hjt-logi(voisko joku katsoa !?yritetty tehdä parannus muutoksia

toope92 · Dec 30, 2007

lisäksi toinen ongelma oi tämmönemicrosoft visual c++ runtime libraryrogram:c\prog... r6034 an application has made an attemt to load the c runtime library incorrectly.please contact the application´s support team for more information)tommosta ponnahtaa ruutuun kun yrittää käynnistää photoshop lightroomia

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:54:05, on 30.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\AresGalaxySuperSpeed\Ares Galaxy Super Speed.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 217.212.252.71 c5.zedo.com
O1 - Hosts: 64.4.51.250 by107fd.bay107.hotmail.msn.com
O1 - Hosts: 213.199.164.14 fi.msn.com
O1 - Hosts: 217.212.252.73 search.msn.fi
O1 - Hosts: 209.62.87.157 www.download.fi
O1 - Hosts: 87.253.139.152 www.wixawin.com
O1 - Hosts: 66.135.49.31 www.bestdietforme.com
O1 - Hosts: 217.30.180.85 www.mozilla.fi
O1 - Hosts: 212.226.93.89 irc-galleria.net
O1 - Hosts: 87.117.252.11 harddriveguard.com
O1 - Hosts: 207.46.250.101 go.microsoft.com
O1 - Hosts: 4.23.41.124 runonce.msn.com
O1 - Hosts: 207.46.30.24 www.live.com
O1 - Hosts: 217.212.252.80 search.live.com
O1 - Hosts: 213.157.88.65 www.missmix.fi
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1188490228609
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1191587919046
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 12838 bytes

Hujo · Dec 31, 2007

Lataa SDFix by AndyManchesta
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
• Käynnistä tietokone
• Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
• Seuraavaksi pitäisi ilmestyä valikko
• Valitse valikosta vikasietotila.
• Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
• Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
• Paina Y käynnistääksesi skriptin.
• Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
• Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
• Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
• Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
• Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
• Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.

=================

1.Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

toope92 · Jan 1, 2008

tohon on varmaa tullu virhe koska kun painan Y-nappia ei tapahdu mitää

Hujo · Jan 1, 2008

paina enter sen jälkeen

toope92 · Jan 3, 2008

ComboFix 08-01-03.3 - HP_Administrator 2008-01-03 14:18:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.303 [GMT 2:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix(2).exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\install.exe
C:\WINDOWS\asks~1
C:\WINDOWS\Casino.ico
C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1
C:\WINDOWS\crosof~1\??crosoft\
C:\WINDOWS\curity~1
C:\WINDOWS\dobe~1
C:\WINDOWS\dobe~1\?dobe\
C:\WINDOWS\dobe~2
C:\WINDOWS\icroso~1.net
C:\WINDOWS\mantec~1
C:\WINDOWS\msnimport.exe
C:\WINDOWS\scurit~1
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\stem~1
C:\WINDOWS\wnsxs~1
C:\WINDOWS\ymante~1
C:\WINDOWS\ystem~1
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.

2008-01-03 14:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 13:57 . 2008-01-03 13:57 <KANSIO> d-------- C:\Program Files\MSN Toolbar
2008-01-03 01:34 . 2008-01-03 01:34 <KANSIO> d-------- C:\WINDOWS\LastGood
2008-01-03 01:34 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-03 01:34 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-03 00:17 . 2008-01-03 00:26 <KANSIO> d-------- C:\Program Files\RegistryFix
2008-01-03 00:14 . 2008-01-03 00:14 <KANSIO> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-01-03 00:14 . 2008-01-03 00:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-03 00:14 . 2008-01-03 00:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-03 00:09 . 2004-03-18 18:36 401,484 --a------ C:\WINDOWS\system32\msvcrtd.dll
2008-01-03 00:09 . 2006-01-19 09:31 1,225 --a------ C:\WINDOWS\system32\readme.htm
2008-01-02 23:56 . 2006-07-18 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-01-02 23:54 . 2008-01-02 23:54 <KANSIO> d-------- C:\Program Files\Common Files\Application
2008-01-02 23:53 . 2008-01-02 23:54 <KANSIO> d-------- C:\Program Files\SPYWAREfighter
2008-01-02 14:05 . 2008-01-02 14:05 <KANSIO> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nokia
2008-01-02 14:01 . 2008-01-02 14:01 <KANSIO> d-------- C:\Documents and Settings\HP_Administrator\Application Data\PC Suite
2008-01-02 14:00 . 2008-01-03 00:12 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-02 14:00 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-01-02 14:00 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-01-02 14:00 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-01-02 14:00 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-01-02 14:00 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-01-02 13:47 . 2008-01-02 13:47 <KANSIO> d-------- C:\Program Files\SymNetDrv
2008-01-02 13:09 . 2005-05-06 22:00 140,288 --a------ C:\WINDOWS\system32\CNMLM7I.DLL
2008-01-02 13:09 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-02 13:09 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-02 13:09 . 2005-05-06 22:00 8,704 --a------ C:\WINDOWS\system32\CNMVS7I.DLL
2008-01-02 13:07 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-02 13:07 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-02 07:46 . 2008-01-01 23:02 <KANSIO> d-a------ C:\WINDOWS\I386
2008-01-02 07:31 . 2008-01-02 23:55 <KANSIO> dr-hs---- C:\WINDOWS\system32\dllcache
2008-01-02 00:49 . 2007-10-11 01:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-02 00:49 . 2007-07-01 05:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-02 00:49 . 2007-07-01 05:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-02 00:49 . 2007-10-11 01:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-02 00:49 . 2007-10-11 01:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-02 00:49 . 2007-10-11 01:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-02 00:49 . 2007-10-11 01:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-02 00:49 . 2007-10-11 01:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-02 00:49 . 2007-10-10 12:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-02 00:37 . 2008-01-02 00:37 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-01-02 00:33 . 2008-01-02 00:33 8,704 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-01-02 00:32 . 2008-01-02 00:32 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-02 00:09 . 2007-02-28 11:10 2,180,352 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-01-02 00:09 . 2007-02-28 11:08 2,136,064 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-01-02 00:09 . 2007-02-28 10:38 2,057,600 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-01-02 00:09 . 2007-02-28 10:38 2,015,744 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-01-02 00:08 . 2006-05-05 11:41 453,120 --------- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-01-02 00:08 . 2006-06-01 20:47 163,840 --------- C:\WINDOWS\system32\dllcache\jgdw400.dll
2008-01-02 00:08 . 2006-03-17 03:05 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-01-02 00:08 . 2006-06-01 20:47 27,648 --------- C:\WINDOWS\system32\dllcache\jgpl400.dll
2008-01-01 23:56 . 2007-06-25 15:02 475,136 --a------ C:\WINDOWS\system32\SkinCrafter2.dll
2008-01-01 23:37 . 2007-12-04 02:08 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-01-01 23:37 . 2007-12-04 02:08 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-01-01 23:37 . 2007-12-04 02:08 118,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-01-01 23:37 . 2007-12-04 02:08 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-01 23:37 . 2007-12-04 02:08 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-01 23:35 . 2008-01-01 23:35 <KANSIO> d--hs---- C:\Documents and Settings\HP_Administrator\UserData
2008-01-01 23:13 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-01 23:08 . 2008-01-03 13:38 <KANSIO> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Spyware Terminator
2008-01-01 23:08 . 2008-01-01 23:08 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-01 23:02 . 2008-01-01 23:02 <KANSIO> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Logitech
2008-01-01 23:01 . 2008-01-01 23:01 1,832 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EP061AA-ABX m7350.fi_YC_0Pavi_QCZB602_E61FIemMPC1_48_IAMETHYST-M_SMSI_V1.0_B3.40_T051213_WXP2_L409_M1023_J250_7AMD_8Athlon 64_92.19_#060301_N10EC8139_Z_G10027146_OTSSTcorp CD DVDW TS-H552L_DSAM0115.MRK
2008-01-01 23:00 . 2005-01-02 14:20 <KANSIO> d-------- C:\Documents and Settings\HP_Administrator\WINDOWS
2008-01-01 23:00 . 2008-01-02 00:57 <KANSIO> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2008-01-01 23:00 . 2005-01-02 14:03 <KANSIO> d-------- C:\Documents and Settings\HP_Administrator\Application Data\ATI
2008-01-01 22:58 . 2005-01-02 14:20 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-01-01 22:54 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-01 22:54 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-01 22:54 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-01 22:54 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-01 22:54 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-01 22:54 . 2001-08-17 22:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-01-01 22:54 . 2001-08-17 14:55 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2008-01-01 19:39 . 2008-01-01 19:40 1,221,003 --a------ C:\SDFix.exe
2007-12-30 19:56 . 2007-12-30 19:56 <KANSIO> d-------- C:\New Folder 1
2007-12-30 00:14 . 2007-12-30 00:14 <KANSIO> d-------- C:\Program Files\Managed DirectX (0901)
2007-12-30 00:09 . 2007-12-30 00:09 <KANSIO> d-------- C:\Program Files\Microsoft Visual Studio .NET
2007-12-30 00:09 . 2007-12-30 00:12 <KANSIO> d-------- C:\DXSDK
2007-12-29 23:35 . 2007-12-29 23:35 <KANSIO> d-------- C:\Program Files\Sunbelt Software
2007-12-29 23:27 . 2007-12-29 23:27 <KANSIO> d-------- C:\Program Files\IObit
2007-12-29 23:24 . 2007-12-30 13:37 <KANSIO> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2007-12-29 23:24 . 2007-12-29 23:24 <KANSIO> d-------- C:\Program Files\Microsoft SDKs
2007-12-29 23:24 . 2007-12-30 13:38 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-29 23:15 . 2007-12-29 23:15 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-12-29 23:06 . 2007-12-29 23:06 <KANSIO> d-------- C:\Program Files\MSXML 6.0
2007-12-29 20:45 . 2007-12-29 20:45 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-12-29 11:45 . 2007-12-29 11:45 <KANSIO> d-------- C:\MyLibrary.dll
2007-12-29 11:38 . 2007-12-29 11:38 <KANSIO> d-------- C:\Program Files\RegistrySmart
2007-12-28 19:37 . 2007-12-28 19:37 <KANSIO> d-------- C:\Program Files\MSBuild
2007-12-28 19:32 . 2007-12-28 19:32 <KANSIO> d-------- C:\Program Files\Reference Assemblies
2007-12-28 16:23 . 2006-02-03 14:21 1,079,808 --a------ C:\mfc80u.dll
2007-12-28 16:05 . 2007-12-28 16:08 <KANSIO> d-------- C:\Program Files\DAEMON Tools Lite
2007-12-28 14:17 . 2007-12-30 19:48 <KANSIO> d-------- C:\Program Files\WinClamAVShield
2007-12-28 14:15 . 2008-01-03 14:02 <KANSIO> d-------- C:\Program Files\Spyware Terminator
2007-12-28 14:15 . 2008-01-03 14:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-12-28 14:08 . 2007-12-29 20:28 <KANSIO> d-------- C:\Program Files\Crawler
2007-12-28 00:32 . 2007-12-28 00:32 <KANSIO> d-------- C:\Program Files\UPHClean
2007-12-27 20:42 . 2007-12-27 20:56 <KANSIO> d-------- C:\Program Files\Driver Cleaner PE
2007-12-26 14:18 . 2008-01-02 23:38 <KANSIO> d-------- C:\Program Files\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 01:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-12-31 16:29 962560]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 06:56 64512]
"ftutil2"="ftutil2.dll" [2004-06-08 07:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 09:19 77312 C:\WINDOWS\arpwrmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 22:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 08:35 49152]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-05 16:57 49768]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12 49152]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-12-28 14:30 2778112]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-01-02 13:47 100056]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10 271360]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52 115608]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 06:23:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R0 dontgo;Promise Removable Disk Control Driver;C:\WINDOWS\system32\DRIVERS\DontGo.sys [2004-06-30 06:25]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-01 23:08]
R2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 12:53]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-10-03 22:57]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52]
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 19:44]
S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;C:\WINDOWS\system32\DRIVERS\wn5401.sys [2005-01-07 02:08]

*Newly Created Service* - ATI_SMART
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-29 21:06:26 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-01-02 22:13:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-01 22:58:52 C:\WINDOWS\Tasks\Norton AntiVirus - Tarkista tietokone - HP_Administrator.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2007-12-31 18:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Suorita täyd. järj.tarkistus - shit.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2007-12-29 19:08:11 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
"2008-01-03 12:27:01 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 14:29:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-03 14:31:09
ComboFix-quarantined-files.txt 2008-01-03 12:31:02
.
2008-01-02 11:10:38 --- E O F ---

toope92 · Jan 5, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:40:26, on 4.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\M² Solutions, Inc\M²Convert for ZEN (2.0)\M2ConvertZEN.exe
C:\Program Files\M² Solutions, Inc\M²Convert for ZEN (2.0)\M2ConvertZEN.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Installation Files\PhotoShop 7.0\Photoshop 7.0\Photoshop\Setup.exe
C:\Installation Files\PhotoShop 7.0\Photoshop 7.0\Photoshop\Setup.exe
C:\Installation Files\PhotoShop 7.0\Photoshop 7.0\Photoshop\Setup.exe
C:\Installation Files\PhotoShop 7.0\Photoshop 7.0\Photoshop\_ISDel.exe
C:\Program Files\Creative\Video Converter\CtConvU.exe
C:\PROGRA~1\Creative\SHARED~1\OpaQManU.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1199223370312
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 11674 bytes

Log in or Sign up

hjt-logi(voisko joku katsoa !?yritetty tehdä parannus muutoksia

toope92 Regular member

Hujo Guest

toope92 Regular member

Hujo Guest

toope92 Regular member

toope92 Regular member

Share This Page

Log in or Sign up

hjt-logi(voisko joku katsoa !?yritetty tehdä parannus muutoksia

toope92 Regular member

Hujo Guest

toope92 Regular member

Hujo Guest

toope92 Regular member

toope92 Regular member

Share This Page

Useful Searches