Avast ilmoitti troijalaisessta win32:Adloader-AC tiedostossa pagefile.sys. Voiko ilmoitus johtua siitä että Ad-Aware pyöri samaanaikaan? Kiitos. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:18:16, on 7.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\WinPatrol\winpatrol.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\lg_fwupdate\fwupdate.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Live_TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv0.dll O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Live_TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv0.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Live_TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv0.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6150 bytes
Lataa VundoFix.exe työpöydällesi. Tupla-klikkaa VundoFix.exe ajaaksesi sen. Klikkaa Scan for Vundo valintaa. Kun skannaus on valmis, klikkaa Remove Vundo valintaa. Sinulta kysytään haluatko poistaa filut - klikkaa YES. Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa. Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK. Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö. Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan. Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä. ================ 1.Lataa combofix.exe työpöydällesi jommastakummasta linkistä: combofix1 combofix2 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Löytykö siitä edellisestä Hjt-logista joku örkki? Vundo ei löytäny mitään. Combofix-logi ja uusi Hjt-logi. ComboFix 07-10-07.2 - Aikuinen 2007-10-08 9:05:01.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1645 [GMT 3:00] Running from: C:\Documents and Settings\Aikuinen\Ty”p”yt„\ComboFix.exe * Created a new restore point . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-09-08 to 2007-10-08 ))))))))))))))))) . 2007-10-08 09:03 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-08 08:59 <KANSIO> d-------- C:\VundoFix Backups 2007-10-08 08:53 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-10-08 08:53 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-10-08 08:53 <KANSIO> d-------- C:\WINDOWS\LastGood 2007-10-07 16:11 <KANSIO> d-------- C:\HJT 2007-10-07 08:03 <KANSIO> d-------- C:\Documents and Settings\Aikuinen\SecurityScans 2007-10-07 07:59 <KANSIO> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2 2007-10-05 21:35 <KANSIO> d-------- C:\Documents and Settings\Aikuinen\Application Data\ClonySoft 2007-10-04 18:23 <KANSIO> d-------- C:\Documents and Settings\Lapsi\Application Data\LEGO Company 2007-10-04 15:56 <KANSIO> d-------- C:\Program Files\LEGO Company 2007-10-04 15:56 <KANSIO> d-------- C:\Documents and Settings\Aikuinen\Application Data\LEGO Company 2007-09-24 09:31 1,974,304 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-09-24 09:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-09-23 22:02 <KANSIO> d--h----- C:\WINDOWS\PIF 2007-09-22 19:01 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE 2007-09-22 19:01 <KANSIO> d-------- C:\WINDOWS\system32\Lang 2007-09-20 22:30 <KANSIO> d-------- C:\Program Files\VideoIMPro 2007-09-16 12:10 <KANSIO> d---s---- C:\Documents and Settings\Aikuinen\UserData 2007-09-12 17:53 <KANSIO> d-------- C:\Program Files\Common Files\DirectX 2007-09-10 16:34 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2007-09-10 16:33 <KANSIO> d-------- C:\Program Files\Common Files\WinMain 2007-09-10 16:33 <KANSIO> d-------- C:\Program Files\Codejock Software 2007-09-10 16:32 <KANSIO> d-------- C:\mcamX2-Demo . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-08 08:51 --------- d-------- C:\Program Files\lg_fwupdate 2007-10-07 17:41 25964 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-10-06 22:30 --------- d-------- C:\Program Files\RevConnect 2007-10-06 22:04 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-09-24 17:06 --------- d-------- C:\Program Files\Live_TV 2007-09-21 23:40 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-09-21 23:40 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-09-16 14:15 --------- d-------- C:\Program Files\TuneUp Utilities 2007 2007-09-12 21:41 --------- d-------- C:\Program Files\Orthos 2007-09-10 16:33 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-09-07 11:31 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-09-06 16:14 75248 --a------ C:\WINDOWS\zllsputility.exe 2007-09-06 16:14 1086952 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-09-06 13:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-09-06 13:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 13:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 13:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 13:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 13:00 95608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-09-06 13:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-08-30 01:20 --------- d-------- C:\Program Files\BSplayer 2007-08-24 19:46 --------- d-------- C:\Documents and Settings\Aikuinen\Application Data\CyberLink 2007-08-24 19:45 --------- d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2007-08-22 11:41 --------- d-------- C:\Documents and Settings\Aikuinen\Application Data\Ahead 2007-08-22 11:36 --------- d-------- C:\Program Files\Ahead 2007-08-22 11:35 --------- d-------- C:\Program Files\CyberLink DVD Solution 2007-08-22 11:22 --------- d-------- C:\Program Files\Common Files\LightScribe 2007-08-22 11:19 --------- d-------- C:\Program Files\CyberLink 2007-08-21 01:57 --------- d-------- C:\Documents and Settings\Aikuinen\Application Data\AdobeUM 2007-08-21 01:01 --------- d-------- C:\Program Files\AGEIA Technologies 2007-08-19 20:53 --------- d-------- C:\Program Files\PC-TV 2007-08-16 18:24 --------- d-------- C:\Program Files\WinPatrol 2007-08-16 18:18 --------- d-------- C:\Program Files\DOSBox-0.71 2007-08-16 17:55 --------- d-------- C:\Program Files\RPG2000 2007-08-15 20:37 --------- d-------- C:\Documents and Settings\Aikuinen\Application Data\WinPatrol 2007-08-14 15:58 18048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys 2007-08-14 15:58 165376 --a------ C:\WINDOWS\system32\drivers\atksgt.sys 2007-08-12 15:56 --------- d-------- C:\Documents and Settings\Lapsi\Application Data\Comodo 2007-08-12 09:43 --------- d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2007-08-12 09:43 --------- d-------- C:\Documents and Settings\Aikuinen\Application Data\Comodo 2007-08-03 17:02 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2007-08-03 17:02 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll 2007-08-01 22:58 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-08-01 22:58 122880 --a------ C:\WINDOWS\system32\UAService7.exe 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2004-10-01 15:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43] "nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 13:06] "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 04:10] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14] "WinPatrol"="C:\Program Files\WinPatrol\winpatrol.exe" [2007-08-12 01:48] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-16 11:00] "LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2007-08-22 11:27] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SoundMan"=SOUNDMAN.EXE "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" "DAEMON Tools-1033"="D:\temp\daemon.exe" -lang 1033 "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" "AVFX Engine"=C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys R3 UDTT2BDA;DTV-DVB USB2 DVB-T receiver;C:\WINDOWS\system32\Drivers\UDTT2BDA.sys R3 UDTT2HID;UDTT2HID - USB 2.0 HID Driver;C:\WINDOWS\system32\drivers\UDTT2HID.sys R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys S3 sony_ssm.sys;sony_ssm.sys;\??\C:\DOCUME~1\Aikuinen\LOCALS~1\Temp\sony_ssm.sys S3 UDTTUSB;Twinhan - USB2 DVB-T adapter Driver;C:\WINDOWS\system32\Drivers\UDTT2DRV.sys S3 VPNET;DTVNet Ethernet Controller;C:\WINDOWS\system32\DRIVERS\DTVNet.sys *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-08 09:06:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-08 9:07:08 . --- E O F --- HJT-logi Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:16:30, on 8.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\WinPatrol\winpatrol.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\lg_fwupdate\fwupdate.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\Scanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Live_TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv0.dll O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Live_TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv0.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Live_TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv0.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6017 bytes
Poista Live_TV Toolbar scannaa hjt:llä merkkaa paina Fix checked R3 - URLSearchHook: Live_TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv0.dll O2 - BHO: Live_TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv0.dll O3 - Toolbar: Live_TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv0.dll poista vikasiedossa kansio C:\Program Files\Live_TV
