No signal detected + Forceboot joissain ohjelmissa

Failbait · Mar 29, 2008

Alkoi tossa pari päivää sitten, avaan esim Azureuksen niin tapahtuu heti tai Spybot S&D updaterissa. Ongelmat ilmenevät aina samoissa ohjelmissa, muuten kone toimii ok..ja on toiminut viimoset 3 vuotta.

Enpä osaa paremmin selittää kun että kun koitan avata ohjelman niin tulee näyttöön "No signal detected" ja on pakko forceboottia kone, järjestelmävirhelogiin ei tule mitään, olen koittanut toista näyttöä ja näytönohjainta + ajureita. Ajoin parit online scannit ja löytyhän sieltä yksi virus. Tuosta hijackthislogista sen verran että siellä on sekä Avira antivir ja Avast ! mutta avast ei toimi koska en voi asentaa sitä koska tulee juuri tämä ongelma kun yritän.

Logi ->

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:12:02, on 29.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Razer\Diamondback\razerhid.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Razer\Diamondback\razertra.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Razer\Diamondback\razerofa.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Senshi\Työpöytä\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1189195814390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1189195683453
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\Senshi\LOCALS~1\Temp\hpdj00.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10556 bytes

Hujo · Mar 29, 2008

1. Käynnistä Spybot-S&D Edistyneessä tilassa
2. Jos se ei ole Edistyneessä tilassa, mene Tila-valikkoon ja valitse Edistynyt tila
3. Klikkaa vasemmalla Työkalut
4. Klikkaa listassa Pysyvä suojaus
5. Ota rasti pois kohdasta "Pysyvä TeaTimer" ja paina OK.
6. Käynnistä kone uudelleen.

==========

aloita sitten Poista avast koneelta..

==========

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

==========

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

Failbait · Mar 29, 2008

Ongelma...
Combofix.exe -> No signal detected ja forceboot.
voinko suorittaa sen safe modessa ? Siinä ei ole vielä tullut tuota kertaakaan.

Teatimerin otin pois ja avastin

Hujo · Mar 29, 2008

no suorita se siellä

Failbait · Mar 29, 2008

Penteleesti logeja ->

ComboFix 08-03-27.5 - Senshi 2008-03-29 16:02:25.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.792 [GMT 2:00]
Running from: C:\Documents and Settings\Senshi\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-28 to 2008-03-29 )))))))))))))))))
.

2008-03-29 15:25 . 2008-03-29 15:25 <KANSIO> d-------- C:\Documents and Settings\Senshi\Application Data\Leadertech
2008-03-28 22:25 . 2008-03-29 15:58 313,376 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-28 22:25 . 2008-03-29 15:58 2,900 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-28 22:20 . 2008-03-28 22:20 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-28 22:20 . 2008-03-13 23:11 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-03-28 22:20 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-03-28 22:20 . 2008-03-28 22:22 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-28 22:19 . 2008-03-28 22:19 <KANSIO> d-------- C:\Program Files\Zone Labs
2008-03-28 22:18 . 2008-03-29 15:58 <KANSIO> d-------- C:\WINDOWS\Internet Logs
2008-03-28 21:43 . 2008-03-28 21:49 <KANSIO> d-------- C:\Program Files\Windows Live Safety Center
2008-03-28 19:21 . 2008-03-28 19:21 <KANSIO> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-28 19:21 . 2008-03-28 19:21 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-28 15:30 . 2008-03-28 18:43 <KANSIO> d-------- C:\Program Files\EsetOnlineScanner
2008-03-28 15:22 . 2008-03-28 15:22 <KANSIO> d-------- C:\Documents and Settings\Senshi\Application Data\HouseCall 6.6
2008-03-28 12:29 . 2007-12-04 15:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-28 12:29 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-28 12:29 . 2007-12-04 14:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-28 12:29 . 2007-12-04 16:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-28 12:29 . 2007-12-04 16:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-28 12:29 . 2007-12-04 16:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-28 12:29 . 2007-12-04 16:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-28 12:29 . 2007-12-04 16:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-28 12:09 . 2008-03-28 12:09 <KANSIO> d-------- C:\Program Files\TGTSoft
2008-03-27 19:26 . 2008-03-27 19:26 <KANSIO> d-------- C:\fsaua.data
2008-03-27 16:56 . 2008-03-27 16:56 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-03-27 16:51 . 2008-03-27 16:51 <KANSIO> d-------- C:\Program Files\Common Files\ATI Technologies
2008-03-27 16:50 . 2008-03-27 16:52 <KANSIO> d-------- C:\Program Files\ATI Technologies
2008-03-27 16:50 . 2008-01-09 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-03-26 18:08 . 2008-03-26 18:08 <KANSIO> d-------- C:\Program Files\uTorrent
2008-03-26 18:08 . 2008-03-29 15:25 <KANSIO> d-------- C:\Documents and Settings\Senshi\Application Data\uTorrent
2008-03-26 18:06 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-24 03:18 . 2008-03-24 03:18 <KANSIO> d-------- C:\Program Files\GoldWave
2008-03-22 13:06 . 2008-03-24 05:31 <KANSIO> d-------- C:\Converted Music
2008-03-22 13:03 . 2008-03-22 13:03 <KANSIO> d-------- C:\Program Files\Illustrate
2008-03-22 13:03 . 2008-03-22 13:03 131,072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-03-22 13:03 . 2008-03-22 13:03 36,104 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-03-22 13:03 . 2008-03-22 13:03 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp
2008-03-22 07:43 . 2008-03-22 07:43 <KANSIO> d-------- C:\Program Files\Realtek AC97
2008-03-22 07:43 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-03-22 07:43 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-03-22 07:43 . 2008-01-24 16:36 4,127,488 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-03-22 07:43 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\soundman.exe
2008-03-22 07:43 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-03-22 07:43 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-03-22 07:43 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-03-22 07:43 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-03-22 07:43 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-03-20 19:58 . 2008-03-20 19:58 <KANSIO> d-------- C:\sierra
2008-03-15 09:48 . 2008-03-26 15:02 <KANSIO> d-------- C:\Program Files\Ray Adams
2008-03-15 03:33 . 2008-03-24 03:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-15 03:33 . 2008-03-15 03:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-14 20:37 . 2008-03-14 20:37 <KANSIO> d-------- C:\Program Files\VirtualDJ
2008-03-14 16:59 . 2008-03-14 16:59 <KANSIO> d-------- C:\Documents and Settings\Senshi\Application Data\InstallShield
2008-03-14 01:06 . 2008-03-14 01:06 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-13 03:36 . 2008-03-28 23:05 <KANSIO> d-------- C:\Program Files\Steam
2008-03-12 21:16 . 2008-03-12 21:16 <KANSIO> d-------- C:\Program Files\Gravity
2008-03-12 04:29 . 2008-03-22 12:59 <KANSIO> d-------- C:\Documents and Settings\Senshi\Application Data\BSplayer Pro
2008-03-11 20:00 . 2008-03-17 02:49 <KANSIO> d-------- C:\Program Files\AQ2
2008-03-11 00:07 . 1994-09-21 12:00 92,208 --a------ C:\WINDOWS\system\wing.dll
2008-03-11 00:07 . 1994-09-21 12:00 12,800 --a------ C:\WINDOWS\system\wing32.dll
2008-03-11 00:07 . 2008-03-11 00:09 247 --a------ C:\WINDOWS\MugE.ini
2008-03-11 00:04 . 1994-08-24 12:00 188,960 --a------ C:\WINDOWS\system32\wingde.dll
2008-03-11 00:04 . 1994-09-21 12:00 92,208 --a------ C:\WINDOWS\system32\wing.dll
2008-03-11 00:04 . 1994-09-21 12:00 12,800 --a------ C:\WINDOWS\system32\wing32.dll
2008-03-11 00:04 . 1994-09-21 12:00 6,736 --a------ C:\WINDOWS\system32\wingdib.drv
2008-03-11 00:04 . 1994-09-21 12:00 5,024 --a------ C:\WINDOWS\system32\wingpal.wnd
2008-03-07 19:11 . 2008-03-07 19:23 <KANSIO> d-------- C:\Program Files\Windows Live
2008-03-07 19:11 . 2008-03-07 19:23 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-07 19:11 . 2008-03-07 19:13 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-02 15:36 . 2008-03-02 15:36 <KANSIO> d-------- C:\Program Files\Ice
2008-03-02 06:15 . 1999-02-17 19:07 88,576 -r------- C:\WINDOWS\rauninst.exe
2008-02-29 11:58 . 2008-03-02 06:12 <KANSIO> d-------- C:\Program Files\Westwood Chat

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 13:44 556,032 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-03-29 13:44 --------- d-----w C:\Documents and Settings\Senshi\Application Data\Xfire
2008-03-29 12:40 1,338,368 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-29 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-28 20:21 --------- d-----w C:\Documents and Settings\Senshi\Application Data\Skype
2008-03-28 09:18 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-28 09:04 --------- d-----w C:\Program Files\Electronic Arts
2008-03-27 18:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-27 15:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-26 16:06 --------- d-----w C:\Program Files\Java
2008-03-21 09:30 --------- d-----w C:\Documents and Settings\Senshi\Application Data\Azureus
2008-03-20 21:53 --------- d-s---w C:\Program Files\Xfire
2008-03-14 18:37 --------- d-----w C:\Program Files\VirtualDJ
2008-03-14 16:13 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2008-03-14 10:52 --------- d-----w C:\Program Files\Bethesda Softworks
2008-03-13 21:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-12 02:49 --------- d-----w C:\Program Files\DivX
2008-03-12 02:29 --------- d-----w C:\Program Files\Webteh
2008-03-10 23:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\OD2
2008-03-10 23:30 --------- d-----w C:\Program Files\Game Cam
2008-03-07 18:29 --------- d-----w C:\Program Files\LimeWire
2008-03-02 00:24 --------- d-----w C:\Program Files\EA GAMES
2008-02-25 20:48 --------- d-----w C:\Program Files\Razer
2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-19 10:01 --------- d-----w C:\Documents and Settings\Senshi\Application Data\GRETECH
2008-02-19 10:00 --------- d-----w C:\Program Files\GRETECH
2008-02-13 11:51 --------- d-----w C:\Program Files\Winamp
2008-02-11 07:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 07:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 11:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-06 13:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-06 13:48 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-05 06:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2008-02-01 09:08 --------- d-----w C:\Program Files\Real
2008-02-01 09:08 --------- d-----w C:\Program Files\Common Files\xing shared
2008-02-01 09:08 --------- d-----w C:\Program Files\Common Files\Real
2008-01-29 17:37 --------- d-----w C:\Program Files\World of Warcraft
2008-01-28 18:43 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-01-10 09:07 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-01-10 09:06 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-01-10 08:58 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-01-10 08:58 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-01-10 08:57 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-01-10 08:57 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-01-10 08:57 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-01-10 08:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-01-10 08:56 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-01-10 08:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-01-10 08:54 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-01-10 08:46 3,121,888 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-01-10 08:35 1,664,384 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-01-10 08:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-01-10 08:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-01-10 08:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-01-10 08:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-01-10 08:12 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2004-03-11 10:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

------- Sigcheck -------

2006-08-30 16:59 517120 db3f4e477704ca48f26bf9780d12fea2 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-09-15 01:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2006-11-08 14:58 502784 dbe97f84e57c22cad0e945931a2f1a13 C:\WINDOWS\system32\winlogon.exe
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 18:24 1694208]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23 102400]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-18 13:29 249896]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:31 208952]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2003-04-25 14:00 59392]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-04-25 14:00 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-04-25 14:00 455168]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 05:15 83968]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 16:35 32768]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-07 15:25 1400944]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"Diamondback"="C:\Program Files\Razer\Diamondback\razerhid.exe" [2007-02-14 11:15 147456]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 01:12 15360]

C:\Documents and Settings\Senshi\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-03-14 01:06:18 2979664]

C:\Documents and Settings\Senshi\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-03-14 01:06:18 2979664]

C:\Documents and Settings\Senshi\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-03-14 01:06:18 2979664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-09-14 22:09 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"rpcapd"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Steam\\steamapps\\anttikristus\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Steam\\steamapps\\anttikristus\\half-life\\hl.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enGB-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enGB-downloader.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Steam\\steamapps\\nyxem\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\Steam\\steamapps\\anttikristus\\team fortress classic\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\nyxem\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Westwood Chat\\WCHAT.DAT"=
"C:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer(tm) Generals Zero Hour\\game.dat"=
"C:\\Program Files\\Ice\\LanDC++\\LanDC++.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AQ2\\aq2sw.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2007-09-07 22:16]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-09-07 22:16]
R3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-04-24 22:43]
S1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys []
S2 hpdj00;hpdj00;C:\DOCUME~1\Senshi\LOCALS~1\Temp\hpdj00.exe []
S3 npkycryp;npkycryp;C:\Program Files\Gravity\RO\npkycryp.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\OblivionLauncher.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 16:05:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-29 16:05:55
ComboFix-quarantined-files.txt 2008-03-29 14:05:42
Pre-Run: 46,521,069,568 tavua vapaana
Post-Run: 46,543,958,016 tavua vapaana

SDFix: Version 1.164

Run by Senshi on la 29.03.2008 at 16:11

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 16:20:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:fc26fd80
"s2"=dword:dd53ee33
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e6,47,51,19,8a,12,b2,8a,49,7c,54,87,e2,ca,ef,16,c1,bb,7a,1f,a4,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,84,3a,f2,e1,a5,60,6e,2a,64,b3,05,89,38,5f,58,3d,0a,..
"khjeh"=hex:5a,26,18,d3,6a,ee,5d,e4,d0,87,22,06,1d,1e,8c,da,01,87,c0,9e,07,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:57,11,6d,87,40,55,ff,c0,35,03,7a,7f,7b,e6,78,76,27,a6,18,c6,83,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:3f,a1,f9,f6,e2,0c,eb,3b,5d,a0,db,f1,23,86,92,4d,34,33,43,14,3c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,48,a3,20,ee,f9,8e,52,59,90,73,0b,38,ac,a9,bd,b9,0e,..
"khjeh"=hex:eb,c4,5b,6b,cd,1b,b6,da,78,04,25,63,83,78,09,29,9b,84,7e,4f,f3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:79,61,c0,54,0d,ff,a1,58,e8,68,62,82,c0,b3,65,bf,a0,c8,4a,7a,8e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:c2,48,df,45,c2,a6,a6,af,bb,a5,83,cc,51,11,3c,b6,ac,af,79,e6,b5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e6,47,51,19,8a,12,b2,8a,49,7c,54,87,e2,ca,ef,16,c1,bb,7a,1f,a4,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,84,3a,f2,e1,a5,60,6e,2a,64,b3,05,89,38,5f,58,3d,0a,..
"khjeh"=hex:5a,26,18,d3,6a,ee,5d,e4,d0,87,22,06,1d,1e,8c,da,01,87,c0,9e,07,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:57,11,6d,87,40,55,ff,c0,35,03,7a,7f,7b,e6,78,76,27,a6,18,c6,83,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x00ffc\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\30@\23]
"DisplayName"="\xbf"
"DeviceDesc"="\xbf"
"ProviderName"=""
"MFG"=""
"ReinstallString"="\x248c\x77f5\x17b2\x77f5"
"DeviceInstanceIds"=str(7):"`"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\8\xd4\21]
"DisplayName"="\x17a"
"DeviceDesc"="\x17a"
"ProviderName"=""
"MFG"=""
"ReinstallString"="\x248c\x77f5\x17b2\x77f5"
"DeviceInstanceIds"=str(7):"`"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000007f
"TracesSuccessful"=dword:00000004

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Steam\\steamapps\\anttikristus\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\anttikristus\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*isabledxpsp2res.dll,-22019"
"C:\\Program Files\\Steam\\steamapps\\anttikristus\\half-life\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\anttikristus\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Steam\\steamapps\\nyxem\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\nyxem\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steam.exe"="C:\\Program Files\\Steam\\steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Steam\\steamapps\\anttikristus\\team fortress classic\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\anttikristus\\team fortress classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\nyxem\\team fortress 2\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\nyxem\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Westwood Chat\\WCHAT.DAT"="C:\\Program Files\\Westwood Chat\\WCHAT.DAT:*:Enabled:Westwood Online for Windows"
"C:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer(tm) Generals Zero Hour\\game.dat"="C:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer(tm) Generals Zero Hour\\game.dat:*:Enabled:game"
"C:\\Program Files\\Ice\\LanDC++\\LanDC++.exe"="C:\\Program Files\\Ice\\LanDC++\\LanDC++.exe:*:Enabled:LanDC++"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\AQ2\\aq2sw.exe"="C:\\Program Files\\AQ2\\aq2sw.exe:*:Enabled:aq2sw"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 19 Mar 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 27 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 19 Mar 2007 4,348 ...H. --- "C:\Documents and Settings\Senshi\Omat tiedostot\Omat musiikkitiedostot\License Backup\drmv1key.bak"
Mon 19 Mar 2007 20 A..H. --- "C:\Documents and Settings\Senshi\Omat tiedostot\Omat musiikkitiedostot\License Backup\drmv1lic.bak"
Tue 1 Aug 2006 312 A.SH. --- "C:\Documents and Settings\Senshi\Omat tiedostot\Omat musiikkitiedostot\License Backup\drmv2key.bak"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:10, on 29.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Razer\Diamondback\razerhid.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Razer\Diamondback\razertra.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Razer\Diamondback\razerofa.exe
C:\Program Files\Xfire\xfire.exe
C:\Documents and Settings\Senshi\Työpöytä\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1189195814390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1189195683453
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\Senshi\LOCALS~1\Temp\hpdj00.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10536 bytes

Hujo · Mar 29, 2008

poista kansio vikasiedossa..

C:\Program Files\Alwil Software

sammuta ja käynnistä

scannaa uusi loki

Failbait · Mar 29, 2008

Tuo logi on poiston jälkeen, eipä ole mitään Avastista jäljellä koneella enää, Ccleanerin ajoin poiston jälkeen myös. Eli noi vois periaatteessaa poistaa noi hijackthisillä noi Avastin entryt ?

Hujo · Mar 29, 2008

scannaas uusi loki

Failbait · Mar 29, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:55:22, on 29.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Razer\Diamondback\razerhid.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Razer\Diamondback\razertra.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Razer\Diamondback\razerofa.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Senshi\Työpöytä\HiJackThis.exe
C:\WINDOWS\System32\svchost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1189195814390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1189195683453
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10089 bytes

Hujo · Mar 29, 2008

Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
työpöydällesi.

@echo off
sc stop aswUpdSv
sc delete aswUpdSv

Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.

Failbait · Mar 29, 2008

Juups, tein. Eikä tullu tossa edes No signal detected..heh.

Hujo · Mar 29, 2008

jaa et kones vörkii.

Failbait · Apr 1, 2008

Mjoo, taino ongelma esiintyy vielä mutta syypäänä on ATIn ajurit, ilman näyttistä ei tule kyseistä ongelmaa mutta heti kun asentaa niin kyllä. Pitää ettiä ajurit missä ongelmaa ei ilmene. Kiitoksia avusta.

Log in or Sign up

No signal detected + Forceboot joissain ohjelmissa

Failbait Member

Hujo Guest

Failbait Member

Hujo Guest

Failbait Member

Hujo Guest

Failbait Member

Hujo Guest

Failbait Member

Hujo Guest

Failbait Member

Hujo Guest

Failbait Member

Share This Page

Log in or Sign up

No signal detected + Forceboot joissain ohjelmissa

Failbait Member

Hujo Guest

Failbait Member

Hujo Guest

Failbait Member

Hujo Guest

Failbait Member

Hujo Guest

Failbait Member

Hujo Guest

Failbait Member

Hujo Guest

Failbait Member

Share This Page

Useful Searches