Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:03:11, on 19.7.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\dla\tfswctrl.exe E:\Program Files\OCZ Technology\Mouse\Amoumain.exe E:\Program Files\D-Tools\daemon.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe E:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\joku joku\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe E:\Program Files\nokia\Nokia PC Suite 7\PCSync2.exe E:\Program Files\Microsoft ActiveSync\Wcescomm.exe E:\PROGRA~1\MICROS~1\rapimgr.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE E:\Program Files\logitech\SetPoint\SetPoint.exe E:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe E:\Program Files\xchat\xchat.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe E:\Program Files\Last.fm\LastFM.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Documents and Settings\joku joku\Työpöytä\hijackthis_v2.0.2\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O1 - Hosts: 212.117.174.125 pelikulma.net O1 - Hosts: 212.117.174.125 http://www.pelikulma.net O1 - Hosts: 212.117.174.125 tiedostot.pelikulma.net O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [WheelMouse] E:\Program Files\OCZ Technology\Mouse\Amoumain.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Window UDP Control Servic] winlogon.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\saija salmela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Nokia.PCSync] "E:\Program Files\nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [Fraps] E:\FRAPS\FRAPS.EXE O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to AMV Converter... - E:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~1\INetRepl.dll O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 10650 bytes
Kyllä täällä yxi pieni pöpö on !!! Ole hyvä ja lataa Combofix yhdestä alla olevista linkeistä: Linkki 1 Linkki 2 Linkki 3 * TÄRKEÄÄ !!! Tallenna ComboFix.exe työpöydällesi * Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa. * Tuplaklikkaa Combofix.exe ja noudata ohjeita. * Osana skannausta Combofix tarkistaa onko palautuskonsoli asennettuna. Nykypäivän haittaohjelmien takia on erittäin suositeltua olla asennettuna palautuskonsoli ennen haittaohjelmien poistoa. Windowsin palautuskonsoli mahdollistaa käynnistyksen erityiseen palautustilaan. Palautuskonsolin kautta voimme auttaa sinua helpommin mikäli haittaohjelmien poiston yhteydessä ilmenee ongelmia. * Seuraa ohjeita ja salli Combofixin ladata ja asentaa Microsoftin palautuskonsoli, ja kun pyydetään, hyväksy ohjelman takuuehdot asentaaksesi palautuskonsolin. **Huomaa: Jos palautuskonsoli on jo asennettuna, Combofix jatkaa eteenpäin. Kun Microsoftin palautuskonsoli on asennettu, sinun pitäisi nähdä seuraava viesti: Klikkaa Kyllä jatkaaksesi skannausta. Kun ComboFix on valmis, se luo raportin. Ole hyvä ja kopioi/liitä seuraavat raportit vastaukseesi: C:\ComboFix.txt Uusi HijackThis-loki Varoitus: ÄLÄ aja ComboFixia ilman valvontaa. Se ei ole lelu ja sitä ei tule käyttää rutiininomaisesti päivittäin. Jos tarvitset apua, katso yksityiskohtaisempi ohje: http://www.bleepingcomputer.com/combofix/fi/combofixin-kayttoohje .
Sen jälkeen, kun ajoin combofixin, comodo lakkasi toimimasta, sillä se laitto kaikkiin kohttin "off", eli comodo ei ole käytössä, enkä saa sitä laitettua päälle´? ComboFix 09-07-14.08 - saija salmela 19.07.2009 16:17.2.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.1407.632 [GMT 3:00] Running from: c:\documents and settings\saija salmela\Työpöytä\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\404Fix.exe c:\windows\system32\drivers\cmdmon.sys c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 ))))))))))))))))))))))))))))))) . 2009-07-18 16:37 . 2009-07-18 17:36 -------- d-----w- c:\documents and settings\saija salmela\Application Data\Hamachi 2009-07-18 16:34 . 2009-07-18 16:34 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2009-07-18 15:15 . 2009-07-18 15:16 -------- d-----w- c:\program files\GCFExplorer 2009-07-18 15:15 . 2009-07-18 15:21 -------- d-----w- c:\program files\CFToolbox 2009-07-17 18:35 . 2008-06-17 12:51 249856 ----a-w- c:\documents and settings\saija salmela\Application Data\Mozilla\Firefox\Profiles\wbkpsvtn.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll 2009-07-17 18:34 . 2008-11-27 00:29 43008 ----a-w- c:\documents and settings\saija salmela\Application Data\Mozilla\Firefox\Profiles\wbkpsvtn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll 2009-07-17 18:34 . 2008-11-27 00:29 43008 ----a-w- c:\documents and settings\saija salmela\Application Data\Mozilla\Firefox\Profiles\wbkpsvtn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-07-17 18:34 . 2008-11-27 00:29 245248 ----a-w- c:\documents and settings\saija salmela\Application Data\Mozilla\Firefox\Profiles\wbkpsvtn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll 2009-07-17 18:34 . 2008-11-27 00:29 243200 ----a-w- c:\documents and settings\saija salmela\Application Data\Mozilla\Firefox\Profiles\wbkpsvtn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll 2009-07-17 18:34 . 2008-11-27 00:29 239616 ----a-w- c:\documents and settings\saija salmela\Application Data\Mozilla\Firefox\Profiles\wbkpsvtn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-07-17 18:34 . 2008-11-27 00:29 233984 ----a-w- c:\documents and settings\saija salmela\Application Data\Mozilla\Firefox\Profiles\wbkpsvtn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-07-17 18:34 . 2008-06-14 20:06 794624 ----a-w- c:\documents and settings\saija salmela\Application Data\Mozilla\Firefox\Profiles\wbkpsvtn.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07103010.dll 2009-07-17 18:25 . 2009-07-17 18:25 -------- d-----w- c:\documents and settings\saija salmela\Local Settings\Application Data\Temp 2009-07-03 10:14 . 2007-07-19 15:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll 2009-07-03 10:14 . 2007-07-19 15:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll 2009-07-03 10:14 . 2007-07-19 15:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll 2009-07-03 10:14 . 2007-05-16 13:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll 2009-07-03 10:14 . 2007-05-16 13:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll 2009-07-03 10:14 . 2007-05-16 13:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll 2009-07-03 10:13 . 2007-04-04 15:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll 2009-07-02 11:57 . 2009-07-02 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems 2009-07-02 11:50 . 2009-07-02 11:50 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared 2009-06-29 21:11 . 2009-06-29 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound 2009-06-29 21:11 . 2009-06-29 21:11 -------- d-----w- c:\program files\NCH Software 2009-06-29 21:11 . 2009-06-29 21:11 -------- d-----w- c:\program files\NCH Swift Sound 2009-06-29 21:11 . 2009-06-29 21:11 -------- d-----w- c:\documents and settings\saija salmela\Application Data\NCH Swift Sound 2009-06-26 16:41 . 2009-06-26 16:41 -------- d-----w- c:\windows\.jagex_cache_32 2009-06-23 11:51 . 2009-06-23 11:51 232075 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_3125.exe 2009-06-23 11:51 . 2009-06-23 11:51 -------- d-----w- c:\program files\Burn4Free Toolbar 2009-06-23 11:49 . 2009-06-23 11:51 -------- d-----w- c:\program files\Burn4Free 2009-06-22 13:16 . 2009-07-18 22:28 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe 2009-06-22 13:16 . 2009-07-18 22:28 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll 2009-06-22 13:16 . 2009-07-18 22:28 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll 2009-06-22 13:16 . 2009-07-18 22:28 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll 2009-06-22 13:15 . 2009-07-18 22:28 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll 2009-06-22 13:15 . 2009-07-18 22:28 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll 2009-06-22 13:14 . 2009-07-18 22:27 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe 2009-06-22 13:14 . 2009-07-18 22:27 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll 2009-06-22 13:13 . 2009-07-18 22:27 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe 2009-06-22 13:13 . 2009-07-18 22:27 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe 2009-06-22 13:13 . 2009-07-18 22:27 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe 2009-06-22 13:12 . 2009-07-18 22:27 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe 2009-06-22 13:12 . 2009-07-18 22:27 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe 2009-06-22 13:12 . 2009-07-18 22:27 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-19 13:28 . 2008-03-24 12:56 -------- d-----w- c:\documents and settings\saija salmela\Application Data\uTorrent 2009-07-19 13:28 . 2008-09-28 13:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-19 13:26 . 2008-03-24 11:26 -------- d-----w- c:\documents and settings\saija salmela\Application Data\X-Chat 2 2009-07-18 22:28 . 2009-06-01 13:18 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll 2009-07-18 22:28 . 2009-06-01 13:18 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll 2009-07-18 22:27 . 2009-06-01 13:18 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll 2009-07-17 20:44 . 2009-03-22 17:49 -------- d-----w- c:\documents and settings\saija salmela\Application Data\DC++ 2009-07-16 08:19 . 2008-03-24 11:26 -------- d-----w- c:\program files\xchat 2009-07-14 09:07 . 2008-05-01 18:37 -------- d-----w- c:\documents and settings\saija salmela\Application Data\PC Suite 2009-07-10 15:39 . 2008-10-07 16:29 -------- d-----w- c:\documents and settings\saija salmela\Application Data\Temporary 2009-07-09 13:06 . 2004-09-24 08:30 79164 ----a-w- c:\windows\system32\perfc00B.dat 2009-07-09 13:06 . 2004-09-24 08:30 385448 ----a-w- c:\windows\system32\perfh00B.dat 2009-07-02 15:20 . 2008-03-24 07:31 75504 ----a-w- c:\documents and settings\saija salmela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-02 11:51 . 2008-03-31 13:40 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-21 17:55 . 2008-05-25 13:19 -------- d-----w- c:\documents and settings\saija salmela\Application Data\foobar2000 2009-06-18 18:53 . 2008-10-01 16:32 -------- d-----w- c:\program files\Nokia 2009-06-18 18:44 . 2009-06-18 18:44 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe 2009-06-18 18:44 . 2009-06-18 18:44 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe 2009-06-18 18:44 . 2009-06-18 18:44 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-06-18 18:44 . 2009-06-18 18:44 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe 2009-06-18 18:44 . 2008-05-01 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations 2009-06-18 18:44 . 2009-06-18 18:45 33850384 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_fin.exe 2009-06-18 10:48 . 2009-06-18 10:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-06-18 10:48 . 2009-06-18 10:48 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-06-18 10:40 . 2008-10-01 16:28 -------- d-----w- c:\program files\Common Files\Nokia 2009-06-18 10:39 . 2009-06-18 10:39 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe 2009-06-18 10:39 . 2009-06-18 10:39 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe 2009-06-18 10:39 . 2009-06-18 10:39 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe 2009-06-18 10:38 . 2009-06-18 10:39 24392696 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_fi.exe 2009-06-16 14:39 . 2004-09-24 08:30 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:39 . 2004-09-24 08:29 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-11 20:34 . 2008-04-26 18:41 -------- d-----w- c:\documents and settings\saija salmela\Application Data\FileZilla 2009-06-04 13:45 . 2009-02-28 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM 2009-06-03 19:10 . 2004-09-24 08:30 1291776 ----a-w- c:\windows\system32\quartz.dll 2009-06-01 13:18 . 2009-06-01 13:18 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe 2009-06-01 13:18 . 2009-02-16 14:21 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-05-31 11:06 . 2009-05-31 11:06 -------- d-----w- c:\program files\Common Files\Borland Shared 2009-05-29 12:31 . 2009-05-29 12:31 766 ----a-r- c:\documents and settings\saija salmela\Application Data\Microsoft\Installer\{69FDD4EA-9D68-11D5-8A28-005004D37F93}\CopyofHelp.exe 2009-05-29 12:31 . 2009-05-29 12:31 766 ----a-r- c:\documents and settings\saija salmela\Application Data\Microsoft\Installer\{69FDD4EA-9D68-11D5-8A28-005004D37F93}\Copy(2)ofweb.exe 2009-05-29 12:31 . 2009-05-29 12:31 2238 ----a-r- c:\documents and settings\saija salmela\Application Data\Microsoft\Installer\{69FDD4EA-9D68-11D5-8A28-005004D37F93}\wolf3D.exe 2009-05-23 20:36 . 2008-05-01 18:37 -------- d-----w- c:\documents and settings\saija salmela\Application Data\Nokia 2009-05-20 16:54 . 2008-03-24 11:42 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-07 15:33 . 2004-09-24 08:29 346624 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:34 . 2004-09-24 08:30 666624 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:34 . 2004-09-24 08:29 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-04-27 13:13 . 2009-04-27 13:13 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys 2009-04-27 13:13 . 2009-02-16 14:11 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-04-23 14:24 . 2009-05-14 16:32 16640 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys 2009-07-15 22:26 . 2008-06-17 18:56 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-02-12 270128] "Google Update"="c:\documents and settings\saija salmela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] "Nokia.PCSync"="e:\program files\nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "Steam"="e:\program files\steam\steam.exe" [2009-06-11 1217784] "H/PC Connection Agent"="e:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "Fraps"="e:\fraps\FRAPS.EXE" [2008-10-02 3309224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] "COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2008-03-24 1115728] "CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-06 90112] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-24 122939] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592] "WheelMouse"="e:\program files\OCZ Technology\Mouse\Amoumain.exe" [2006-12-28 196608] "DAEMON Tools-1033"="e:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-18 520024] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152] "SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-08-23 2879488] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-08-23 16049664] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] "Window UDP Control Servic"="winlogon.exe" - c:\windows\system32\winlogon.exe [2008-04-14 508416] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\saija salmela\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Logitech SetPoint.lnk - e:\program files\logitech\SetPoint\SetPoint.exe [2008-8-13 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-01 23:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "e:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"= "e:\\Program Files\\xchat\\xchat.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16.2.2009 17:11 64160] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 9:21 33800] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 9:21 468224] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [10.3.2009 21:25 55152] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [19.1.2009 0:34 1029456] R3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys [30.5.2008 13:38 31899] R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [14.5.2009 19:32 16640] S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [24.9.2004 11:30 3584] S3 fsssvc;Windows Live -perheturva;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 19:08 533360] S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [20.3.2007 13:33 28672] . Contents of the 'Scheduled Tasks' folder 2009-07-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 22:27] 2009-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2814906919-585620830-1196769210-1005Core.job - c:\documents and settings\saija salmela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:16] 2009-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2814906919-585620830-1196769210-1005UA.job - c:\documents and settings\saija salmela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:16] . . ------- Supplementary Scan ------- . IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html IE: Add to AMV Converter... - e:\program files\MP3 Player Utilities 4.09\AMVConverter\grab.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html FF - ProfilePath - c:\documents and settings\saija salmela\Application Data\Mozilla\Firefox\Profiles\wbkpsvtn.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Kaannos.com (Fi-En) FF - plugin: c:\documents and settings\saija salmela\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: e:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll FF - plugin: e:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF - plugin: e:\program files\Java\jre6\bin\new_plugin\npjp2.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-19 16:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2814906919-585620830-1196769210-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E35DCE9C-16C5-C02F-D74A-8F8335E1269B}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "ianlhgdjdfppbhejae"=hex:69,61,6e,6b,62,6f,6e,65,67,68,68,64,65,62,6e,6c,62,68, 00,00 "hahljefhpojddnfm"=hex:6a,61,65,6c,61,6c,6b,6a,70,69,69,6a,63,66,65,6d,6c,69, 62,62,00,00 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\�•€|ÿÿÿÿ"•€|þ»Ów*] "b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(3868) e:\program files\logitech\SetPoint\lgscroll.dll c:\progra~1\WINDOW~2\wmpband.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Comodo\Firewall\cmdagent.exe c:\program files\Canon\IJPLM\ijplmsvc.exe e:\program files\Java\jre6\bin\jqs.exe c:\program files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe c:\program files\ATI Technologies\ATI.ACE\CLI.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\wdfmgr.exe c:\documents and settings\saija salmela\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe e:\progra~1\MICROS~1\rapimgr.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe c:\windows\system32\wscntfy.exe c:\program files\ATI Technologies\ATI.ACE\CLI.exe c:\program files\ATI Technologies\ATI.ACE\CLI.exe . ************************************************************************** . Completion time: 2009-07-19 16:38 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-19 13:37 ComboFix2.txt 2008-08-27 14:03 Pre-Run: 9 294 311 424 tavua vapaana Post-Run: 10 077 188 096 tavua vapaana 327 --- E O F --- 2009-07-16 08:03 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:42:01, on 19.7.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE E:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE E:\Program Files\D-Tools\daemon.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe E:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Messenger\msmsgs.exe E:\Program Files\nokia\Nokia PC Suite 7\PCSync2.exe C:\Documents and Settings\saija salmela\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe E:\Program Files\Microsoft ActiveSync\Wcescomm.exe E:\Program Files\logitech\SetPoint\SetPoint.exe E:\PROGRA~1\MICROS~1\rapimgr.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [WheelMouse] E:\Program Files\OCZ Technology\Mouse\Amoumain.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Window UDP Control Servic] winlogon.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\saija salmela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Nokia.PCSync] "E:\Program Files\nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [Fraps] E:\FRAPS\FRAPS.EXE O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to AMV Converter... - E:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~1\INetRepl.dll O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9908 bytes
Combon ohjeissa lukee => Code: * Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa. Combon logissa lukee => Code: FW: COMODO Firewall Pro *enabled* Lähettämässäsi HJT logissa ovat virusohjelmat edelleen käynissä => O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background Haloo !!! Osaatko lukea ??? ------------------------------------------------------ Osa viruksista lähti osa jäi koneelle. .