Elikkä zone alarm valittaa, että lsass.exe yrittää päästä nettiin ja ja koskaa ennen ei oo moista ilmoitusta tullut kun nyt useampaan otteeseen joten ajoin ComboFixin ja SDFixin ja hijacjthis tuossa järjestyksessä. Ja tässä olisi logi tiedostot. Apu olisi jees. Viirustorjuntana minulla on Avast. Zone alarmin mukaan tiedoston sijaitsee c:\WINDOWS\system32\lsass.exe Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:10:14, on 1.4.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AskBarDis\bar\bin\AskService.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe C:\Program Files\Saitek\Software\ProfilerU.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\Program Files\ALIRAID\ALiRaid.exe C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\TerraTec\DMX 6fire\DMX6Fire.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [ALiRaid] C:\Program Files\ALIRAID\ALiRaid.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Nuance PDF Professional 5-reminder] "C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\PDF Professional 5\Ereg\Ereg.ini" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = J:\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Start 3DxWare.lnk = C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML O8 - Extra context menu item: Open with Nuance PDF Converter 5.0 - res://C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll /100 O8 - Extra context menu item: Vie Microsoft E&xceliin - res://J:\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233411605812 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233411592562 O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c98c639d6309ef) (gupdate1c98c639d6309ef) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - J:\Piirto\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 12019 bytes ComboFix 09-03-31.02 - joo 2009-04-01 11:08:39.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.519 [GMT 3:00] Sijainti: c:\documents and settings\joo\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090331-0] *On-access scanning disabled* (Updated) FW: ZoneAlarm Firewall *enabled* * Uusi palautuspiste luotu VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !! . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\joo\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-03-01 to 2009-04-01 ))))))))))))))))) . 2009-03-29 11:35 . 2009-03-29 11:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\ALM 2009-03-29 11:27 . 2009-03-29 11:28 <DIR> d-------- c:\program files\QuickTime 2009-03-28 21:15 . 2009-03-28 21:40 <DIR> d-------- c:\documents and settings\joo\Application Data\vlc 2009-03-28 21:12 . 2009-03-28 21:12 <DIR> d-------- c:\program files\VideoLAN 2009-03-26 16:31 . 2009-03-26 16:31 <DIR> d-------- c:\program files\AskBarDis 2009-03-26 16:18 . 2009-03-26 16:18 <DIR> d-------- c:\documents and settings\joo\Application Data\3Dconnexion 2009-03-26 16:16 . 2009-03-26 16:16 <DIR> d-------- c:\program files\3Dconnexion 2009-03-23 18:43 . 2009-03-23 18:43 <DIR> d-------- c:\documents and settings\joo\Application Data\SPORE 2009-03-23 18:41 . 2009-03-23 18:41 <DIR> d-------- c:\program files\Electronic Arts 2009-03-15 21:25 . 2009-03-15 21:25 <DIR> d-------- c:\documents and settings\joo\Library 2009-03-15 21:25 . 2009-03-15 21:25 <DIR> d-------- c:\documents and settings\joo\Application Data\com.adobe.ExMan 2009-03-15 19:20 . 2009-03-15 19:20 42,592 --ah----- c:\windows\system32\mlfcache.dat 2009-03-15 19:19 . 2009-03-15 19:19 <DIR> d-------- c:\program files\Safari 2009-03-15 19:18 . 2009-03-15 19:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple 2009-03-15 11:33 . 2009-03-15 11:33 <DIR> d-------- c:\windows\system32\Futuremark 2009-03-15 11:33 . 2009-03-15 11:33 <DIR> d-------- c:\program files\Common Files\Futuremark Shared 2009-03-15 11:33 . 2008-09-17 16:14 27,672 -ra------ c:\windows\system32\drivers\Entech.sys 2009-03-13 14:53 . 2009-03-13 14:53 <DIR> d-------- c:\documents and settings\joo\Application Data\ABBYY 2009-03-13 14:38 . 2009-03-13 14:38 <DIR> d-------- c:\program files\Common Files\ABBYY 2009-03-13 14:38 . 2009-03-13 14:41 <DIR> d-------- c:\program files\ABBYY FineReader 9.0 2009-03-13 14:38 . 2009-03-13 15:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\ABBYY . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-01 08:00 --------- d-----w c:\documents and settings\joo\Application Data\uTorrent 2009-04-01 06:20 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-03-31 04:48 5,274,529 ----a-w c:\windows\Internet Logs\tvDebug.Zip 2009-03-29 08:35 --------- d-----w c:\program files\Common Files\Adobe 2009-03-28 18:40 --------- d-----w c:\documents and settings\joo\Application Data\vlc 2009-03-26 13:16 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-23 12:14 --------- d-----w c:\program files\Common Files\Logitech 2009-03-19 11:18 --------- d-----w c:\program files\Google 2009-03-15 17:58 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2009-03-15 16:20 --------- d-----w c:\documents and settings\joo\Application Data\Apple Computer 2009-03-15 16:18 --------- d-----w c:\program files\Apple Software Update 2009-02-24 13:07 --------- d-----w c:\program files\mp3DirectCut 2009-02-20 12:58 --------- d-----w c:\program files\foobar2000 2009-02-15 22:10 1,221,512 ----a-w c:\windows\system32\zpeng25.dll 2009-02-04 10:52 61,640 ----a-w c:\documents and settings\joo\Application Data\GDIPFONTCACHEV1.DAT 2009-02-04 09:53 --------- d-----w c:\documents and settings\joo\Application Data\ScanSoft 2009-02-04 09:52 --------- d-----w c:\documents and settings\All Users\Application Data\ScanSoft 2009-02-04 09:51 --------- d-----w c:\documents and settings\joo\Application Data\Zeon 2009-02-04 09:50 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Zeon 2009-02-04 09:50 --------- d-----w c:\program files\Common Files\ScanSoft Shared 2009-02-04 09:50 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-04 09:50 --------- d-----w c:\documents and settings\All Users\Application Data\Nuance 2009-02-04 09:50 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield 2009-02-04 09:49 --------- d-----w c:\program files\Nuance 2009-02-04 09:49 --------- d-----w c:\documents and settings\All Users\Application Data\Zeon 2009-02-04 07:53 --------- d-----w c:\program files\gs 2009-02-04 07:52 --------- d-----w c:\program files\Ghostgum 2009-02-01 14:43 --------- d-----w c:\documents and settings\All Users\Application Data\MailFrontier 2009-02-01 14:42 --------- d-----w c:\program files\Zone Labs 2009-02-01 14:41 --------- d-----w c:\program files\Alwil Software 2009-02-01 14:38 --------- d-----w c:\program files\F-Secure 2009-02-01 14:35 --------- d-----w c:\documents and settings\All Users\Application Data\F-Secure 2006-12-29 22:22 66,936 --sha-w c:\windows\dlinfo_0.drv 2008-10-30 10:12 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008103020081031\index.dat . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-10-16 19:22 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072] "gcasServ"="c:\program files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe" [2004-11-28 462848] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184] "Profiler"="c:\program files\Saitek\Software\ProfilerU.exe" [2005-08-30 163840] "SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2005-09-09 126976] "ALiRaid"="c:\program files\ALIRAID\ALiRaid.exe" [2004-01-09 401408] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-06 81000] "PDFHook"="c:\program files\Nuance\PDF Professional 5\pdfpro5hook.exe" [2008-03-15 1626112] "PDF5 Registry Controller"="c:\program files\Nuance\PDF Professional 5\RegistryController.exe" [2008-02-02 58656] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-03-26 210472] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "Nuance PDF Professional 5-reminder"="c:\program files\Nuance\PDF Professional 5\Ereg\Ereg.exe" [2007-08-31 328992] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "nwiz"="nwiz.exe" [2008-09-18 c:\windows\system32\nwiz.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-23 113664] DMX 6fire 2496 ControlPanel.lnk - c:\program files\TerraTec\DMX 6fire\DMX6Fire.exe [2007-10-24 335872] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-10-09 805392] Microsoft Office.lnk - j:\microsoft office\Office10\OSA.EXE [2001-02-13 83360] Start 3DxWare.lnk - c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe [2008-10-22 118272] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Ohjelmat\\utorrent\\utorrent.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\evolutionv3\\mirc.exe"= "c:\\Program Files\\eMule\\emule.exe"= "f:\\Pelit\\Neverwinter Nights 2\\nwn2main.exe"= "f:\\Pelit\\Neverwinter Nights 2\\nwn2main_amdxp.exe"= "f:\\Pelit\\Neverwinter Nights 2\\nwupdate.exe"= "f:\\Pelit\\Neverwinter Nights 2\\nwn2server.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\sandra.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcSandraSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcDataSrv.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "l:\\Pelit\\Battlefield 2\\BF2.exe"= "l:\\Pelit\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "l:\\Pelit\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "c:\\Program Files\\Hamachi\\hamachi.exe"= "l:\\Pelit\\Nexus - The Jupiter Incident\\nexus_dx9.exe"= "l:\\Pelit\\Serious Sam\\Bin\\SeriousSam.exe"= "l:\\Pelit\\MX vs ATV Unleashed\\MXvsATV.exe"= "l:\\Pelit\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"= "l:\\Pelit\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"= "l:\\Pelit\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"= "l:\\Pelit\\World in Conflict\\wic.exe"= "l:\\Pelit\\World in Conflict\\wic_online.exe"= "l:\\Pelit\\World in Conflict\\wic_ds.exe"= "l:\\Pelit\\FEARCombat\\FEARMP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\server.exe"= "j:\\Piirto\\3ds Max 2009\\3dsmax.exe"= "l:\\Pelit\\Battlefield 2142\\BF2142.exe"= "l:\\Pelit\\Space Siege\\Space Siege\\SpaceSiege.exe"= "l:\\Pelit\\Space Siege\\GPGNet\\GPG.Multiplayer.Client.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R0 m5228;m5228;c:\windows\system32\drivers\m5228.sys [2007-01-22 44925] R0 m5281;m5281;c:\windows\system32\drivers\m5281.sys [2007-01-22 49357] R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2006-01-12 116264] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-01 114768] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768] R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-03-26 464264] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-01 20560] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-10-09 3712] R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2008-02-02 144672] R3 dmxfire;DMX6fire WDM Audio;c:\windows\system32\drivers\dmx6fire.sys [2003-03-24 148724] R3 dmxsens;dmxsens;c:\windows\system32\drivers\dmxsens.sys [2003-07-22 403968] S2 gupdate1c98c639d6309ef;Google Update Service (gupdate1c98c639d6309ef);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 133104] S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;j:\piirto\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536] S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2008-06-26 15872] S3 cpuz130;cpuz130;\??\c:\docume~1\joo\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\joo\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 SaiH80C0;SaiH80C0;c:\windows\system32\drivers\SaiH80C0.sys [2006-10-25 176384] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1526e3d-36a6-11db-8658-806d6172696f}] \Shell\AutoRun\command - G:\autorun.exe . 'Ajoitetut tehtävät'-kansion sisältö 2009-04-01 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 22:26] 2009-04-01 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 19:12] . - - - - POISTETUT JÄMÄRIVIT - - - - HKU-Default-RunOnce-3DxAssociateFileExts - c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register.exe . ------- Täydentävä tarkistus ------- . uInternet Settings,ProxyOverride = localhost IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Create PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: Open with Nuance PDF Converter 5.0 - c:\program files\Nuance\PDF Professional 5\cnvres_eng.dll /100 IE: Vie Microsoft E&xceliin - j:\micros~1\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\joo\Application Data\Mozilla\Firefox\Profiles\nvfft9my.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy.http_port - 12080 FF - prefs.js: network.proxy.type - 1 FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-01 11:11:18 Windows 5.1.2600 Service Pack 3 NTFS tarkistaa piilotettuja prosesseja ... tarkistaa piilotettuja käynnistysarvoja ... tarkistaa piilotettuja tiedostoja ... tarkistus on valmis piilotetut tiedostot: 0 ************************************************************************** . --------------------- LUKITUT REKISTERIAVAIMET --------------------- [HKEY_USERS\S-1-5-21-1177238915-725345543-986591610-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:01,43,c9,28,23,5b,f5,63,0b,aa,ad,36,2e,18,1d,34,2d,1e,ab,ac,d2,29,ca, b7,f4,b7,2e,7f,36,5c,45,52,f7,90,9d,fc,91,cf,83,08,d3,05,3a,f8,76,dc,49,d5,\ "??"=hex:85,fe,9a,1e,38,ed,f6,d0,0f,e0,f2,9d,ab,46,52,04 [HKEY_USERS\S-1-5-21-1177238915-725345543-986591610-1003\Software\SecuROM\License information*] "datasecu"=hex:55,43,d3,05,51,28,6b,af,fc,69,68,45,80,a5,2a,88,9f,02,ff,64,c0, 89,77,0a,cf,5a,71,c7,50,11,15,d8,13,27,97,92,ed,2c,0e,08,b9,6a,d7,4c,de,bf,\ "rkeysecu"=hex:09,6a,a8,3b,4d,a4,2b,5c,29,95,07,fd,e8,b0,f3,c6 . --------------------- Prosesseihin ladatut DLLt --------------------- - - - - - - - > 'winlogon.exe'(732) c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll . Valmistumisajankohta: 2009-04-01 11:13:17 ComboFix-quarantined-files.txt 2009-04-01 08:12:57 Ennen ajoa: 2 556 862 464 bytes free Ajon jälkeen: 2,871,488,512 bytes free 248 SDFix: Version 1.240 Run by joo on ke 01.04.2009 at 11:42 Microsoft Windows XP [Version 5.1.2600] Running From: C:\Documents and Settings\joo\Desktop\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-01 11:54:53 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:137e5fc5 "s2"=dword:3b1ce52a "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:18,dd,28,f5,28,36,0e,76,f0,3a,bd,6e,db,57,5c,a4,f7,73,d4,27,38,.. "p0"="C:\Program Files\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:c0,2f,2b,9a,bd,d4,46,a1,0a,3f,b7,53,1e,67,aa,c1,38,d3,01,bc,72,.. "a0"=hex:20,01,00,00,74,c2,99,82,34,b7,50,39,dc,12,ca,b3,88,a3,8c,97,1a,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:c9,53,e6,e5,76,d8,03,63,33,0a,bf,d9,00,39,78,8d,55,05,e0,ae,ac,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:fd,63,91,f9,ba,6d,bf,a3,8a,e9,fc,a2,eb,1b,7f,4d,bc,89,52,8e,ac,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:18,dd,28,f5,28,36,0e,76,f0,3a,bd,6e,db,57,5c,a4,f7,73,d4,27,38,.. "p0"="C:\Program Files\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:c0,2f,2b,9a,bd,d4,46,a1,0a,3f,b7,53,1e,67,aa,c1,38,d3,01,bc,72,.. "a0"=hex:20,01,00,00,74,c2,99,82,34,b7,50,39,dc,12,ca,b3,88,a3,8c,97,1a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:97,ba,96,87,ac,14,08,7d,7e,a7,89,0d,94,b0,06,01,76,9e,1f,16,11,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:e9,93,e8,40,51,59,11,17,a8,5f,ac,ae,19,43,00,0b,9e,06,54,6f,f7,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:18,dd,28,f5,28,36,0e,76,f0,3a,bd,6e,db,57,5c,a4,f7,73,d4,27,38,.. "p0"="C:\Program Files\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:c0,2f,2b,9a,bd,d4,46,a1,0a,3f,b7,53,1e,67,aa,c1,38,d3,01,bc,72,.. "a0"=hex:20,01,00,00,74,c2,99,82,34,b7,50,39,dc,12,ca,b3,88,a3,8c,97,1a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:c9,53,e6,e5,76,d8,03,63,33,0a,bf,d9,00,39,78,8d,55,05,e0,ae,ac,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:fd,63,91,f9,ba,6d,bf,a3,8a,e9,fc,a2,eb,1b,7f,4d,bc,89,52,8e,ac,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Ohjelmat\\utorrent\\utorrent.exe"="C:\\Ohjelmat\\utorrent\\utorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC" "C:\\evolutionv3\\mirc.exe"="C:\\evolutionv3\\mirc.exe:*:Enabled:mIRC" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "F:\\Pelit\\Neverwinter Nights 2\\nwn2main.exe"="F:\\Pelit\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main" "F:\\Pelit\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="F:\\Pelit\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD" "F:\\Pelit\\Neverwinter Nights 2\\nwupdate.exe"="F:\\Pelit\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater" "F:\\Pelit\\Neverwinter Nights 2\\nwn2server.exe"="F:\\Pelit\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server" "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\sandra.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\sandra.exe:*:Enabled:SiSoftware Sandra Professional" "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Professional" "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Professional" "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home" "L:\\Pelit\\Battlefield 2\\BF2.exe"="L:\\Pelit\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2" "L:\\Pelit\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="L:\\Pelit\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)" "L:\\Pelit\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="L:\\Pelit\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)" "C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client" "L:\\Pelit\\Nexus - The Jupiter Incident\\nexus_dx9.exe"="L:\\Pelit\\Nexus - The Jupiter Incident\\nexus_dx9.exe:*:Enabled:Nexus" "L:\\Pelit\\Serious Sam\\Bin\\SeriousSam.exe"="L:\\Pelit\\Serious Sam\\Bin\\SeriousSam.exe:*:Enabled:SeriousSam" "L:\\Pelit\\MX vs ATV Unleashed\\MXvsATV.exe"="L:\\Pelit\\MX vs ATV Unleashed\\MXvsATV.exe:*:Enabled:MXvsATV" "L:\\Pelit\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"="L:\\Pelit\\Sins of a Solar Empire\\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire" "L:\\Pelit\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"="L:\\Pelit\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe:*:Enabled:Rainbow Six Vegas" "L:\\Pelit\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"="L:\\Pelit\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe:*:Enabled:Rainbow Six Vegas Updater" "L:\\Pelit\\World in Conflict\\wic.exe"="L:\\Pelit\\World in Conflict\\wic.exe:*:Enabled:World in Conflict" "L:\\Pelit\\World in Conflict\\wic_online.exe"="L:\\Pelit\\World in Conflict\\wic_online.exe:*:Enabled:World in Conflict - Online Only" "L:\\Pelit\\World in Conflict\\wic_ds.exe"="L:\\Pelit\\World in Conflict\\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server" "L:\\Pelit\\FEARCombat\\FEARMP.exe"="L:\\Pelit\\FEARCombat\\FEARMP.exe:*:Enabled:FEAR Combat" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\Backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor" "C:\\Program Files\\Autodesk\\Backburner\\manager.exe"="C:\\Program Files\\Autodesk\\Backburner\\manager.exe:*:Enabled:backburner 2.3 manager" "C:\\Program Files\\Autodesk\\Backburner\\server.exe"="C:\\Program Files\\Autodesk\\Backburner\\server.exe:*:Enabled:backburner 2.3 server" "J:\\Piirto\\3ds Max 2009\\3dsmax.exe"="J:\\Piirto\\3ds Max 2009\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 32-bit" "L:\\Pelit\\Battlefield 2142\\BF2142.exe"="L:\\Pelit\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2" "L:\\Pelit\\Space Siege\\Space Siege\\SpaceSiege.exe"="L:\\Pelit\\Space Siege\\Space Siege\\SpaceSiege.exe:*:Enabled:Space Siege" "L:\\Pelit\\Space Siege\\GPGNet\\GPG.Multiplayer.Client.exe"="L:\\Pelit\\Space Siege\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet" "C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\sandra.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\sandra.exe:*:Enabled:SiSoftware Sandra Professional" "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Professional" "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Professional" "L:\\Pelit\\Exteel\\System\\Exteel.exe"="L:\\Pelit\\Exteel\\System\\Exteel.exe:*:Enabled:Exteel" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" Remaining Files : Files with Hidden Attributes : Fri 9 Mar 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Mon 10 Apr 2006 1,061 A..H. --- "C:\Program Files\Outlook Express\fqT6QtG7eXq\csfbK8pbRZYO37H.tmp" Sun 11 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Sun 11 Feb 2007 940 A..H. --- "C:\Documents and Settings\joo\Application Data\PACE Anti-Piracy\5AKMpjZL\vNl1VlE7qFXX8pE.tmp" Mon 23 Mar 2009 1,301 ...HR --- "C:\Documents and Settings\joo\Application Data\SecuROM\UserData\securom_v7_01.bak" Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\joo\Application Data\U3\temp\Launchpad Removal.exe" Finished!
On myös tälläinen ongelma, että välillä netti yhteys ei toimi, eli nettiliikenne ei kuje vaikka yhteys ei valitakkaan mitää vikaa, eli ei pääse internet sivuille eikä p2p liikenne toimi mutta yhteys näyttää olevansa kunnossa. Pääsin nettiin taas irrottamalla nettipiuhan ja laittamalla sen takaisin kiinni ja ajamalla repairin. Mikähän mahtaisi aiheuttaa tälläistä. Myös tätäkään ei ole tapahtunu ennemmin, kuin tässä parin päivän aikana.
