HJT-logi, kone ja netti toimii hiiitaasti

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by D00mer, Jul 18, 2009.

  1. D00mer

    D00mer Regular member

    Joined:
    Jul 5, 2007
    Messages:
    168
    Likes Received:
    0
    Trophy Points:
    26
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:03:11, on 19.7.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    E:\Program Files\OCZ Technology\Mouse\Amoumain.exe
    E:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    E:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\joku joku\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
    E:\Program Files\nokia\Nokia PC Suite 7\PCSync2.exe
    E:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    E:\PROGRA~1\MICROS~1\rapimgr.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    E:\Program Files\logitech\SetPoint\SetPoint.exe
    E:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    E:\Program Files\xchat\xchat.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Winamp\winamp.exe
    E:\Program Files\Last.fm\LastFM.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Documents and Settings\joku joku\Työpöytä\hijackthis_v2.0.2\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O1 - Hosts: 212.117.174.125 pelikulma.net
    O1 - Hosts: 212.117.174.125 http://www.pelikulma.net
    O1 - Hosts: 212.117.174.125 tiedostot.pelikulma.net
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [WheelMouse] E:\Program Files\OCZ Technology\Mouse\Amoumain.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Window UDP Control Servic] winlogon.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\saija salmela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Nokia.PCSync] "E:\Program Files\nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [Fraps] E:\FRAPS\FRAPS.EXE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
    O8 - Extra context menu item: Add to AMV Converter... - E:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
    O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
    O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 10650 bytes
     
  2. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    Kyllä täällä yxi pieni pöpö on !!!

    Ole hyvä ja lataa Combofix yhdestä alla olevista linkeistä:

    Linkki 1
    Linkki 2
    Linkki 3

    * TÄRKEÄÄ !!! Tallenna ComboFix.exe työpöydällesi

    * Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa.

    * Tuplaklikkaa Combofix.exe ja noudata ohjeita.

    * Osana skannausta Combofix tarkistaa onko palautuskonsoli asennettuna. Nykypäivän haittaohjelmien takia on erittäin suositeltua olla asennettuna palautuskonsoli ennen haittaohjelmien poistoa. Windowsin palautuskonsoli mahdollistaa käynnistyksen erityiseen palautustilaan. Palautuskonsolin kautta voimme auttaa sinua helpommin mikäli haittaohjelmien poiston yhteydessä ilmenee ongelmia.

    * Seuraa ohjeita ja salli Combofixin ladata ja asentaa Microsoftin palautuskonsoli, ja kun pyydetään, hyväksy ohjelman takuuehdot asentaaksesi palautuskonsolin.

    **Huomaa: Jos palautuskonsoli on jo asennettuna, Combofix jatkaa eteenpäin.

    [​IMG]

    Kun Microsoftin palautuskonsoli on asennettu, sinun pitäisi nähdä seuraava viesti:

    [​IMG]

    Klikkaa Kyllä jatkaaksesi skannausta.

    Kun ComboFix on valmis, se luo raportin. Ole hyvä ja kopioi/liitä seuraavat raportit vastaukseesi:
    C:\ComboFix.txt
    Uusi HijackThis-loki



    Varoitus: ÄLÄ aja ComboFixia ilman valvontaa. Se ei ole lelu ja sitä ei tule käyttää rutiininomaisesti päivittäin.

    Jos tarvitset apua, katso yksityiskohtaisempi ohje:
    http://www.bleepingcomputer.com/combofix/fi/combofixin-kayttoohje

    .
     
  3. D00mer

    D00mer Regular member

    Joined:
    Jul 5, 2007
    Messages:
    168
    Likes Received:
    0
    Trophy Points:
    26
    Sen jälkeen, kun ajoin combofixin, comodo lakkasi toimimasta, sillä se laitto kaikkiin kohttin "off", eli comodo ei ole käytössä, enkä saa sitä laitettua päälle´?

    ComboFix 09-07-14.08 - saija salmela 19.07.2009 16:17.2.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.1407.632 [GMT 3:00]
    Running from: c:\documents and settings\saija salmela\Työpöytä\ComboFix.exe
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\404Fix.exe
    c:\windows\system32\drivers\cmdmon.sys
    c:\windows\system32\dumphive.exe
    c:\windows\system32\IEDFix.C.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\Process.exe
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe

    .
    ((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
    .

    2009-07-18 16:37 . 2009-07-18 17:36 -------- d-----w- c:\documents and settings\saija salmela\Application Data\Hamachi
    2009-07-18 16:34 . 2009-07-18 16:34 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
    2009-07-18 15:15 . 2009-07-18 15:16 -------- d-----w- c:\program files\GCFExplorer
    2009-07-18 15:15 . 2009-07-18 15:21 -------- d-----w- c:\program files\CFToolbox
    2009-07-17 18:35 . 2008-06-17 12:51 249856 ----a-w- c:\documents and settings\saija salmela\Application Data\Mozilla\Firefox\Profiles\wbkpsvtn.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
    2009-07-17 18:34 . 2008-11-27 00:29 43008 ----a-w- c:\documents and settings\saija salmela\Application Data\Mozilla\Firefox\Profiles\wbkpsvtn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
    2009-07-17 18:34 . 2008-11-27 00:29 43008 ----a-w- c:\documents and settings\saija salmela\Application Data\Mozilla\Firefox\Profiles\wbkpsvtn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2009-07-17 18:34 . 2008-11-27 00:29 245248 ----a-w- c:\documents and settings\saija salmela\Application Data\Mozilla\Firefox\Profiles\wbkpsvtn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
    2009-07-17 18:34 . 2008-11-27 00:29 243200 ----a-w- c:\documents and settings\saija salmela\Application Data\Mozilla\Firefox\Profiles\wbkpsvtn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
    2009-07-17 18:34 . 2008-11-27 00:29 239616 ----a-w- c:\documents and settings\saija salmela\Application Data\Mozilla\Firefox\Profiles\wbkpsvtn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2009-07-17 18:34 . 2008-11-27 00:29 233984 ----a-w- c:\documents and settings\saija salmela\Application Data\Mozilla\Firefox\Profiles\wbkpsvtn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2009-07-17 18:34 . 2008-06-14 20:06 794624 ----a-w- c:\documents and settings\saija salmela\Application Data\Mozilla\Firefox\Profiles\wbkpsvtn.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07103010.dll
    2009-07-17 18:25 . 2009-07-17 18:25 -------- d-----w- c:\documents and settings\saija salmela\Local Settings\Application Data\Temp
    2009-07-03 10:14 . 2007-07-19 15:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
    2009-07-03 10:14 . 2007-07-19 15:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
    2009-07-03 10:14 . 2007-07-19 15:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
    2009-07-03 10:14 . 2007-05-16 13:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
    2009-07-03 10:14 . 2007-05-16 13:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
    2009-07-03 10:14 . 2007-05-16 13:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
    2009-07-03 10:13 . 2007-04-04 15:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
    2009-07-02 11:57 . 2009-07-02 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
    2009-07-02 11:50 . 2009-07-02 11:50 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
    2009-06-29 21:11 . 2009-06-29 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
    2009-06-29 21:11 . 2009-06-29 21:11 -------- d-----w- c:\program files\NCH Software
    2009-06-29 21:11 . 2009-06-29 21:11 -------- d-----w- c:\program files\NCH Swift Sound
    2009-06-29 21:11 . 2009-06-29 21:11 -------- d-----w- c:\documents and settings\saija salmela\Application Data\NCH Swift Sound
    2009-06-26 16:41 . 2009-06-26 16:41 -------- d-----w- c:\windows\.jagex_cache_32
    2009-06-23 11:51 . 2009-06-23 11:51 232075 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_3125.exe
    2009-06-23 11:51 . 2009-06-23 11:51 -------- d-----w- c:\program files\Burn4Free Toolbar
    2009-06-23 11:49 . 2009-06-23 11:51 -------- d-----w- c:\program files\Burn4Free
    2009-06-22 13:16 . 2009-07-18 22:28 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
    2009-06-22 13:16 . 2009-07-18 22:28 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll
    2009-06-22 13:16 . 2009-07-18 22:28 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
    2009-06-22 13:16 . 2009-07-18 22:28 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
    2009-06-22 13:15 . 2009-07-18 22:28 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
    2009-06-22 13:15 . 2009-07-18 22:28 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
    2009-06-22 13:14 . 2009-07-18 22:27 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
    2009-06-22 13:14 . 2009-07-18 22:27 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
    2009-06-22 13:13 . 2009-07-18 22:27 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
    2009-06-22 13:13 . 2009-07-18 22:27 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
    2009-06-22 13:13 . 2009-07-18 22:27 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
    2009-06-22 13:12 . 2009-07-18 22:27 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
    2009-06-22 13:12 . 2009-07-18 22:27 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
    2009-06-22 13:12 . 2009-07-18 22:27 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-19 13:28 . 2008-03-24 12:56 -------- d-----w- c:\documents and settings\saija salmela\Application Data\uTorrent
    2009-07-19 13:28 . 2008-09-28 13:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-07-19 13:26 . 2008-03-24 11:26 -------- d-----w- c:\documents and settings\saija salmela\Application Data\X-Chat 2
    2009-07-18 22:28 . 2009-06-01 13:18 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
    2009-07-18 22:28 . 2009-06-01 13:18 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
    2009-07-18 22:27 . 2009-06-01 13:18 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
    2009-07-17 20:44 . 2009-03-22 17:49 -------- d-----w- c:\documents and settings\saija salmela\Application Data\DC++
    2009-07-16 08:19 . 2008-03-24 11:26 -------- d-----w- c:\program files\xchat
    2009-07-14 09:07 . 2008-05-01 18:37 -------- d-----w- c:\documents and settings\saija salmela\Application Data\PC Suite
    2009-07-10 15:39 . 2008-10-07 16:29 -------- d-----w- c:\documents and settings\saija salmela\Application Data\Temporary
    2009-07-09 13:06 . 2004-09-24 08:30 79164 ----a-w- c:\windows\system32\perfc00B.dat
    2009-07-09 13:06 . 2004-09-24 08:30 385448 ----a-w- c:\windows\system32\perfh00B.dat
    2009-07-02 15:20 . 2008-03-24 07:31 75504 ----a-w- c:\documents and settings\saija salmela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-07-02 11:51 . 2008-03-31 13:40 -------- d-----w- c:\program files\Common Files\Adobe
    2009-06-21 17:55 . 2008-05-25 13:19 -------- d-----w- c:\documents and settings\saija salmela\Application Data\foobar2000
    2009-06-18 18:53 . 2008-10-01 16:32 -------- d-----w- c:\program files\Nokia
    2009-06-18 18:44 . 2009-06-18 18:44 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe
    2009-06-18 18:44 . 2009-06-18 18:44 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe
    2009-06-18 18:44 . 2009-06-18 18:44 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
    2009-06-18 18:44 . 2009-06-18 18:44 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe
    2009-06-18 18:44 . 2008-05-01 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
    2009-06-18 18:44 . 2009-06-18 18:45 33850384 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_fin.exe
    2009-06-18 10:48 . 2009-06-18 10:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
    2009-06-18 10:48 . 2009-06-18 10:48 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
    2009-06-18 10:40 . 2008-10-01 16:28 -------- d-----w- c:\program files\Common Files\Nokia
    2009-06-18 10:39 . 2009-06-18 10:39 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe
    2009-06-18 10:39 . 2009-06-18 10:39 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe
    2009-06-18 10:39 . 2009-06-18 10:39 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe
    2009-06-18 10:38 . 2009-06-18 10:39 24392696 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_fi.exe
    2009-06-16 14:39 . 2004-09-24 08:30 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-16 14:39 . 2004-09-24 08:29 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-11 20:34 . 2008-04-26 18:41 -------- d-----w- c:\documents and settings\saija salmela\Application Data\FileZilla
    2009-06-04 13:45 . 2009-02-28 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
    2009-06-03 19:10 . 2004-09-24 08:30 1291776 ----a-w- c:\windows\system32\quartz.dll
    2009-06-01 13:18 . 2009-06-01 13:18 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
    2009-06-01 13:18 . 2009-02-16 14:21 15688 ----a-w- c:\windows\system32\lsdelete.exe
    2009-05-31 11:06 . 2009-05-31 11:06 -------- d-----w- c:\program files\Common Files\Borland Shared
    2009-05-29 12:31 . 2009-05-29 12:31 766 ----a-r- c:\documents and settings\saija salmela\Application Data\Microsoft\Installer\{69FDD4EA-9D68-11D5-8A28-005004D37F93}\CopyofHelp.exe
    2009-05-29 12:31 . 2009-05-29 12:31 766 ----a-r- c:\documents and settings\saija salmela\Application Data\Microsoft\Installer\{69FDD4EA-9D68-11D5-8A28-005004D37F93}\Copy(2)ofweb.exe
    2009-05-29 12:31 . 2009-05-29 12:31 2238 ----a-r- c:\documents and settings\saija salmela\Application Data\Microsoft\Installer\{69FDD4EA-9D68-11D5-8A28-005004D37F93}\wolf3D.exe
    2009-05-23 20:36 . 2008-05-01 18:37 -------- d-----w- c:\documents and settings\saija salmela\Application Data\Nokia
    2009-05-20 16:54 . 2008-03-24 11:42 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-05-07 15:33 . 2004-09-24 08:29 346624 ----a-w- c:\windows\system32\localspl.dll
    2009-04-29 04:34 . 2004-09-24 08:30 666624 ----a-w- c:\windows\system32\wininet.dll
    2009-04-29 04:34 . 2004-09-24 08:29 81920 ----a-w- c:\windows\system32\ieencode.dll
    2009-04-27 13:13 . 2009-04-27 13:13 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
    2009-04-27 13:13 . 2009-02-16 14:11 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-04-23 14:24 . 2009-05-14 16:32 16640 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
    2009-07-15 22:26 . 2008-06-17 18:56 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-02-12 270128]
    "Google Update"="c:\documents and settings\saija salmela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
    "Nokia.PCSync"="e:\program files\nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
    "Steam"="e:\program files\steam\steam.exe" [2009-06-11 1217784]
    "H/PC Connection Agent"="e:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
    "Fraps"="e:\fraps\FRAPS.EXE" [2008-10-02 3309224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
    "COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2008-03-24 1115728]
    "CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-06 90112]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-24 122939]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
    "WheelMouse"="e:\program files\OCZ Technology\Mouse\Amoumain.exe" [2006-12-28 196608]
    "DAEMON Tools-1033"="e:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-18 520024]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
    "SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-08-23 2879488]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-08-23 16049664]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
    "Window UDP Control Servic"="winlogon.exe" - c:\windows\system32\winlogon.exe [2008-04-14 508416]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\saija salmela\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

    c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    Logitech SetPoint.lnk - e:\program files\logitech\SetPoint\SetPoint.exe [2008-8-13 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-01 23:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "e:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
    "e:\\Program Files\\xchat\\xchat.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16.2.2009 17:11 64160]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 9:21 33800]
    R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 9:21 468224]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [10.3.2009 21:25 55152]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [19.1.2009 0:34 1029456]
    R3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys [30.5.2008 13:38 31899]
    R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [14.5.2009 19:32 16640]
    S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [24.9.2004 11:30 3584]
    S3 fsssvc;Windows Live -perheturva;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 19:08 533360]
    S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [20.3.2007 13:33 28672]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-07-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 22:27]

    2009-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2814906919-585620830-1196769210-1005Core.job
    - c:\documents and settings\saija salmela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:16]

    2009-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2814906919-585620830-1196769210-1005UA.job
    - c:\documents and settings\saija salmela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:16]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
    IE: Add to AMV Converter... - e:\program files\MP3 Player Utilities 4.09\AMVConverter\grab.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
    FF - ProfilePath - c:\documents and settings\saija salmela\Application Data\Mozilla\Firefox\Profiles\wbkpsvtn.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Kaannos.com (Fi-En)
    FF - plugin: c:\documents and settings\saija salmela\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: e:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
    FF - plugin: e:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
    FF - plugin: e:\program files\Java\jre6\bin\new_plugin\npjp2.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-19 16:29
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2814906919-585620830-1196769210-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E35DCE9C-16C5-C02F-D74A-8F8335E1269B}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "ianlhgdjdfppbhejae"=hex:69,61,6e,6b,62,6f,6e,65,67,68,68,64,65,62,6e,6c,62,68,
    00,00
    "hahljefhpojddnfm"=hex:6a,61,65,6c,61,6c,6b,6a,70,69,69,6a,63,66,65,6d,6c,69,
    62,62,00,00

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\�•€|ÿÿÿÿ"•€|þ»Ów*]
    "b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(660)
    c:\windows\system32\Ati2evxx.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll

    - - - - - - - > 'explorer.exe'(3868)
    e:\program files\logitech\SetPoint\lgscroll.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Comodo\Firewall\cmdagent.exe
    c:\program files\Canon\IJPLM\ijplmsvc.exe
    e:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
    c:\program files\ATI Technologies\ATI.ACE\CLI.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\system32\wdfmgr.exe
    c:\documents and settings\saija salmela\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
    e:\progra~1\MICROS~1\rapimgr.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\PC Connectivity Solution\ServiceLayer.exe
    c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
    c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\ATI Technologies\ATI.ACE\CLI.exe
    c:\program files\ATI Technologies\ATI.ACE\CLI.exe
    .
    **************************************************************************
    .
    Completion time: 2009-07-19 16:38 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-07-19 13:37
    ComboFix2.txt 2008-08-27 14:03

    Pre-Run: 9 294 311 424 tavua vapaana
    Post-Run: 10 077 188 096 tavua vapaana

    327 --- E O F --- 2009-07-16 08:03

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:42:01, on 19.7.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    E:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    E:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    E:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Messenger\msmsgs.exe
    E:\Program Files\nokia\Nokia PC Suite 7\PCSync2.exe
    C:\Documents and Settings\saija salmela\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
    E:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    E:\Program Files\logitech\SetPoint\SetPoint.exe
    E:\PROGRA~1\MICROS~1\rapimgr.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [WheelMouse] E:\Program Files\OCZ Technology\Mouse\Amoumain.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Window UDP Control Servic] winlogon.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\saija salmela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Nokia.PCSync] "E:\Program Files\nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [Fraps] E:\FRAPS\FRAPS.EXE
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
    O8 - Extra context menu item: Add to AMV Converter... - E:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
    O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
    O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 9908 bytes

     
  4. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    Combon ohjeissa lukee =>
    Code:
    * Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa. 
    
    Combon logissa lukee =>
    Code:
    FW: COMODO Firewall Pro *enabled*
    Lähettämässäsi HJT logissa ovat virusohjelmat edelleen käynissä =>
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

    Haloo !!!
    Osaatko lukea ???

    ------------------------------------------------------

    Osa viruksista lähti
    osa jäi koneelle.
    .
     

Share This Page