SAA POISTAA

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by pelle1984, Aug 26, 2009.

Thread Status:
Not open for further replies.
  1. pelle1984

    pelle1984 Member

    Joined:
    Aug 26, 2009
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    EDIT. Lisäksi en pysty edes asentamaan hijack this ohjelmaa. Näkyy prosesseissa sen installeri olevan päällä mutta mitään ei näy missään. Tuon login sain kun käytin random's system information tool (RSIT).Koneessa on kaikenlaista pientä vaivaa. Esim pop-uppeja. Välillä ei netti toimi. Malwarebytes anti malware ei lähde päälle. Kuten ei myöskään spybot. Näkyvät task managerilla kyllä että prosessit ovat päällä mutta mitään ei näy. Lisäksi prosesseissa näkyy välillä viisikin svchost.exeä kuten myös iexplore.exeä. Ietä en edes käytä koskaan. Kokeiltu myös safe modessa käynnistää mutta ei mitään eroa.

    Avgllä skannattu ja löysi ainakin seuraavia kavereita mutta ei osaa kuitenkaan ilmeisesti niille mitään tehdä:
    Trojan horse SHeur2.AXZY
    Win32/Cryptor

    Ovat siis kuitenkin virus vaultissa.

    Siinä vielä hijack this logi:

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Admin at 2009-08-26 19:52:36
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 5 GB (25%) free of 20 GB
    Total RAM: 1022 MB (53% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:52:36, on 26.8.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\DriveCrypt Plus Pack\DCPP2Svc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\mgabg.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\Iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Documents and Settings\Admin\Desktop\RSIT.exe
    C:\Program Files\trend micro\Admin.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248465587078
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248465574015
    O17 - HKLM\System\CCS\Services\Tcpip\..\{37CDE307-7899-4205-99EA-E17335A1C7A8}: NameServer = 208.67.222.222,208.67.220.220
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: SecurStar DCPP 3.81+ Service (DCPP2Svc) - Unknown owner - C:\Program Files\DriveCrypt Plus Pack\DCPP2Svc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

    --
    End of file - 6566 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\1-Click Maintenance.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-05-20 28160]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
    C:\PROGRA~1\AVG7\avgcc.exe /STARTUP []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
    C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-21 2007832]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2004-02-18 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    C:\WINDOWS\KHALMNPR.EXE [2005-05-20 28160]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Matrox Powerdesk]
    C:\WINDOWS\system32\PDesk\PDesk.exe [2004-09-14 684032]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-11-24 487424]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOST.EXE]
    C:\WINDOWS\system32\drivers\svchost.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2005-05-25 450560]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    C:\PROGRA~1\MICROS~1\Office10\OSA.EXE [2001-02-13 83360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    C:\WINDOWS\system32\avgrsstx.dll [2009-08-21 11952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=255
    "NoResolveTrack"=1
    "NoResolveSearch"=1
    "NoSMConfigurePrograms"=1
    "NoSMHelp"=1
    "ForceClassicControlPanel"=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\Program Files\Ratajik Software\StationRipper\StationRipperConsole.exe"="C:\Program Files\Ratajik Software\StationRipper\StationRipperConsole.exe:*:Enabled:StationRipperConsole"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\Program Files\AVG7\avginet.exe"="C:\Program Files\AVG7\avginet.exe:*:Enabled:avginet.exe"
    "C:\Program Files\AVG7\avgamsvr.exe"="C:\Program Files\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\Program Files\AVG7\avgcc.exe"="C:\Program Files\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    ======List of files/folders created in the last 1 months======

    2009-08-26 19:49:22 ----D---- C:\rsit
    2009-08-26 19:49:22 ----D---- C:\Program Files\trend micro
    2009-08-26 19:26:46 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-08-26 19:24:42 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-08-26 19:24:42 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-08-26 17:25:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-08-26 00:36:01 ----D---- C:\Program Files\Processexplorer1
    2009-08-24 01:29:52 ----A---- C:\Program Files\Plugins.ini
    2009-08-24 01:29:52 ----A---- C:\Program Files\CoreTemp.ini
    2009-08-24 01:29:32 ----A---- C:\Program Files\Core Temp.exe
    2009-08-21 23:26:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
    2009-08-21 23:26:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
    2009-08-21 23:26:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
    2009-08-21 23:26:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
    2009-08-21 23:26:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
    2009-08-21 23:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
    2009-08-21 23:26:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
    2009-08-21 23:26:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
    2009-08-21 23:25:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
    2009-08-21 23:25:54 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
    2009-08-21 23:25:44 ----A---- C:\WINDOWS\system32\MRT.INI
    2009-08-21 20:47:15 ----HD---- C:\$AVG8.VAULT$
    2009-08-21 20:34:29 ----A---- C:\WINDOWS\system32\avgrsstx.dll
    2009-08-21 20:34:19 ----D---- C:\Program Files\AVG
    2009-08-21 20:34:19 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2009-08-21 18:58:34 ----A---- C:\WINDOWS\system32\lsdelete.exe
    2009-08-21 18:49:06 ----HDC---- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
    2009-08-21 18:36:38 ----A---- C:\Program Files\Ad-AwareAE807.exe
    2009-08-04 23:55:56 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-08-04 23:55:56 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-08-04 23:55:56 ----A---- C:\WINDOWS\system32\java.exe
    2009-07-28 00:48:36 ----A---- C:\Program Files\installer_µtorrent_1_8_2_Suomi_Finnish.exe

    ======List of files/folders modified in the last 1 months======

    2009-08-26 19:52:18 ----SHD---- C:\WINDOWS\Installer
    2009-08-26 19:52:18 ----RD---- C:\Program Files
    2009-08-26 19:52:08 ----D---- C:\Documents and Settings\Admin\Application Data\uTorrent
    2009-08-26 19:46:55 ----D---- C:\Program Files\Mozilla Firefox
    2009-08-26 19:37:03 ----D---- C:\WINDOWS\system32
    2009-08-26 19:26:46 ----D---- C:\WINDOWS
    2009-08-26 19:25:15 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-08-26 19:23:20 ----D---- C:\WINDOWS\system32\drivers
    2009-08-26 18:07:35 ----D---- C:\WINDOWS\Prefetch
    2009-08-26 17:04:14 ----D---- C:\Program Files\Warettajan Työkalusetti
    2009-08-26 04:21:27 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-08-24 00:18:46 ----D---- C:\Program Files\SpeedFan
    2009-08-23 15:50:19 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-08-21 23:31:15 ----D---- C:\WINDOWS\system32\dllcache
    2009-08-21 23:30:50 ----D---- C:\Program Files\Internet Explorer
    2009-08-21 23:26:37 ----HD---- C:\WINDOWS\inf
    2009-08-21 23:26:35 ----HD---- C:\WINDOWS\$hf_mig$
    2009-08-21 23:26:19 ----D---- C:\Program Files\Outlook Express
    2009-08-21 23:26:03 ----D---- C:\WINDOWS\Temp
    2009-08-21 23:22:44 ----D---- C:\WINDOWS\WinSxS
    2009-08-21 23:22:33 ----D---- C:\WINDOWS\system32\en-us
    2009-08-21 23:20:11 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2009-08-21 22:36:01 ----RSH---- C:\boot.ini
    2009-08-21 22:36:01 ----N---- C:\WINDOWS\win.ini
    2009-08-21 22:36:01 ----N---- C:\WINDOWS\system.ini
    2009-08-21 20:43:40 ----D---- C:\Program Files\AVG7
    2009-08-21 19:39:59 ----SD---- C:\WINDOWS\Tasks
    2009-08-21 18:50:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-08-21 18:48:59 ----D---- C:\Program Files\Lavasoft
    2009-08-05 12:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
    2009-08-04 23:55:53 ----D---- C:\Program Files\Java
    2009-07-30 03:49:14 ----A---- C:\WINDOWS\system32\MRT.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-21 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-21 27784]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
    R1 VIAPFD;VIAPFD; C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2002-07-12 3279]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
    R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-02-28 62336]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-12-04 4025984]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
    R3 LHidKE;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-05-20 25600]
    R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-05-20 68352]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
    S3 ALSysIO;ALSysIO; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\ALSysIO.sys []
    S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
    S3 G400;G400; C:\WINDOWS\system32\DRIVERS\G400m.sys [2001-08-17 322432]
    S3 G400DH;G400DH; C:\WINDOWS\system32\DRIVERS\g400dhm.sys [2004-09-14 348800]
    S3 se44bus;Sony Ericsson Device 068 driver (WDM); C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
    S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
    S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
    S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
    S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS); C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
    S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
    S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM); C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
    R2 Autodata Limited License Service;Autodata Limited License Service; C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [2008-01-23 72704]
    R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-21 297752]
    R2 DCPP2Svc;SecurStar DCPP 3.81+ Service; C:\Program Files\DriveCrypt Plus Pack\DCPP2Svc.exe [2002-02-02 150976]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
    R2 MGABGEXE;MGABGEXE; C:\WINDOWS\system32\mgabg.exe [2007-04-19 81920]
    R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2007-03-02 407056]
    R2 UxTuneUp;TuneUp Design Expansion; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    R3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2007-03-02 734736]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
    S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
    S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------
     
    Last edited: Aug 26, 2009
    pelle1984, Aug 26, 2009
    #1
  2. pelle1984

    pelle1984 Member

    Joined:
    Aug 26, 2009
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    Ratkaisu oli niinkin yksinkertainen kuin nimetä malwarebytesin asennustiedosto joksikin muuksi. Tämän jälkeen onnistui asennus ja asennuksen jälkeen vielä piti nimetä ohjelman käynnistystiedosto muuksi niin se oli sitten siinä ja sai skannattua ja pöpöt poistettua. Tämän topikin saa poistaa!
     
    pelle1984, Aug 26, 2009
    #2
Thread Status:
Not open for further replies.

Share This Page