Sanooko tämä mitään...

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by E3ti, Dec 21, 2007.

  1. E3ti

    E3ti Member

    Joined:
    Dec 19, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    Jostain troijalaisesta tämä kaikki alkoi. ja nyt on koko pumppu ihan sekasin! mitä tässä voi enää tehdä??

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:50:43, on 21.5.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\o2flash.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\FJS-AMILO\Omat tiedostot\sälää\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://plaza.fi/
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

    http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

    http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware

    2007\aawservice.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner -

    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

    Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
    O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall

    Plus\FWService.exe (file missing)

    --
    End of file - 3992 bytes
     
    E3ti, Dec 21, 2007
    #1
  2. E3ti

    E3ti Member

    Joined:
    Dec 19, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    Tässä vielä Deckard's System Scanner


    Deckard's System Scanner v20071014.68
    Run by FJS-AMILO on 2007-05-26 22:28:19
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as FJS-AMILO.exe) -------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:28:30, on 26.5.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\WINDOWS\system32\o2flash.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\FJS-AMILO\Omat tiedostot\sälää\dss.exe
    C:\DOCUME~1\FJS-AM~1\OMATTI~1\SLB673~1\FJS-AM~1.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://plaza.fi/
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0B20F6C9-F5EF-4E02-B447-206D26DD9516}: NameServer = 193.229.0.40 193.229.0.42
    O17 - HKLM\System\CS3\Services\Tcpip\..\{0B20F6C9-F5EF-4E02-B447-206D26DD9516}: NameServer = 193.229.0.40 193.229.0.42
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
    O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe (file missing)
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

    --
    End of file - 6439 bytes

    -- Files created between 2007-04-26 and 2007-05-26 -----------------------------

    2007-12-19 21:24:20 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Identities
    2007-12-19 21:24:20 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\ATI
    2007-12-19 21:24:19 0 dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
    2007-12-19 21:24:19 0 d--hs---- C:\Documents and Settings\Järjestelmänvalvoja\Cookies
    2007-12-19 21:24:19 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja\Application Data
    2007-12-19 21:24:19 0 d---s---- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft
    2007-12-19 21:24:18 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Local Settings
    2007-12-19 21:24:17 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
    2007-12-19 21:24:17 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
    2007-12-19 21:24:17 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
    2007-12-19 21:24:17 0 dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
    2007-12-19 21:24:17 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja\SendTo
    2007-12-19 21:24:17 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja\Recent
    2007-12-19 21:24:17 0 dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
    2007-12-19 21:24:17 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
    2007-12-19 21:24:13 786432 --a------ C:\Documents and Settings\Järjestelmänvalvoja\ntuser.dat
    2007-12-19 18:40:27 0 d-------- C:\Program Files\ToniArts
    2007-12-19 16:36:29 0 d-------- C:\Program Files\Windows Live Safety Center
    2007-12-19 16:28:36 0 d-------- C:\Program Files\Helper
    2007-12-19 16:27:30 0 d-------- C:\WINDOWS\OpenOffice.org2
    2007-12-19 15:40:12 0 d-------- C:\WINDOWS\DMU2AIQY5DLT19HO
    2007-12-19 15:39:58 0 d-------- C:\WINDOWS\5ENV3BJRZ7FNV2AI
    2007-12-19 15:30:39 0 d-------- C:\WINDOWS\5SBTCVDWEWFZH0J2
    2007-12-19 15:30:23 1536 --a------ C:\WINDOWS\EiŽ0X
    2007-12-19 15:30:14 0 d-------- C:\WINDOWS\CLU2AIQY6EQ2AIQY
    2007-12-19 15:07:06 0 d-------- C:\Documents and Settings\FJS-AMILO\Application Data\PCToolsFirewallPlus
    2007-12-19 15:01:41 8224 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
    2007-12-19 15:01:39 0 d-------- C:\Vodafone
    2007-12-19 14:58:18 0 d-------- C:\WINDOWS\Mozilla
    2007-12-19 12:20:46 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-18 23:09:33 0 d-------- C:\Program Files\CCleaner
    2007-12-18 00:20:28 0 d-------- C:\fb6b485a59ebe7bd2e41f434
    2007-12-18 00:14:55 0 d-------- C:\f92fdb15f1e9c2c64d13
    2007-12-17 18:29:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-12-17 18:23:52 0 d-------- C:\Program Files\a-squared Free
    2007-12-17 17:09:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-17 16:58:49 0 d-------- C:\Documents and Settings\FJS-AMILO\Application Data\AntiSpywareBot
    2007-12-17 16:51:16 0 --a------ C:\WINDOWS\system32\dllgh8jkd1q8.exe
    2007-12-12 01:34:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2007-12-12 01:33:14 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2007-12-12 01:33:14 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2007-12-12 01:33:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2007-12-12 01:33:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2007-12-12 01:33:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2007-12-12 01:33:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2007-12-12 01:32:28 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-11-27 22:28:53 0 d-------- C:\Program Files\Alwil Software
    2007-11-16 12:47:58 0 d-------- C:\Documents and Settings\FJS-AMILO\Application Data\Microsoft Web Folders
    2007-10-31 09:12:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
    2007-10-01 19:27:20 0 --a------ C:\Documents and Settings\FJS-AMILO\Install_Messenger(2).exe
    2007-10-01 19:24:01 372487 --a------ C:\Documents and Settings\FJS-AMILO\autosearch(3).exe
    2007-10-01 19:23:02 372487 --a------ C:\Documents and Settings\FJS-AMILO\autosearch(2).exe
    2007-10-01 19:18:26 372487 --a------ C:\Documents and Settings\FJS-AMILO\autosearch.exe
    2007-09-23 09:49:39 0 d-------- C:\Documents and Settings\FJS-AMILO\Application Data\Vodafone
    2007-09-23 09:41:01 0 d-------- C:\Documents and Settings\FJS-AMILO\Application Data\InstallShield
    2007-09-23 09:41:00 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2007-09-23 09:36:51 8464 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
    2007-09-23 09:36:43 0 d-------- C:\WINDOWS\Downloaded Installations
    2007-09-23 08:30:45 0 d-------- C:\Program Files\Vodafone
    2007-09-05 08:55:07 0 d-------- C:\Documents and Settings\FJS-AMILO\Application Data\AdobeUM
    2007-09-05 08:30:38 0 d-------- C:\Documents and Settings\FJS-AMILO\Application Data\Template
    2007-09-05 08:30:34 4502 --a------ C:\Documents and Settings\FJS-AMILO\Application Data\wklnhst.dat
    2007-09-02 20:55:59 0 d------c- C:\WINDOWS\system32\DRVSTORE
    2007-08-21 13:50:40 0 d-------- C:\Xvid
    2007-08-20 15:49:51 0 d-------- C:\Program Files\Windows Media Connect 2
    2007-08-20 15:48:17 0 d-------- C:\WINDOWS\system32\LogFiles
    2007-08-20 15:48:17 0 d-------- C:\WINDOWS\system32\drivers\UMDF
    2007-08-19 18:51:25 0 d-------- C:\Documents and Settings\FJS-AMILO\Application Data\DivX
    2007-08-19 18:50:03 119951 --a------ C:\DivXBundleUninstall.exe <Not Verified; DivX, Inc.; >
    2007-08-19 18:50:02 119951 --a------ C:\DivXContentUploaderUninstall.exe <Not Verified; DivX, Inc.; >
    2007-08-19 18:50:00 119951 --a------ C:\DivXWebPlayerUninstall.exe <Not Verified; DivX, Inc.; >
    2007-08-19 18:50:00 0 d-------- C:\DivX Content Uploader
    2007-08-19 18:49:59 0 d-------- C:\DivX Web Player
    2007-08-19 18:49:58 119951 --a------ C:\DivXPlayerUninstall.exe <Not Verified; DivX, Inc.; >
    2007-08-19 18:49:51 0 d-------- C:\DivX Player
    2007-08-19 18:49:51 119951 --a------ C:\ConverterUninstall.exe <Not Verified; DivX, Inc.; >
    2007-08-19 18:49:48 0 d-------- C:\DivX Converter
    2007-08-19 18:49:47 119951 --a------ C:\DivXCodecUninstall.exe <Not Verified; DivX, Inc.; >
    2007-08-19 18:49:36 0 d-------- C:\AutoUpdate
    2007-08-19 18:49:36 0 d-------- C:\Artwork
    2007-08-19 12:44:06 1912 --a------ C:\WINDOWS\mozver.dat
    2007-08-19 10:59:35 0 d-------- C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla
    2007-08-16 13:21:26 0 d-------- C:\Documents and Settings\FJS-AMILO\Application Data\OpenOffice.org2
    2007-08-16 13:19:39 0 d-------- C:\Program Files\OpenOffice.org 2.2
    2007-08-16 12:29:41 0 d-------- C:\Program Files\MSECache
    2007-08-11 20:12:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
    2007-08-11 20:12:44 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2007-08-11 16:19:24 0 d-------- C:\Documents and Settings\FJS-AMILO\Application Data\CyberLink
    2007-08-11 13:57:00 0 d-------- C:\Program Files\Lavasoft
    2007-08-11 13:57:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-08-11 13:56:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-08-11 12:09:14 0 d-------- C:\WINDOWS\system32\fi-fi
    2007-08-11 12:06:43 0 d-------- C:\WINDOWS\network diagnostic
    2007-08-11 12:03:46 0 d-------- C:\Program Files\MSXML 4.0
    2007-08-11 11:12:16 0 d-------- C:\Documents and Settings\FJS-AMILO\Application Data\Ahead
    2007-08-11 10:54:16 0 d-------- C:\Program Files\Winamp
    2007-08-11 10:49:14 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
    2007-08-10 20:32:20 0 d-------- C:\Documents and Settings\FJS-AMILO\Application Data\HP
    2007-08-10 20:29:16 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
    2007-08-10 20:28:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
    2007-08-10 20:23:02 0 d-------- C:\Program Files\HP
    2007-08-10 20:21:14 90879 --a------ C:\WINDOWS\hpiins01.dat
    2007-08-10 17:51:11 0 d-------- C:\Documents and Settings\FJS-AMILO\Application Data\Adobe
    2007-08-10 15:54:28 0 d-------- C:\Documents and Settings\FJS-AMILO\Application Data\F-Secure
    2007-06-04 15:18:48 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
    2007-06-04 15:17:02 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
    2007-06-04 15:14:56 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
    2007-05-26 21:22:03 0 d-------- C:\Program Files\Sun
    2007-05-26 21:14:16 0 d-------- C:\Program Files\Java
    2007-05-26 20:51:42 0 d-------- C:\Program Files\Common Files\Java
    2007-05-26 16:40:10 0 d-------- C:\Program Files\Uusi kansio
    2007-05-25 23:11:46 0 d-------- C:\Program Files\DivX
    2007-05-25 22:16:18 0 d-------- C:\Documents and Settings\FJS-AMILO\Application Data\Winamp
    2007-05-25 16:51:16 4939776 --a------ C:\Documents and Settings\FJS-AMILO\ntuser.dat
    2007-05-22 21:55:04 0 d-------- C:\Documents and Settings\FJS-AMILO\Application Data\Grisoft
    2007-05-21 22:48:02 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\.clamwin
    2007-05-21 20:14:29 0 d-------- C:\WINDOWS\CAVTemp
    2007-05-21 19:34:40 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2007-05-21 18:58:55 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
    2007-05-21 18:58:53 0 d-------- C:\Program Files\CA
    2007-05-21 17:25:37 0 d-------- C:\VundoFix Backups
    2007-05-21 13:54:06 0 d-------- C:\Documents and Settings\FJS-AMILO\Application Data\.clamwin
    2007-05-21 13:53:54 0 d-------- C:\Program Files\ClamWin
    2007-05-21 13:53:54 0 d-------- C:\Documents and Settings\All Users\.clamwin
    2007-05-21 13:23:38 81984 --a------ C:\WINDOWS\system32\bdod.bin
    2007-05-21 13:18:02 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
    2007-05-20 20:36:42 0 d-------- C:\Program Files\EMCO Malware Destroyer
    2007-05-20 20:26:07 0 d-------- C:\Program Files\SpywareBlaster
    2007-05-19 23:55:23 0 --a------ C:\WINDOWS\nsreg.dat
    2007-05-19 23:31:10 0 d-------- C:\WINDOWS\SxsCaPendDel
    2007-05-19 23:23:51 0 dr-h----- C:\Documents and Settings\FJS-AMILO\Recent
    2007-05-19 22:51:34 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla
    2007-05-19 22:48:27 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Grisoft
    2007-05-08 15:03:04 1275392 --a------ C:\WINDOWS\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP 2>


    -- Find3M Report ---------------------------------------------------------------

    2007-12-19 18:48:17 0 d-------- C:\Documents and Settings\FJS-AMILO\Application Data\Azureus
    2007-12-19 18:40:26 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-11-16 12:47:31 0 d-------- C:\Program Files\microsoft frontpage
    2007-08-10 18:48:55 0 d-------- C:\Program Files\Google
    2007-08-10 18:48:54 0 d-------- C:\Program Files\Sonera Tietoturva
    2007-08-10 17:50:32 0 d-------- C:\Program Files\Azureus
    2007-05-26 22:18:57 311380 --a------ C:\WINDOWS\system32\perfh00B.dat
    2007-05-26 22:18:57 63178 --a------ C:\WINDOWS\system32\perfc00B.dat
    2007-05-26 20:51:42 0 d-------- C:\Program Files\Common Files
    2007-05-20 14:36:42 0 d-------- C:\Program Files\Common Files\InstallShield
    2007-05-20 14:36:34 0 d-------- C:\Program Files\CyberLink
    2007-05-19 23:31:25 0 d-------- C:\Documents and Settings\FJS-AMILO\Application Data\Macromedia
    2007-04-13 15:19:52 7680 --a------ C:\WINDOWS\system32\lsdelete.exe
    2007-03-05 12:51:56 360580 -ra------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [21.08.2007 21:05]
    "cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [23.11.2007 12:33]
    "CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [23.11.2007 11:48]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11.06.2007 12:25]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [20.12.2007 18:16]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 01:11]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [15.09.2004 15:00]
    "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [11.09.2006 04:40]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr"=0 (0x0)
    "DisableRegistryTools"=0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr"=0 (0x0)
    "DisableRegistryTools"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoWindowsUpdate"=0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
    AutoRun\command- C:\
    open\Command- 043CDAF6.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    AutoRun\command- E:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16f0079c-684b-11dc-83c7-00c0a8cf2f26}]
    AutoRun\command- E:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16f0079d-684b-11dc-83c7-00c0a8cf2f26}]
    AutoRun\command- E:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b704268-6996-11dc-83cc-00c0a8cf2f26}]
    AutoRun\command- E:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b704269-6996-11dc-83cc-00c0a8cf2f26}]
    AutoRun\command- E:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b70426a-6996-11dc-83cc-00c0a8cf2f26}]
    AutoRun\command- E:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b70426b-6996-11dc-83cc-00c0a8cf2f26}]
    AutoRun\command- E:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5db304e2-68df-11dc-83ca-00c0a8cf2f26}]
    AutoRun\command- E:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5db304e3-68df-11dc-83ca-00c0a8cf2f26}]
    AutoRun\command- E:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5db304e4-68df-11dc-83ca-00c0a8cf2f26}]
    AutoRun\command- E:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5db304e5-68df-11dc-83ca-00c0a8cf2f26}]
    AutoRun\command- E:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fd92a22-c332-11db-835f-806d6172696f}]
    AutoRun\command- C:\
    open\Command- 043CDAF6.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98c45b9c-6945-11dc-83cb-00c0a8cf2f26}]
    AutoRun\command- E:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98c45b9d-6945-11dc-83cb-00c0a8cf2f26}]
    AutoRun\command- E:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9775088-69a0-11dc-83ce-00c0a8cf2f26}]
    AutoRun\command- E:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9775089-69a0-11dc-83ce-00c0a8cf2f26}]
    AutoRun\command- E:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aae15fbe-678d-11dc-83c1-00c0a8cf2f26}]
    AutoRun\command- E:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aae15fbf-678d-11dc-83c1-00c0a8cf2f26}]
    AutoRun\command- E:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1e72440-69ff-11dc-83cf-00c0a8cf2f26}]
    AutoRun\command- E:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1e72441-69ff-11dc-83cf-00c0a8cf2f26}]
    AutoRun\command- E:\VMC_PBStarter.exe




    -- End of Deckard's System Scanner: finished at 2007-05-26 22:29:58 ------------
     
    E3ti, Dec 26, 2007
    #2
  3. E3ti

    E3ti Member

    Joined:
    Dec 19, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    ..Ja vielä AVG raportit...


    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 15:53:06 26.5.2007

    + Scan result:



    :mozilla.44:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.45:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.173:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.108:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.109:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.110:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.111:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.91:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.92:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.93:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.94:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.95:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.96:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.97:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.18:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
    :mozilla.124:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.125:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.126:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.127:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.128:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.49:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.


    ::Report end



    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 0:44:32 25.5.2007

    + Scan result:



    :mozilla.12:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.19:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
    :mozilla.43:C:\Documents and Settings\FJS-AMILO\Application Data\Mozilla\Firefox\Profiles\7gjzltff.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.


    ::Report end
     
    E3ti, Dec 26, 2007
    #3

Share This Page