|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Apua,Hujo....
|
|
Member
|
28. kesäkuuta 2008 @ 13:42 |
Linkki tähän viestiin
|
...tai joku muu mua fiksumpi.Koneen kun avaa niin näytön resoluutio on ääripäässä(640*480),virkistystaajuus 60Hz,mä pidän sitä 75Hz,selaimen ikkunat kohdistuu yli näytön.Asetukset eivät siis tallennu muistiin kun
koneen sammuttaa tai uudelleenkäynn.Asetukset saa takaisin,mutta se on tehtävä joka kerta kun koneen avaa.Tässä pari lokia,jos niistä olis apua.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:29, on 28.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thepiratebay.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\utorrent\utorrent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase9563.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://plugin.driveragent.com/files/driveragent.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by119fd.bay119.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
--
End of file - 5579 bytes
----------------------------------------------------------------------
ComboFix 08-06-20.4 - Mikko 2008-06-28 13:22:57.18 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.616 [GMT 3:00]
Running from: C:\Documents and Settings\Mikko\Työpöytä\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-28 to 2008-06-28 )))))))))))))))))
.
2008-06-28 10:30 . 2008-06-28 10:30 <KANSIO> d----c--- C:\fsaua.data
2008-06-28 00:13 . 2008-06-28 00:13 106 --a--c--- C:\delete.bat
2008-06-27 21:41 . 2008-06-27 21:41 <KANSIO> d-------- C:\Documents and Settings\All Users\Mallit
2008-06-26 17:56 . 2008-06-15 15:28 81,920 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-26 17:56 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-26 14:46 . 2008-06-26 15:13 <KANSIO> d----c--- C:\Downloads
2008-06-25 23:25 . 2008-06-25 23:25 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-25 17:17 . 2008-06-25 17:19 <KANSIO> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-25 17:17 . 2008-06-25 17:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\SUPERAntiSpyware.com
2008-06-25 13:39 . 2008-06-25 13:39 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-23 18:34 . 2008-06-23 18:34 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2008-06-23 18:34 . 2008-06-23 18:34 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-06-16 18:47 . 2008-06-16 18:47 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\WinPatrol
2008-06-16 18:46 . 2008-06-16 18:46 <KANSIO> d-------- C:\Program Files\BillP Studios
2008-06-16 16:55 . 2008-06-16 16:55 <KANSIO> d-------- C:\Program Files\MSXML 6.0
2008-06-16 16:55 . 2008-06-16 16:55 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-06-16 16:32 . 2008-04-13 21:45 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-06-16 16:32 . 2008-04-13 21:45 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-06-16 16:31 . 2008-06-16 16:31 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-16 16:31 . 2008-06-16 16:31 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-11 00:45 . 2008-05-08 17:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 00:44 . 2008-06-14 20:34 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 12:42 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-06-09 12:41 . 2008-06-09 12:41 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2008-06-09 12:41 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-06-09 12:41 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-06-09 12:41 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-06-09 12:41 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-06-09 12:41 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-06-09 12:41 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-06-02 11:27 . 2008-06-27 13:00 <KANSIO> d-------- C:\Kaspersky
2008-05-29 19:26 . 2008-05-29 19:28 <KANSIO> d-------- C:\WINDOWS\system32\autorun
2008-05-29 19:06 . 2005-12-30 15:02 40,960 --a------ C:\WINDOWS\system32\ImageItEncrypt.exe
2008-05-29 01:34 . 2008-06-27 15:16 <KANSIO> d--h-c--- C:\$AVG8.VAULT$
2008-05-28 13:28 . 2008-05-28 13:28 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-28 13:28 . 2008-05-28 13:28 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-28 13:27 . 2008-06-27 14:38 <KANSIO> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-28 13:27 . 2008-05-28 13:27 <KANSIO> d-------- C:\Program Files\AVG
2008-05-28 13:27 . 2008-05-28 13:27 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-28 13:20 . 2008-05-28 13:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 10:15 --------- d-----w C:\Documents and Settings\Mikko\Application Data\uTorrent
2008-06-28 09:39 --------- d-----w C:\Documents and Settings\Mikko\Application Data\dvdcss
2008-06-28 09:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-27 21:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-06-27 18:45 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-06-27 14:14 --------- d-----w C:\Program Files\PokerStars
2008-06-27 10:20 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 07:38 --------- d-----w C:\Documents and Settings\Mikko\Application Data\Vso
2008-06-26 16:46 --------- d-----w C:\Documents and Settings\Mikko\Application Data\LimeWire
2008-06-26 16:24 --------- d-----w C:\Program Files\MansionPoker
2008-06-26 16:21 --------- d-----w C:\Program Files\Full Tilt Poker
2008-06-26 10:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-25 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-06-25 21:15 47,360 ----a-w C:\Documents and Settings\Mikko\Application Data\pcouffin.sys
2008-06-24 22:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-23 16:47 --------- d-----w C:\Program Files\ffdshow
2008-06-19 14:48 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-19 14:47 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-06-16 21:13 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-16 13:56 --------- d-----w C:\Program Files\Nokia
2008-06-14 17:34 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 17:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-06-11 07:39 --------- d-----w C:\Program Files\NetMeter
2008-06-10 17:27 --------- d-----w C:\Program Files\LimeWire
2008-05-27 10:06 --------- d-----w C:\Program Files\Common Files\MicroWorld
2008-05-25 21:39 --------- d-----w C:\Documents and Settings\Mikko\Application Data\FrostWire
2008-05-25 20:53 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-05-25 18:20 --------- d-----w C:\Program Files\Evil Player
2008-05-18 20:48 6,309,305 ----a-w C:\WINDOWS\REGBK01.ZIP
2008-05-16 06:32 --------- d-----w C:\Documents and Settings\Mikko\Application Data\ImgBurn
2008-05-15 17:33 --------- d-----w C:\Program Files\Sun
2008-05-15 17:32 --------- d-----w C:\Program Files\Java
2008-05-15 17:24 --------- d-----w C:\Program Files\Common Files\Java
2008-05-14 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-09 19:35 6,275,296 ----a-w C:\WINDOWS\REGBK00.ZIP
2008-05-09 19:00 17,336 ----a-w C:\WINDOWS\winsbak.reg
2008-05-09 19:00 154,664 ----a-w C:\WINDOWS\winsbak2.reg
2008-05-09 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 13:24 --------- d-----w C:\Documents and Settings\Mikko\Application Data\AdobeUM
2008-05-07 10:50 --------- d-----w C:\Documents and Settings\Mikko\Application Data\DVDFab
2008-05-07 05:12 1,288,704 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 21:53 --------- d-----w C:\Documents and Settings\Mikko\Application Data\Ahead
2008-05-06 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-05-06 06:01 45,056 ----a-w C:\WINDOWS\system32\WNASPI32.DLL
2008-05-06 06:01 16,512 ----a-w C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-04-21 06:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 16:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 16:15 331,264 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 16:11 997,888 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 16:10 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 16:09 7,168 ----a-w C:\WINDOWS\system32\f3ahvoas.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 16:09 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 16:09 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 15:49 2,147,840 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 15:49 2,026,496 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 15:48 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 15:46 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 15:45 80,384 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 15:44 48,640 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 15:43 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 15:41 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 15:41 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 15:40 65,536 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 15:39 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-14 15:38 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 06:12 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 06:11 992,256 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 06:11 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:40 440,832 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:36 2,921,984 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:35 186,368 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2007-07-15 17:02 556 ----a-w C:\Documents and Settings\Mikko\Application Data\internaldb8467.dat
2007-07-15 17:02 374 ----a-w C:\Documents and Settings\Mikko\Application Data\internaldb6334.dat
2007-07-15 17:02 18,432 ----a-w C:\Documents and Settings\Mikko\Application Data\internaldb41.dat
2007-06-17 12:36 23 --sha-w C:\WINDOWS\system32\abebcdcb3_r.dll
2007-05-08 19:02 5 --sha-w C:\WINDOWS\system32\feecfa6_d.dll
2007-05-08 18:57 5 --sha-w C:\WINDOWS\system32\feecfa6_s.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\utorrent\utorrent.exe" [2008-01-30 02:00 219952]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 17:29 7700480]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-04-25 20:31 333120]
"ClocX"="C:\Program Files\ClocX\ClocX.exe" [2007-07-26 18:43 270336]
"nwiz"="nwiz.exe" [2006-11-17 17:29 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-11-17 17:29 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailScan Dispatcher]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"EVEREST AutoStart"=C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
"Uniblue SpeedUpMyPC"=C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
"SoundMan"=SOUNDMAN.EXE
"nwiz"=nwiz.exe /install
"Acer Empowering Technology Monitor"=C:\WINDOWS\system32\SysMonitor.exe
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"KingKongCapture"=C:\Program Files\King Kong Software\Capture\KingKongCapture.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT.EXE"=
"C:\\Program Files\\B2BPOKER\\JetBetPoker\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\B2BPOKER\\Club4Aces.com\\jre\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"C:\\Kaspersky\\kavupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-28 13:27]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 03:00]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-28 13:27]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-28 13:27]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-28 13:28]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 19:12]
S3 int15.sys;int15.sys;C:\acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-28 10:13:32 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-27 02:45:06 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-24 12:21:16 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-06-08 08:31:23 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 13:23:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-28 13:24:22
ComboFix-quarantined-files.txt 2008-06-28 10:24:07
ComboFix2.txt 2008-06-28 10:19:41
Pre-Run: 84,473,364,480 tavua vapaana
Post-Run: 84,464,185,344 tavua vapaana
254 --- E O F --- 2008-06-27 21:24:38
|
|
