Apua,Hujo....

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by mozilla, Jun 28, 2008.

Thread Status:
Not open for further replies.
  1. mozilla

    mozilla Regular member

    Joined:
    Apr 1, 2005
    Messages:
    466
    Likes Received:
    3
    Trophy Points:
    28
    ...tai joku muu mua fiksumpi.Koneen kun avaa niin näytön resoluutio on ääripäässä(640*480),virkistystaajuus 60Hz,mä pidän sitä 75Hz,selaimen ikkunat kohdistuu yli näytön.Asetukset eivät siis tallennu muistiin kun
    koneen sammuttaa tai uudelleenkäynn.Asetukset saa takaisin,mutta se on tehtävä joka kerta kun koneen avaa.Tässä pari lokia,jos niistä olis apua.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:26:29, on 28.6.2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thepiratebay.org/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\utorrent\utorrent.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - Trusted Zone: http://*.download.microsoft.com
    O15 - Trusted Zone: http://*.update.microsoft.com
    O15 - Trusted Zone: http://*.windowsupdate.com
    O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://plugin.driveragent.com/files/driveragent.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by119fd.bay119.hotmail.msn.com/activex/HMAtchmt.ocx
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

    --
    End of file - 5579 bytes
    ----------------------------------------------------------------------

    ComboFix 08-06-20.4 - Mikko 2008-06-28 13:22:57.18 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.616 [GMT 3:00]
    Running from: C:\Documents and Settings\Mikko\Työpöytä\ComboFix.exe
    * Resident AV is active


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-28 to 2008-06-28 )))))))))))))))))
    .

    2008-06-28 10:30 . 2008-06-28 10:30 <KANSIO> d----c--- C:\fsaua.data
    2008-06-28 00:13 . 2008-06-28 00:13 106 --a--c--- C:\delete.bat
    2008-06-27 21:41 . 2008-06-27 21:41 <KANSIO> d-------- C:\Documents and Settings\All Users\Mallit
    2008-06-26 17:56 . 2008-06-15 15:28 81,920 --a------ C:\WINDOWS\system32\IEDFix.C.exe
    2008-06-26 17:56 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-06-26 14:46 . 2008-06-26 15:13 <KANSIO> d----c--- C:\Downloads
    2008-06-25 23:25 . 2008-06-25 23:25 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-06-25 17:17 . 2008-06-25 17:19 <KANSIO> d-------- C:\Program Files\SUPERAntiSpyware
    2008-06-25 17:17 . 2008-06-25 17:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\SUPERAntiSpyware.com
    2008-06-25 13:39 . 2008-06-25 13:39 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-06-23 18:34 . 2008-06-23 18:34 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
    2008-06-23 18:34 . 2008-06-23 18:34 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
    2008-06-16 18:47 . 2008-06-16 18:47 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\WinPatrol
    2008-06-16 18:46 . 2008-06-16 18:46 <KANSIO> d-------- C:\Program Files\BillP Studios
    2008-06-16 16:55 . 2008-06-16 16:55 <KANSIO> d-------- C:\Program Files\MSXML 6.0
    2008-06-16 16:55 . 2008-06-16 16:55 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
    2008-06-16 16:32 . 2008-04-13 21:45 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
    2008-06-16 16:32 . 2008-04-13 21:45 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
    2008-06-16 16:31 . 2008-06-16 16:31 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-06-16 16:31 . 2008-06-16 16:31 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
    2008-06-11 00:45 . 2008-05-08 17:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-06-11 00:44 . 2008-06-14 20:34 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-09 12:42 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
    2008-06-09 12:41 . 2008-06-09 12:41 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
    2008-06-09 12:41 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
    2008-06-09 12:41 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
    2008-06-09 12:41 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
    2008-06-09 12:41 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
    2008-06-09 12:41 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
    2008-06-09 12:41 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
    2008-06-02 11:27 . 2008-06-27 13:00 <KANSIO> d-------- C:\Kaspersky
    2008-05-29 19:26 . 2008-05-29 19:28 <KANSIO> d-------- C:\WINDOWS\system32\autorun
    2008-05-29 19:06 . 2005-12-30 15:02 40,960 --a------ C:\WINDOWS\system32\ImageItEncrypt.exe
    2008-05-29 01:34 . 2008-06-27 15:16 <KANSIO> d--h-c--- C:\$AVG8.VAULT$
    2008-05-28 13:28 . 2008-05-28 13:28 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-05-28 13:28 . 2008-05-28 13:28 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-05-28 13:27 . 2008-06-27 14:38 <KANSIO> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-05-28 13:27 . 2008-05-28 13:27 <KANSIO> d-------- C:\Program Files\AVG
    2008-05-28 13:27 . 2008-05-28 13:27 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-05-28 13:20 . 2008-05-28 13:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avg8

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-28 10:15 --------- d-----w C:\Documents and Settings\Mikko\Application Data\uTorrent
    2008-06-28 09:39 --------- d-----w C:\Documents and Settings\Mikko\Application Data\dvdcss
    2008-06-28 09:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-06-27 21:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
    2008-06-27 18:45 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-06-27 14:14 --------- d-----w C:\Program Files\PokerStars
    2008-06-27 10:20 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-27 07:38 --------- d-----w C:\Documents and Settings\Mikko\Application Data\Vso
    2008-06-26 16:46 --------- d-----w C:\Documents and Settings\Mikko\Application Data\LimeWire
    2008-06-26 16:24 --------- d-----w C:\Program Files\MansionPoker
    2008-06-26 16:21 --------- d-----w C:\Program Files\Full Tilt Poker
    2008-06-26 10:37 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-06-25 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
    2008-06-25 21:15 47,360 ----a-w C:\Documents and Settings\Mikko\Application Data\pcouffin.sys
    2008-06-24 22:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-23 16:47 --------- d-----w C:\Program Files\ffdshow
    2008-06-19 14:48 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-19 14:47 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-16 21:13 --------- d-----w C:\Program Files\Common Files\Ahead
    2008-06-16 13:56 --------- d-----w C:\Program Files\Nokia
    2008-06-14 17:34 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-12 17:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
    2008-06-11 07:39 --------- d-----w C:\Program Files\NetMeter
    2008-06-10 17:27 --------- d-----w C:\Program Files\LimeWire
    2008-05-27 10:06 --------- d-----w C:\Program Files\Common Files\MicroWorld
    2008-05-25 21:39 --------- d-----w C:\Documents and Settings\Mikko\Application Data\FrostWire
    2008-05-25 20:53 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
    2008-05-25 18:20 --------- d-----w C:\Program Files\Evil Player
    2008-05-18 20:48 6,309,305 ----a-w C:\WINDOWS\REGBK01.ZIP
    2008-05-16 06:32 --------- d-----w C:\Documents and Settings\Mikko\Application Data\ImgBurn
    2008-05-15 17:33 --------- d-----w C:\Program Files\Sun
    2008-05-15 17:32 --------- d-----w C:\Program Files\Java
    2008-05-15 17:24 --------- d-----w C:\Program Files\Common Files\Java
    2008-05-14 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-05-09 19:35 6,275,296 ----a-w C:\WINDOWS\REGBK00.ZIP
    2008-05-09 19:00 17,336 ----a-w C:\WINDOWS\winsbak.reg
    2008-05-09 19:00 154,664 ----a-w C:\WINDOWS\winsbak2.reg
    2008-05-09 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
    2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-08 13:24 --------- d-----w C:\Documents and Settings\Mikko\Application Data\AdobeUM
    2008-05-07 10:50 --------- d-----w C:\Documents and Settings\Mikko\Application Data\DVDFab
    2008-05-07 05:12 1,288,704 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-06 21:53 --------- d-----w C:\Documents and Settings\Mikko\Application Data\Ahead
    2008-05-06 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
    2008-05-06 06:01 45,056 ----a-w C:\WINDOWS\system32\WNASPI32.DLL
    2008-05-06 06:01 16,512 ----a-w C:\WINDOWS\system32\drivers\ASPI32.SYS
    2008-04-21 06:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-04-14 16:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
    2008-04-14 16:15 331,264 ----a-w C:\WINDOWS\system32\netsetup.exe
    2008-04-14 16:11 997,888 ----a-w C:\WINDOWS\system32\msgina.dll
    2008-04-14 16:10 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
    2008-04-14 16:09 7,168 ----a-w C:\WINDOWS\system32\f3ahvoas.dll
    2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
    2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
    2008-04-14 16:09 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
    2008-04-14 16:09 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
    2008-04-14 15:49 2,147,840 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-04-14 15:49 2,026,496 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-04-14 15:48 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
    2008-04-14 15:46 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
    2008-04-14 15:45 80,384 ------w C:\WINDOWS\system32\msshavmsg.dll
    2008-04-14 15:44 48,640 ----a-w C:\WINDOWS\system32\inetres.dll
    2008-04-14 15:43 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll
    2008-04-14 15:41 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
    2008-04-14 15:41 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-04-14 15:40 65,536 ----a-w C:\WINDOWS\system32\browselc.dll
    2008-04-14 15:39 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
    2008-04-14 15:38 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
    2008-04-14 06:12 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
    2008-04-14 06:11 992,256 ----a-w C:\WINDOWS\system32\setupapi.dll
    2008-04-14 06:11 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
    2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
    2008-04-13 18:40 440,832 ----a-w C:\WINDOWS\system32\xpob2res.dll
    2008-04-13 18:36 2,921,984 ----a-w C:\WINDOWS\system32\xpsp2res.dll
    2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
    2008-04-13 18:35 186,368 ----a-w C:\WINDOWS\system32\xpsp1res.dll
    2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
    2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
    2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
    2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
    2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
    2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
    2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
    2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
    2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
    2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
    2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
    2007-07-15 17:02 556 ----a-w C:\Documents and Settings\Mikko\Application Data\internaldb8467.dat
    2007-07-15 17:02 374 ----a-w C:\Documents and Settings\Mikko\Application Data\internaldb6334.dat
    2007-07-15 17:02 18,432 ----a-w C:\Documents and Settings\Mikko\Application Data\internaldb41.dat
    2007-06-17 12:36 23 --sha-w C:\WINDOWS\system32\abebcdcb3_r.dll
    2007-05-08 19:02 5 --sha-w C:\WINDOWS\system32\feecfa6_d.dll
    2007-05-08 18:57 5 --sha-w C:\WINDOWS\system32\feecfa6_s.dll
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="C:\Program Files\utorrent\utorrent.exe" [2008-01-30 02:00 219952]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 17:29 7700480]
    "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-04-25 20:31 333120]
    "ClocX"="C:\Program Files\ClocX\ClocX.exe" [2007-07-26 18:43 270336]
    "nwiz"="nwiz.exe" [2006-11-17 17:29 1622016 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-11-17 17:29 86016]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 0 (0x0)
    "NoResolveSearch"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.avis"= ff_acm.acm
    "msacm.ac3filter"= ac3filter.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailScan Dispatcher]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
    "EVEREST AutoStart"=C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
    "Uniblue SpeedUpMyPC"=C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
    "SoundMan"=SOUNDMAN.EXE
    "nwiz"=nwiz.exe /install
    "Acer Empowering Technology Monitor"=C:\WINDOWS\system32\SysMonitor.exe
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    "KingKongCapture"=C:\Program Files\King Kong Software\Capture\KingKongCapture.exe
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\utorrent\\utorrent.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
    "C:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT.EXE"=
    "C:\\Program Files\\B2BPOKER\\JetBetPoker\\jre\\bin\\javaw.exe"=
    "C:\\Program Files\\B2BPOKER\\Club4Aces.com\\jre\\bin\\javaw.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
    "C:\\Kaspersky\\kavupd.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1723:TCP"= 1723:TCP:mad:xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:mad:xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:mad:xpsp2res.dll,-22017

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundRouterRequest"= 1 (0x1)

    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-28 13:27]
    R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 03:00]
    R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-28 13:27]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-28 13:27]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-28 13:28]
    R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 19:12]
    S3 int15.sys;int15.sys;C:\acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    *Newly Created Service* - CATCHME
    .
    'Ajoitetut tehtävät'-kansion sisältö
    "2008-06-28 10:13:32 C:\WINDOWS\Tasks\RegCure Program Check.job"
    - C:\Program Files\RegCure\RegCure.exe
    "2007-12-27 02:45:06 C:\WINDOWS\Tasks\RegCure.job"
    - C:\Program Files\RegCure\RegCure.exe
    "2007-12-24 12:21:16 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    "2008-06-08 08:31:23 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
    - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-28 13:23:45
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-06-28 13:24:22
    ComboFix-quarantined-files.txt 2008-06-28 10:24:07
    ComboFix2.txt 2008-06-28 10:19:41

    Pre-Run: 84,473,364,480 tavua vapaana
    Post-Run: 84,464,185,344 tavua vapaana

    254 --- E O F --- 2008-06-27 21:24:38
     
    mozilla, Jun 28, 2008
    #1
Thread Status:
Not open for further replies.

Share This Page