Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:37:17, on 12.1.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\NetLimiter 2 Pro\NLClient.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\mobsync.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\uTorrent\uTorrent.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.22\RivaTunerWrapper.exe" /S O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [ccaf3814] rundll32.exe "C:\ProgramData\mutelupo\mutelupo.dll",b O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [FTweakFCleaner] C:\Program Files\FCleaner\FCleaner.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [jugawimeki] Rundll32.exe "C:\Windows\system32\yasutabe.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\Windows\system32\tuwopuye.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 8694 bytes
Lataa Malwarebytes' Anti-Malware työpöydällesi. 1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. 2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish. 3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. 4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. 5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. 6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. 7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt 8. Lähetä lokin sisältö seuraavassa viestissäsi =============== Scannaa koneesi Kaspersky Online Scannerin Ohjelman käynnistyessä kysytään sallitaanko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä. " Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen. " Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next. " Klikkaa nyt asetuksia, Scan Settings " Tarkista asetuksista, että seuraavat ovat valittuina: o Scan using the following Anti-Virus database: + Extended (Jos valittavissa, muuten valitse Standard) o Scan Options: + Scan Archives + Scan Mail Bases " Klikkaa OK " Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer " Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut. " Klikkaa nyt Save as Text-painiketta. " Tallenna tiedosto työpöydällesi. " Mikäli haluat jatkaa asian käsittelyä foorumissa niin kopioi tiedoston sisältö viestiisi.
uesday, January 13, 2009 Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, January 13, 2009 11:01:03 Records in database: 1613791 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer C:\ D:\ I:\ Scan statistics Files scanned 134452 Threat name 1 Infected objects 1 Suspicious objects 0 Duration of the scan 01:29:43 File name Threat name Threats count C:\Program Files\Windows Sidebar\Gadgets\AutoShutdown.gadget\core\gadget.js Infected: not-a-virus:RiskTool.JS.Shutdown.a 1 The selected area was scanned. Malwaren logi: Malwarebytes' Anti-Malware 1.32 Tietokantaversio: 1647 Windows 6.0.6001 Service Pack 1 13.1.2009 13:23:59 mbam-log-2009-01-13 (13-23-59).txt Tarkistustyyppi: Täysi tarkistus (C:\|) Tarkistetut kohteet: 175544 Kulunut aika: 12 hour(s), 1 minute(s), 37 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 9 Saastuneita rekisteriarvoja: 2 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 8 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccaf3814 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: C:\ProgramData\mutelupo\mutelupo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\ProgramData\dutupafu\dutupafu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\ProgramData\fapufipe\fapufipe.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\ProgramData\juhodamo\juhodamo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\ProgramData\notosono\notosono.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\ProgramData\yogewaya\yogewaya.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\ProgramData\zibuweti\zibuweti.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\ProgramData\zuzifore\zuzifore.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
1.Lataa Combofix.exe työpöydällesi yhdestä linkistä: Combofix1 Combofix2 älä asenna palautus consolia 2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
ComboFix 09-01-11.04 - Santtu 2009-01-13 16:03:36.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3326.2007 [GMT 2:00] Sijainti: c:\users\Downloads\ComboFix.exe FW: ZoneAlarm Firewall *disabled* * Uusi palautuspiste luotu . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\System32\egfghiPo.ini c:\windows\system32\egfghiPo.ini2 c:\windows\system32\ovmemmrt.ini c:\windows\system32\x64 . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-12-13 to 2009-01-13 ))))))))))))))))) . 2009-01-13 01:20 . 2009-01-13 01:20 <KANSIO> d-------- c:\users\All Users\Malwarebytes 2009-01-13 01:20 . 2009-01-13 01:20 <KANSIO> d-------- c:\programdata\Malwarebytes 2009-01-13 01:20 . 2009-01-13 01:20 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-13 01:20 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-01-13 01:20 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-01-12 15:24 . 2009-01-12 15:34 <KANSIO> d-------- c:\program files\CleanCenter 2009-01-12 10:35 . 2009-01-12 10:35 <KANSIO> d-------- c:\program files\Trend Micro 2009-01-12 09:40 . 2009-01-12 15:23 <KANSIO> d-------- c:\windows\Download Manager 2009-01-11 17:11 . 2009-01-11 17:11 <KANSIO> d-------- c:\users\All Users\Locktime 2009-01-11 17:11 . 2009-01-11 17:11 <KANSIO> d-------- c:\programdata\Locktime 2009-01-11 17:11 . 2009-01-11 17:11 <KANSIO> d-------- c:\program files\NetLimiter 2 Pro 2009-01-10 16:55 . 2009-01-10 16:55 <KANSIO> d-------- c:\users\Santtu\netti 2009-01-08 16:09 . 2009-01-08 16:09 <KANSIO> d--hs---- c:\windows\ftpcache 2009-01-05 23:59 . 2009-01-05 23:59 <KANSIO> d-------- c:\users\All Users\Apple Computer 2009-01-05 23:59 . 2009-01-05 23:59 <KANSIO> d-------- c:\programdata\Apple Computer 2009-01-05 23:59 . 2009-01-05 23:59 <KANSIO> d-------- c:\program files\QuickTime 2009-01-05 23:59 . 2009-01-05 23:59 <KANSIO> d-------- c:\program files\Common Files\Apple 2009-01-05 23:58 . 2009-01-05 23:58 <KANSIO> d-------- c:\users\All Users\Apple 2009-01-05 23:58 . 2009-01-05 23:58 <KANSIO> d-------- c:\programdata\Apple 2009-01-05 23:58 . 2009-01-05 23:58 <KANSIO> d-------- c:\program files\Apple Software Update 2009-01-05 21:41 . 2009-01-05 21:41 <KANSIO> d-------- c:\users\All Users\GRAW2 2009-01-05 21:41 . 2009-01-05 21:41 <KANSIO> d-------- c:\programdata\GRAW2 2009-01-05 21:17 . 2009-01-05 21:17 <KANSIO> d-------- c:\users\All Users\Media Center Programs 2009-01-05 21:17 . 2009-01-05 21:17 <KANSIO> d-------- c:\programdata\Media Center Programs 2009-01-05 21:09 . 2009-01-05 21:09 <KANSIO> d-------- c:\program files\UBISOFT 2009-01-04 17:21 . 2009-01-04 17:21 <KANSIO> d-------- c:\program files\Microsoft Works 2009-01-04 17:20 . 2009-01-04 17:20 <KANSIO> d-------- c:\program files\Microsoft.NET 2009-01-04 17:15 . 2009-01-04 17:15 <KANSIO> d-------- c:\program files\Microsoft Visual Studio 8 2009-01-04 17:15 . 2009-01-04 17:15 <KANSIO> d-------- C:\IDE 2009-01-04 17:13 . 2009-01-04 17:13 <KANSIO> dr-h----- C:\MSOCache 2009-01-03 18:33 . 2009-01-03 18:33 <KANSIO> d-------- c:\program files\Common Files\PX Storage Engine 2009-01-03 18:33 . 2008-10-08 03:03 43,872 --------- c:\windows\System32\drivers\PxHelp20.sys 2009-01-03 18:33 . 2008-10-08 03:03 9,200 --------- c:\windows\System32\drivers\cdralw2k.sys 2009-01-03 18:33 . 2008-10-08 03:03 9,072 --------- c:\windows\System32\drivers\cdr4_xp.sys 2009-01-03 18:08 . 2009-01-03 18:08 <KANSIO> d-------- c:\windows\System32\Futuremark 2009-01-03 18:08 . 2008-04-22 08:53 27,672 -ra------ c:\windows\System32\drivers\Entech.sys 2009-01-03 18:07 . 2009-01-03 18:07 <KANSIO> d-------- c:\windows\System32\AGEIA 2009-01-03 18:07 . 2009-01-05 21:34 <KANSIO> d-------- c:\program files\AGEIA Technologies 2009-01-03 14:49 . 2009-01-03 14:49 <KANSIO> d-------- c:\program files\RivaTuner v2.22 2009-01-02 10:42 . 2009-01-02 10:42 <KANSIO> d-------- c:\program files\VideoLAN 2009-01-01 14:16 . 2009-01-01 14:16 <KANSIO> d-------- c:\users\All Users\FTWeak 2009-01-01 14:16 . 2009-01-01 14:16 <KANSIO> d-------- c:\programdata\FTWeak 2009-01-01 14:16 . 2009-01-10 11:51 <KANSIO> d-------- c:\program files\FCleaner 2008-12-30 18:45 . 2008-12-30 18:50 <KANSIO> d-------- C:\RA3_SaveGames 2008-12-30 11:33 . 2008-12-30 11:33 <KANSIO> d-------- c:\users\All Users\ATI 2008-12-30 11:33 . 2008-12-30 11:33 <KANSIO> d-------- c:\programdata\ATI 2008-12-30 11:17 . 2008-12-30 11:17 0 --a------ c:\windows\ativpsrm.bin 2008-12-30 11:15 . 2008-12-30 11:19 <KANSIO> d-------- c:\program files\ATI Technologies 2008-12-30 11:15 . 2008-12-30 11:32 <KANSIO> d-------- c:\program files\ATI 2008-12-30 11:14 . 2008-12-30 11:14 <KANSIO> d-------- C:\ATI 2008-12-30 10:38 . 2008-12-30 10:38 331 --a------ c:\windows\doom3.ini 2008-12-30 10:18 . 2009-01-06 22:27 <KANSIO> d-------- c:\program files\DOOM 3 2008-12-30 04:58 . 2008-12-30 04:58 <KANSIO> d-------- c:\program files\Electronic Arts 2008-12-30 04:58 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll 2008-12-30 04:58 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll 2008-12-30 04:58 . 2007-07-19 18:14 1,358,192 --a------ c:\windows\System32\D3DCompiler_35.dll 2008-12-30 04:58 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll 2008-12-30 04:58 . 2007-07-19 18:14 444,776 --a------ c:\windows\System32\d3dx10_35.dll 2008-12-30 04:57 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\System32\d3dx9_35.dll 2008-12-23 15:21 . 2008-12-23 15:21 127,034 -r------- c:\windows\bwUnin-8.1.1.50-8876480SL.exe 2008-12-23 15:16 . 2008-12-23 15:16 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-12-23 15:16 . 2008-12-23 15:16 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2008-12-23 15:14 . 2008-12-23 15:15 <KANSIO> d-------- c:\program files\Common Files\Logitech 2008-12-23 15:14 . 2007-04-23 04:00 163,840 --a------ c:\windows\System32\kemutb.dll 2008-12-23 15:14 . 2007-04-23 04:00 135,168 --a------ c:\windows\System32\KemUtil.dll 2008-12-23 15:14 . 2007-04-23 04:00 110,592 --a------ c:\windows\System32\KemWnd.dll 2008-12-23 15:14 . 2007-04-23 04:00 69,632 --a------ c:\windows\System32\KemXML.dll 2008-12-17 02:03 . 2008-12-17 02:03 <KANSIO> d-------- c:\program files\Common Files\PCSuite 2008-12-17 02:03 . 2008-12-17 02:03 <KANSIO> d-------- c:\program files\Common Files\Nokia 2008-12-15 19:27 . 2009-01-01 15:10 69 --a------ c:\windows\NeroDigital.ini 2008-12-15 15:37 . 2008-12-15 15:37 <KANSIO> d-------- C:\RootkitNO 2008-12-15 15:37 . 2008-12-15 15:37 123 --a------ c:\windows\rootkitno.ini 2008-12-15 12:15 . 2008-12-15 12:15 118 --a------ c:\windows\System32\MRT.INI . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-13 14:14 348,371 ---ha-w c:\windows\system32\drivers\vsconfig.xml 2009-01-13 11:23 --------- d-----w c:\programdata\zuzifore 2009-01-13 11:23 --------- d-----w c:\programdata\zibuweti 2009-01-13 11:23 --------- d-----w c:\programdata\yogewaya 2009-01-13 11:23 --------- d-----w c:\programdata\notosono 2009-01-13 11:23 --------- d-----w c:\programdata\mutelupo 2009-01-13 11:23 --------- d-----w c:\programdata\juhodamo 2009-01-13 11:23 --------- d-----w c:\programdata\fapufipe 2009-01-13 11:23 --------- d-----w c:\programdata\dutupafu 2009-01-11 11:19 --------- d-----w c:\programdata\Logishrd 2009-01-11 11:19 --------- d-----w c:\program files\Logitech 2009-01-11 05:20 --------- d-----w c:\program files\ffdshow 2009-01-10 11:56 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-05 19:34 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-04 21:18 --------- d-----w c:\programdata\Microsoft Help 2009-01-04 15:21 --------- d-----w c:\program files\MSBuild 2009-01-03 15:38 --------- d-----w c:\program files\CCleaner 2008-12-30 12:56 --------- d-----w c:\programdata\DVD Shrink 2008-12-30 08:18 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-29 21:12 --------- d-----w c:\program files\UnHackMe 2008-12-28 08:26 348,371 ---ha-w c:\windows\system32\drivers\vsconfig(241).xml 2008-12-27 14:15 2,769,412 ----a-w c:\windows\Internet Logs\tvDebug.Zip 2008-12-23 13:14 --------- d-----w c:\programdata\Logitech 2008-12-17 00:02 --------- d-----w c:\program files\Nokia 2008-12-16 23:38 --------- d-----w c:\programdata\Installations 2008-12-16 18:09 --------- d-----w c:\programdata\Messenger Plus! 2008-12-15 09:49 --------- d-----w c:\program files\Windows Mail 2008-12-09 22:00 --------- d-----w c:\program files\AC3Filter 2008-12-09 09:57 --------- d-----w c:\program files\Lavalys 2008-12-08 11:53 --------- d-----w c:\programdata\NOS 2008-12-08 11:53 --------- d-----w c:\program files\NOS 2008-12-08 11:28 --------- d-----w c:\program files\Common Files\Adobe 2008-12-08 10:53 57,344 ----a-w c:\windows\System32\ff_vfw.dll 2008-12-07 14:08 --------- d-----w c:\program files\a-squared Free 2008-12-04 22:03 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2008-12-04 21:48 --------- d-----w c:\program files\Canon 2008-12-04 21:25 --------- d-----w c:\program files\Common Files\Canon 2008-12-04 20:28 --------- d-----w c:\program files\directx 2008-12-03 10:29 410,984 ----a-w c:\windows\System32\deploytk.dll 2008-12-03 10:29 --------- d-----w c:\program files\Java 2008-12-03 08:09 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2 2008-12-03 08:03 --------- d-----w c:\program files\BitLocker 2008-12-03 07:49 --------- d-----w c:\program files\Microsoft Silverlight 2008-12-02 17:53 --------- d-----w c:\programdata\Lavasoft 2008-12-02 17:53 --------- d-----w c:\program files\Lavasoft 2008-12-02 17:48 --------- d-----w c:\program files\Webteh 2008-12-02 05:39 --------- d-----w c:\program files\Messenger Plus! Live 2008-12-01 22:14 4,179,968 ----a-w c:\windows\system32\drivers\atikmdag.sys 2008-12-01 20:47 425,984 ----a-w c:\windows\System32\ATIDEMGX.dll 2008-12-01 20:46 159,744 ----a-w c:\windows\System32\atitmmxx.dll 2008-12-01 20:45 43,520 ----a-w c:\windows\System32\ati2edxx.dll 2008-12-01 20:45 331,776 ----a-w c:\windows\System32\atipdlxx.dll 2008-12-01 20:45 274,432 ----a-w c:\windows\System32\Ati2evxx.dll 2008-12-01 20:45 262,144 ----a-w c:\windows\System32\Oemdspif.dll 2008-12-01 20:44 720,896 ----a-w c:\windows\System32\Ati2evxx.exe 2008-12-01 20:29 4,033,536 ----a-w c:\windows\System32\atiumdag.dll 2008-12-01 20:17 10,981,376 ----a-w c:\windows\System32\atioglxx.dll 2008-12-01 20:09 4,754,432 ----a-w c:\windows\System32\atiumdva.dll 2008-12-01 19:56 98,304 ----a-w c:\windows\System32\atiadlxx.dll 2008-12-01 19:56 57,344 ----a-w c:\windows\System32\amdcalrt.dll 2008-12-01 19:56 53,248 ----a-w c:\windows\System32\amdcalcl.dll 2008-12-01 19:56 50,688 ----a-w c:\windows\System32\amdpcom32.dll 2008-12-01 19:53 3,256,320 ----a-w c:\windows\System32\amdcaldd.dll 2008-12-01 19:42 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll 2008-11-30 22:54 --------- d-----w c:\program files\Common Files\Nero 2008-11-30 22:27 --------- d-----w c:\program files\Nero 2008-11-30 22:11 --------- d-----w c:\programdata\Nero 2008-11-30 18:21 --------- d-----w c:\programdata\ZoomBrowser 2008-11-30 11:31 --------- d-----w c:\program files\Common Files\InterVideo 2008-11-30 11:21 --------- d-----w c:\program files\MSXML 4.0 2008-11-30 11:14 --------- d-----w c:\program files\InterVideo 2008-11-30 10:38 --------- d-----w c:\program files\DAEMON Tools Lite 2008-11-30 10:34 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-11-30 10:08 --------- d-----w c:\program files\Winamp 2008-11-30 10:04 --------- d-----w c:\program files\Zone Labs 2008-11-30 09:55 --------- d-----w c:\programdata\CheckPoint 2008-11-30 09:27 --------- d-----w c:\program files\Alwil Software 2008-11-30 09:17 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf 2008-11-30 09:16 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-11-30 09:16 --------- d-----w c:\programdata\PC Suite 2008-11-30 09:10 --------- d-----w c:\program files\uTorrent 2008-11-30 09:10 --------- d-----w c:\program files\DIFX 2008-11-30 09:08 --------- d-----w c:\program files\PC Connectivity Solution 2008-11-29 22:24 --------- d-----w c:\program files\DVD Shrink 2008-11-29 22:00 --------- d-----w c:\program files\Windows Sidebar 2008-11-29 22:00 --------- d-----w c:\program files\Windows Photo Gallery 2008-11-29 22:00 --------- d-----w c:\program files\Windows Journal 2008-11-29 22:00 --------- d-----w c:\program files\Windows Defender 2008-11-29 22:00 --------- d-----w c:\program files\Windows Collaboration 2008-11-29 22:00 --------- d-----w c:\program files\Windows Calendar 2008-11-29 22:00 --------- d-----w c:\program files\Microsoft Games 2008-11-29 18:55 --------- d-----w c:\programdata\WindowsSearch 2008-11-29 18:09 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2008-11-29 18:09 --------- d-----w c:\program files\Windows Live 2008-11-29 18:06 --------- d-----w c:\programdata\WLInstaller 2008-11-29 17:47 174 --sha-w c:\program files\desktop.ini 2008-11-29 17:44 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-11-26 17:17 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys 2008-11-13 13:19 293,776 ----a-w c:\windows\system32\drivers\vsdatant.sys 2008-11-13 13:18 1,221,008 ----a-w c:\windows\System32\zpeng25.dll . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-09-16 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-09-16 125952] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "FTweakFCleaner"="c:\program files\FCleaner\FCleaner.exe" [2009-01-05 1644544] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-09-16 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-06 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-06 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-06 154136] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.22\RivaTunerWrapper.exe" [2008-12-29 24576] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-23 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-23 692224] RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2008-09-17 495616] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\tuwopuye.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{8E626B47-C9DC-4723-B082-C15E32E77481}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{94F4B79F-11D0-4A0D-A845-2266FD9FC9A3}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{2587E3A1-C5A6-4676-BD1A-B1405EA49677}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{10ECF9FF-6ABA-4EC9-ABFD-708446A2A6EE}"= UDP:c:\windows\System32\mpxu.exe:mpxu "{881C253E-E956-4315-B195-8EB076EDF50E}"= TCP:c:\windows\System32\mpxu.exe:mpxu "{57943985-052F-4DB6-A0CE-58BC06DAA142}"= TCP:c:\windows\System32\rundll32.exe:rundll32 "{688B186B-116D-479B-9D32-B3DAED36C93C}"= UDP:c:\windows\System32\rundll32.exe:rundll32 "{32E4655A-670A-4CA9-86F9-E19149F3D38A}"= TCP:c:\windows\System32\rundll32.exe:rundll32 "{3EA65B2C-44E0-42FE-89D9-D24F067B1EBC}"= UDP:c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe:NBService "{F3C83FBC-DBDB-4024-8B73-AA7D11E06705}"= TCP:c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe:NBService "{9E08C076-8A53-4C92-923A-0FA3D44AAC17}"= UDP:c:\windows\System32\winlogon.exe:winlogon "{664FA188-A260-49B9-A341-647134FD9FC6}"= TCP:c:\windows\System32\winlogon.exe:winlogon "{54F59559-373E-41AB-95EB-ABE017DB470E}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{5CFEC1CC-D2E7-4290-BFD7-44532AB8DCB2}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{0772F038-5F85-41A9-8B68-DBF840D76451}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{BD2F653E-E982-43F4-8ADA-7B646122B78B}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{6B0C0CB8-EFE1-4E5D-85FA-98D19AB55C27}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{19A186F2-827A-4A5B-8732-BB3E475A6D18}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{58E68D91-DE0A-4DC9-A36B-242ADABD65E6}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{0BFA68B6-1E56-4594-8EB3-1253B0AFDEAC}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{665B80CD-79E7-4D80-A8C9-DF5D8060A525}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 amacpi;Microsoft Away Mode System;c:\windows\System32\drivers\null.sys [2008-09-16 4608] R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-11-30 111184] R1 nltdi;nltdi;c:\windows\System32\drivers\nltdi.sys [2007-04-23 82200] R3 Ph6xIB32;NXP 716x PCIe TV Card;c:\windows\System32\drivers\Ph6xIB32.sys [2007-01-26 1074560] R4 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-11-30 20560] R4 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-11-30 51792] --- Muut muistissa olevat ajurit/palvelut --- *Deregistered* - sptd [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] %SystemRoot%\system32\soundschemes2.exe /AddRegistration . . ------- Täydentävä tarkistus ------- . IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll c:\windows\Downloaded Program Files\Manager.exe - c:\windows\Downloaded Program Files\DownloadManagerV2.ocx O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab c:\windows\Downloaded Program Files\DownloadManagerV2.inf FF - ProfilePath - c:\users\Santtu\AppData\Roaming\Mozilla\Firefox\Profiles\5m4vdckk.default\ FF - prefs.js: browser.startup.homepage - hxxp://thepiratebay.org/ FF - component: c:\users\Santtu\AppData\Roaming\Mozilla\Firefox\Profiles\5m4vdckk.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-13 16:15:43 Windows 6.0.6001 Service Pack 1 NTFS tarkistaa piilotettuja prosesseja ... tarkistaa piilotettuja käynnistysarvoja ... tarkistaa piilotettuja tiedostoja ... tarkistus on valmis piilotetut tiedostot: 0 ************************************************************************** . --------------------- LUKITUT REKISTERIAVAIMET --------------------- [HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . --------------------- Prosesseihin ladatut DLLt --------------------- - - - - - - - > 'Explorer.exe'(1440) c:\program files\RocketDock\RocketDock.dll c:\program files\Logitech\SetPoint\lgscroll.dll . ------------------------ Muut prosessit ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\System32\audiodg.exe c:\windows\System32\Ati2evxx.exe c:\windows\System32\ZoneLabs\vsmon.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\a-squared Free\a2service.exe c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files\NetLimiter 2 Pro\nlsvc.exe c:\windows\System32\WUDFHost.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\System32\conime.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\NetLimiter 2 Pro\NLClient.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\ehome\ehmsas.exe c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\windows\System32\dllhost.exe . ************************************************************************** . Valmistumisajankohta: 2009-01-13 16:24:31 - kone käynnistettiin uudelleen ComboFix-quarantined-files.txt 2009-01-13 14:21:39 Ennen ajoa: 3 728 359 424 tavua vapaana Ajon jälkeen: 2,968,084,480 tavua vapaana Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10 357 --- E O F --- 2009-01-13 00:19:34 Nyt pitäs olla täys logi.
