-03-15 12:26 . 2008-01-01 01:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-03-13 22:02 . 2008-04-30 10:29 d-------- C:\Documents and Settings\Otto\.xmoto
2008-03-12 07:36 . 2008-03-12 07:37 d-------- C:\WINDOWS\UbiSoft
2008-03-08 11:46 . 2008-04-25 09:21 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-04 23:01 . 2008-03-04 23:01 d-------- C:\Program Files\MSXML 6.0
2008-03-04 17:52 . 2008-03-17 16:01 14 --a------ C:\WINDOWS\popcinfo.dat
2008-03-03 18:40 . 2008-03-31 19:15 d-------- C:\Program Files\Autodesk
2008-03-02 20:47 . 2008-03-02 20:47 d-------- C:\Documents and Settings\Otto\Application Data\Qtrax1
2008-03-02 20:45 . 2008-03-02 20:45 d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-03-01 20:14 . 2008-03-01 20:14 268 --ah----- C:\sqmdata02.sqm
2008-03-01 20:14 . 2008-03-01 20:14 244 --ah----- C:\sqmnoopt02.sqm
2008-03-01 19:01 . 2008-03-01 19:01 268 --ah----- C:\sqmdata01.sqm
2008-03-01 19:01 . 2008-03-01 19:01 244 --ah----- C:\sqmnoopt01.sqm
2008-03-01 15:32 . 2008-04-22 11:27 40 --a------ C:\WINDOWS\nero.INI
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 07:52 --------- d-----w C:\Program Files\PowerISO
2008-04-30 07:29 --------- d-----w C:\Program Files\XMoto
2008-04-22 17:51 --------- d-----w C:\Documents and Settings\Otto\Application Data\uTorrent
2008-04-22 07:40 --------- d-----w C:\Program Files\Winamp
2008-04-22 07:23 --------- d-----w C:\Documents and Settings\Otto\Application Data\Winamp
2008-04-20 13:14 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-16 14:51 --------- d-----w C:\Program Files\DC
2008-04-03 05:50 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-15 10:14 --------- d-----w C:\Documents and Settings\Otto\Application Data\vlc
2008-03-15 09:27 --------- d-----w C:\Program Files\ffdshow
2008-03-12 09:34 --------- d-----w C:\Program Files\XviD
2008-03-01 12:48 --------- d-----w C:\Documents and Settings\Otto\Application Data\BSplayer Pro
2008-03-01 12:32 --------- d-----w C:\Documents and Settings\Otto\Application Data\NeroVision
2008-02-02 15:27 26,023 -c--a-w C:\WINDOWS\E220AutoRunLog.tmp
2008-01-30 16:29 315,392 -c--a-w C:\WINDOWS\HideWin.exe
2008-01-09 13:25 16,859,648 ----a-w C:\WINDOWS\RTHDCPL.exe
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D8A73CB6-E938-488C-B597-2DC8C13C2DF5}]
C:\WINDOWS\system32\ljJASjKb.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 16:34 3739672]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 13:48 157592]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 18:58 217544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-19 12:08 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-19 12:08 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-19 12:07 131072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 20:40 2577632]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16:25 16859648 C:\WINDOWS\RTHDCPL.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 03:12 483328]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 03:05 200704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"BM672c8484"="C:\WINDOWS\system32\ovvefdfw.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 16:12 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\DC \\DCPlusPlus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\ProPilkki2\\ProPilkki2.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 20:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20:35]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a77a7e0-d167-11dc-9c52-00030d60bdb3}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a77a7e2-d167-11dc-9c52-00030d60bdb3}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{504d60e8-cf57-11dc-9c4d-00030d60bdb3}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{504d60e9-cf57-11dc-9c4d-00030d60bdb3}]
\Shell\AutoRun\command - H:\VMC_PBStarter.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 11:04:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Sygate\SPF\Smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\RAXCO\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
.
**************************************************************************
.
Completion time: 2008-04-30 11:07:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-30 08:07:13
Pre-Run: 4,961,447,936 tavua vapaana
Post-Run: 4,968,648,704 tavua vapaana
181 --- E O F --- 2008-04-10 17:40:20[b]SDFix: Version 1.177 [/b]
Run by Otto on ke 30.04.2008 at 11:22
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\Otto\TYPYT~1\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 11:28:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:56f96631
"s2"=dword:41a7d6f1
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:4a,bf,e6,e6,e2,19,a5,e8,02,bb,fd,81,fb,9a,0d,10,3a,0a,a1,35,56,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,1e,e5,b8,5d,87,98,ae,4c,45,70,de,30,ba,18,e1,a2,..
"khjeh"=hex:f6,ce,c2,c1,19,22,63,e7,8c,fa,c6,ba,96,ab,0c,4d,0d,2b,29,de,79,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:51,f8,3d,a7,94,34,f7,bf,81,aa,9d,72,00,5f,d6,cc,2b,80,2f,f3,9d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:4a,bf,e6,e6,e2,19,a5,e8,02,bb,fd,81,fb,9a,0d,10,3a,0a,a1,35,56,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,1e,e5,b8,5d,87,98,ae,4c,45,70,de,30,ba,18,e1,a2,..
"khjeh"=hex:f6,ce,c2,c1,19,22,63,e7,8c,fa,c6,ba,96,ab,0c,4d,0d,2b,29,de,79,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:51,f8,3d,a7,94,34,f7,bf,81,aa,9d,72,00,5f,d6,cc,2b,80,2f,f3,9d,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\DC \\DCPlusPlus.exe"="C:\\Program Files\\DC \\DCPlusPlus.exe:*:Enabled:DC "
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\ProPilkki2\\ProPilkki2.exe"="C:\\Program Files\\ProPilkki2\\ProPilkki2.exe:*:Enabled:Main executable for PP2"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Disabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\Otto\TYPYT~1\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Tue 29 Apr 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 30 Jan 2008 617,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0be1361452f65c042d9f57f3cb12e221\BIT4D.tmp"
Wed 30 Jan 2008 882,056 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\300b28ed68f6135eed9f43fd03c89fe9\BIT59.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a24e02e76883ba5a93ac3b6025a8a826\BIT124.tmp"
Wed 6 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT1.tmp"
Wed 30 Jan 2008 803,744 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b37f98fadb766cea2c024b3f99cdf289\BIT4E.tmp"
Wed 30 Jan 2008 724,360 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bd6d3b724a459fe9a0d3fd79e7acee9b\BIT5C.tmp"
Wed 30 Jan 2008 17,235,472 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1c7e325ab7957c79bef82f98c517a8d\BITB8.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1095dcf1989563f29249489b5df12215\download\BIT71.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1311dcccf2dbdfa1f9b146f0c11d0fc5\download\BIT69.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18f7de7388f2ecc3ee2c049ee2fc9d0e\download\BIT72.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1a7c02b89e84aa289203de8d42ab6aab\download\BIT8C.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2706899d69e6fe717249704788ceb17a\download\BIT70.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2a9af77915d50aa8c49a031a1f10b6ff\download\BIT6F.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3082d0faf4ab17888ff73a544582dfd5\download\BIT7B.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\34a430ee026486db9a903a257e76a103\download\BIT9B.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\35e2767a301c333b8486b013036ee4f6\download\BIT74.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\39737f8bd20981fb485b0c0cc5ecb7ea\download\BIT11C.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\39f6cf67abed2ca8894f00e506145216\download\BITA1.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3b5bc2876ee7228987c0a0d662ec1c40\download\BIT65.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4275123841de54fb6e319265fd1862e2\download\BIT8B.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\44979ad6096e28df5c1a4e84ef6d4a2b\download\BIT10D.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4bba0dde0e34496f84cfa3bac7ffb024\download\BIT38.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4d751569682bcfab516d1b90aefe69c0\download\BITA4.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4e2ec8fce4444680047ecca3265bda54\download\BITB7.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4fa7077dc904550867b20e133969e20a\download\BIT8D.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\51f605d615d706ed335e44101daf2df7\download\BIT87.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52d535445a7e6158af3f02ffad4711ed\download\BIT43.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\56f70cca1e2a40d22c814f1bfefc9bb1\download\BIT54.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5c21a120780a300cf4813481901e851b\download\BIT88.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5d84bce1e6dc6864a3cf8fb4b6fd376a\download\BIT7F.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\60723e196e020dc7423aa702cd0028ad\download\BIT9E.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\62316eff7bda54cea8b3662cd023d7b5\download\BIT35.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\64280fa1997e4f7f6a00252b4a55a0f8\download\BIT7E.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6a5e0ac81b305e5bbc0293b72ef8338c\download\BIT68.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6c3b88f4b16cf163a4cea1e14aee9425\download\BIT64.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7151e4231862c5cbf2054db3516083eb\download\BIT119.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7643647af098b499f9f8f36bf81f536d\download\BIT66.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7708f167d5169af618bbeb30cdb2b1a7\download\BIT6F.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\79c3ec9e566ab9aff1b04775d258df76\download\BIT6C.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7c87381decbfc5191ce4ea070e0892b4\download\BITB0.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7cde4e92d87f06cc4457a83c3710b62a\download\BIT83.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7f6d795d8a90a0eb6bcd0e85625c8ca9\download\BIT9F.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\83b6df52cdb930a6f939b1d4798b27c5\download\BIT52.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\86831e5e925ba02101beff57397757f9\download\BIT7D.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\88b51537c37f2a9e9727bb61dd96c5b5\download\BIT81.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a63c9398158ec80701db982bcbd7cca\download\BIT51.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8dd4640e901c5de38f0d64d197b1b2cd\download\BIT6D.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9136a9b97bccf847c5b41e7a92b17920\download\BIT67.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\96156a2ef7a2c5dee8d691fa03c9edb1\download\BIT8A.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a489706e9d5ea7dc3d43b43642a7d51d\download\BIT6A.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a70a26467dba6eddb633f66a1b811ee8\download\BIT82.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a9cf94f9d7398f30022fbe6b31a90f07\download\BIT36.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\aa82bcba44a53dd46e60b7cedf1f9ae6\download\BIT84.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b5be6d028e4dbb6dd6a89ccb6fd68f72\download\BIT89.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b6eb675d5f85f7cde20befdb34dbe983\download\BIT6E.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b7f41b806501f1d51e02fc562a76f4a9\download\BIT3B.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b9a2129f71ac7be82e95b195ce60565e\download\BIT37.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\df99d41238947c56a1f33be4644e80b6\download\BIT118.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e3733102018a3400101ffede29e556f9\download\BIT53.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e41a589dc265b6b9321428a83ae844bb\download\BIT6B.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e6100c85b474115eaac525a2750bcd4e\download\BITB6.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e630756b08c4d863fbaf50cc71bedb61\download\BIT9C.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e9f0c995ce3c4067e6bbdab6d52cf97e\download\BIT86.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ea0f75676c11484a862a8b83cc7166ab\download\BIT80.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ee5488f0a0d7c2d3346104b76390be31\download\BIT73.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f052a5a48ce71727f801d1f48f751740\download\BIT8E.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f55493df0bc3b4b8615b2a0a3272569e\download\BIT85.tmp"
[b]Finished![/b] - dfhdhdh
dfhdfdfh kirjoitti:
[b]SDFix: Version 1.177 [/b]
Run by Otto on ke 30.04.2008 at 11:22
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\Otto\TYPYT~1\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 11:28:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:56f96631
"s2"=dword:41a7d6f1
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:4a,bf,e6,e6,e2,19,a5,e8,02,bb,fd,81,fb,9a,0d,10,3a,0a,a1,35,56,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,1e,e5,b8,5d,87,98,ae,4c,45,70,de,30,ba,18,e1,a2,..
"khjeh"=hex:f6,ce,c2,c1,19,22,63,e7,8c,fa,c6,ba,96,ab,0c,4d,0d,2b,29,de,79,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:51,f8,3d,a7,94,34,f7,bf,81,aa,9d,72,00,5f,d6,cc,2b,80,2f,f3,9d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:4a,bf,e6,e6,e2,19,a5,e8,02,bb,fd,81,fb,9a,0d,10,3a,0a,a1,35,56,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,1e,e5,b8,5d,87,98,ae,4c,45,70,de,30,ba,18,e1,a2,..
"khjeh"=hex:f6,ce,c2,c1,19,22,63,e7,8c,fa,c6,ba,96,ab,0c,4d,0d,2b,29,de,79,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:51,f8,3d,a7,94,34,f7,bf,81,aa,9d,72,00,5f,d6,cc,2b,80,2f,f3,9d,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\DC \\DCPlusPlus.exe"="C:\\Program Files\\DC \\DCPlusPlus.exe:*:Enabled:DC "
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\ProPilkki2\\ProPilkki2.exe"="C:\\Program Files\\ProPilkki2\\ProPilkki2.exe:*:Enabled:Main executable for PP2"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Disabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\Otto\TYPYT~1\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Tue 29 Apr 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 30 Jan 2008 617,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0be1361452f65c042d9f57f3cb12e221\BIT4D.tmp"
Wed 30 Jan 2008 882,056 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\300b28ed68f6135eed9f43fd03c89fe9\BIT59.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a24e02e76883ba5a93ac3b6025a8a826\BIT124.tmp"
Wed 6 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT1.tmp"
Wed 30 Jan 2008 803,744 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b37f98fadb766cea2c024b3f99cdf289\BIT4E.tmp"
Wed 30 Jan 2008 724,360 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bd6d3b724a459fe9a0d3fd79e7acee9b\BIT5C.tmp"
Wed 30 Jan 2008 17,235,472 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1c7e325ab7957c79bef82f98c517a8d\BITB8.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1095dcf1989563f29249489b5df12215\download\BIT71.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1311dcccf2dbdfa1f9b146f0c11d0fc5\download\BIT69.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18f7de7388f2ecc3ee2c049ee2fc9d0e\download\BIT72.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1a7c02b89e84aa289203de8d42ab6aab\download\BIT8C.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2706899d69e6fe717249704788ceb17a\download\BIT70.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2a9af77915d50aa8c49a031a1f10b6ff\download\BIT6F.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3082d0faf4ab17888ff73a544582dfd5\download\BIT7B.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\34a430ee026486db9a903a257e76a103\download\BIT9B.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\35e2767a301c333b8486b013036ee4f6\download\BIT74.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\39737f8bd20981fb485b0c0cc5ecb7ea\download\BIT11C.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\39f6cf67abed2ca8894f00e506145216\download\BITA1.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3b5bc2876ee7228987c0a0d662ec1c40\download\BIT65.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4275123841de54fb6e319265fd1862e2\download\BIT8B.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\44979ad6096e28df5c1a4e84ef6d4a2b\download\BIT10D.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4bba0dde0e34496f84cfa3bac7ffb024\download\BIT38.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4d751569682bcfab516d1b90aefe69c0\download\BITA4.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4e2ec8fce4444680047ecca3265bda54\download\BITB7.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4fa7077dc904550867b20e133969e20a\download\BIT8D.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\51f605d615d706ed335e44101daf2df7\download\BIT87.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52d535445a7e6158af3f02ffad4711ed\download\BIT43.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\56f70cca1e2a40d22c814f1bfefc9bb1\download\BIT54.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5c21a120780a300cf4813481901e851b\download\BIT88.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5d84bce1e6dc6864a3cf8fb4b6fd376a\download\BIT7F.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\60723e196e020dc7423aa702cd0028ad\download\BIT9E.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\62316eff7bda54cea8b3662cd023d7b5\download\BIT35.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\64280fa1997e4f7f6a00252b4a55a0f8\download\BIT7E.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6a5e0ac81b305e5bbc0293b72ef8338c\download\BIT68.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6c3b88f4b16cf163a4cea1e14aee9425\download\BIT64.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7151e4231862c5cbf2054db3516083eb\download\BIT119.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7643647af098b499f9f8f36bf81f536d\download\BIT66.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7708f167d5169af618bbeb30cdb2b1a7\download\BIT6F.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\79c3ec9e566ab9aff1b04775d258df76\download\BIT6C.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7c87381decbfc5191ce4ea070e0892b4\download\BITB0.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7cde4e92d87f06cc4457a83c3710b62a\download\BIT83.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7f6d795d8a90a0eb6bcd0e85625c8ca9\download\BIT9F.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\83b6df52cdb930a6f939b1d4798b27c5\download\BIT52.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\86831e5e925ba02101beff57397757f9\download\BIT7D.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\88b51537c37f2a9e9727bb61dd96c5b5\download\BIT81.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a63c9398158ec80701db982bcbd7cca\download\BIT51.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8dd4640e901c5de38f0d64d197b1b2cd\download\BIT6D.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9136a9b97bccf847c5b41e7a92b17920\download\BIT67.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\96156a2ef7a2c5dee8d691fa03c9edb1\download\BIT8A.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a489706e9d5ea7dc3d43b43642a7d51d\download\BIT6A.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a70a26467dba6eddb633f66a1b811ee8\download\BIT82.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a9cf94f9d7398f30022fbe6b31a90f07\download\BIT36.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\aa82bcba44a53dd46e60b7cedf1f9ae6\download\BIT84.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b5be6d028e4dbb6dd6a89ccb6fd68f72\download\BIT89.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b6eb675d5f85f7cde20befdb34dbe983\download\BIT6E.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b7f41b806501f1d51e02fc562a76f4a9\download\BIT3B.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b9a2129f71ac7be82e95b195ce60565e\download\BIT37.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\df99d41238947c56a1f33be4644e80b6\download\BIT118.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e3733102018a3400101ffede29e556f9\download\BIT53.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e41a589dc265b6b9321428a83ae844bb\download\BIT6B.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e6100c85b474115eaac525a2750bcd4e\download\BITB6.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e630756b08c4d863fbaf50cc71bedb61\download\BIT9C.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e9f0c995ce3c4067e6bbdab6d52cf97e\download\BIT86.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ea0f75676c11484a862a8b83cc7166ab\download\BIT80.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ee5488f0a0d7c2d3346104b76390be31\download\BIT73.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f052a5a48ce71727f801d1f48f751740\download\BIT8E.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f55493df0bc3b4b8615b2a0a3272569e\download\BIT85.tmp"
[b]Finished![/b]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:32, on 30.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {D8A73CB6-E938-488C-B597-2DC8C13C2DF5} - C:\WINDOWS\system32\ljJASjKb.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BM672c8484] Rundll32.exe "C:\WINDOWS\system32\ovvefdfw.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 7511 bytes - juuxcgbxbxbv
dfhdhdh kirjoitti:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:32, on 30.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {D8A73CB6-E938-488C-B597-2DC8C13C2DF5} - C:\WINDOWS\system32\ljJASjKb.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BM672c8484] Rundll32.exe "C:\WINDOWS\system32\ovvefdfw.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 7511 bytesnytkö on kaikki taas kunnossa???
kiitos paljon avusta... - ------
juuxcgbxbxbv kirjoitti:
nytkö on kaikki taas kunnossa???
kiitos paljon avusta...C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Uudelleen nimeäminen
1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia.
http://i71.photobucket.com/albums/i125/timray2006/hjtrename1.jpg
2. Valitse Uudelleennineä/ Rename.
http://i71.photobucket.com/albums/i125/timray2006/hjtrename2.jpg
3. Kirjoita scanner.exe
http://i71.photobucket.com/albums/i125/timray2006/hjtrename3.jpg
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Tänään pyörit ajatuksissa enemmän, kun erehdyin lukemaan palstaa
En saisi, silti toivon että sinä vielä palaat ja otetaan oikeasti selvää, hioituuko särmät ja sulaudummeko yhteen. Vuod224914- 203985
- 272331
- 342134
- 371938
- 151828
En ole koskaan kokenut
Ennen mitään tällaista rakastumista. Tiedän että kaipaan sinua varmaan loppu elämän. Toivottavasti ei tarvitsisi vain ka191547- 121471
Voi ei! Jari Sillanpää heitti keikan Helsingissä - Hämmästyttävä hetki lavalla...
Ex-tangokuningas on parhaillaan konserttikiertueella. Hän esiintyi Savoy teatterissa äitienpäivänä. Sillanpää jakoi kons191185Kerranki asiat oikein
Ilkka ja muut pienpuolueeet...teitte hyvän työn kun valitsitte pätevän henkilön virkaan eikä kepulle passelia!! Jatkakaa101124