|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Vundo plus jotain muuta
|
|
|
Hujo
Suspended permanently
|
13. syyskuuta 2008 @ 14:45 |
Linkki tähän viestiin
|
katelin vain tuota
Microsoft Office Proof
muutama turha kielipaketti silloin
muttta ei kannata poistaa voi vaikka ottaa siintä siipeeen.
======================
Tyhjennä Malwarebytes' Anti-Malware karanteeni
===================
Tyhjennä nortonin karanteeni
==================
Poista SmitfraudFix koneelta
==================
Kirjoita suorita kohtaan
Combofix.exe /u
paina Ok
==================
Poista roskat
Voiko tietsikka koskaan toimia?
|
|
EDYSTERi
Junior Member
4 tuotearviota
|
13. syyskuuta 2008 @ 14:50 |
Linkki tähän viestiin
|
combofix loki:
ComboFix 08-09-12.07 - eDy 2008-09-13 14:34:07.7 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6001.1.1252.1.1035.18.282 [GMT 3:00]
Sijainti: C:\Users\eDy\Desktop\Downloads\ComboFix.exe
* Uusi palautuspiste luotu
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-08-13 to 2008-09-13 )))))))))))))))))
.
2008-09-13 13:11 . 2008-09-13 13:13 <KANSIO> d-------- C:\Program Files\Java
2008-09-13 13:11 . 2008-09-13 13:11 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-09-12 21:56 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-12 19:48 . 2008-09-12 19:48 <KANSIO> d-------- C:\Program Files\CCleaner
2008-09-11 22:00 . 2008-09-11 22:00 691 --a------ C:\Users\eDy\AppData\Roaming\GetValue.vbs
2008-09-11 22:00 . 2008-09-11 22:00 35 --a------ C:\Users\eDy\AppData\Roaming\SetValue.bat
2008-09-11 17:02 . 2008-09-11 22:00 3,426 --a------ C:\Windows\System32\tmp.reg
2008-09-11 15:02 . 2008-09-11 15:29 <KANSIO> d-------- C:\Program Files\MicroAV
2008-09-11 15:01 . 2008-09-11 15:01 86,016 --a------ C:\Windows\System32\qfulihyl.exe
2008-09-10 21:51 . 2008-09-10 21:51 102,400 --a------ C:\Windows\System32\lidobmnk.exe
2008-09-10 21:07 . 2008-09-10 21:07 102,400 --a------ C:\Windows\System32\yjqnodoj.exe
2008-09-10 20:11 . 2008-09-13 00:47 <KANSIO> d-------- C:\ProgramData\nsfubuns
2008-09-10 20:11 . 2008-09-10 20:11 94,208 --a------ C:\Windows\System32\uhenoxgx.exe
2008-09-10 15:24 . 2008-08-02 04:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 15:24 . 2008-06-26 06:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 15:24 . 2008-06-26 06:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 15:24 . 2008-05-08 22:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 15:24 . 2008-05-20 05:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 15:24 . 2008-06-26 06:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 15:24 . 2008-08-02 06:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-10 15:23 . 2008-07-31 04:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 15:23 . 2008-07-31 06:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-09 23:04 . 2008-09-09 23:04 <KANSIO> d-------- C:\Program Files\QuickTime
2008-09-09 23:04 . 2008-09-09 23:04 <KANSIO> d-------- C:\Program Files\Common Files\Apple
2008-09-09 23:03 . 2008-09-09 23:03 <KANSIO> d-------- C:\ProgramData\Apple Computer
2008-09-07 16:31 . 2008-09-07 16:31 156 --a------ C:\Windows\Twunk001.MTX
2008-09-07 16:31 . 2008-09-07 16:31 2 --a------ C:\Windows\Twain001.Mtx
2008-09-07 16:31 . 2008-09-07 16:31 0 --a------ C:\Windows\Twunk002.MTX
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-09-04 00:45 . 2008-09-04 00:47 <KANSIO> d-------- C:\Users\eDy\AppData\Roaming\SPORE
2008-09-03 14:59 . 2008-09-03 14:59 <KANSIO> d-------- C:\ProgramData\Electronic Arts
2008-09-03 14:59 . 2008-09-04 15:01 10,940 --a------ C:\Windows\System32\ealregsnapshot1.reg
2008-08-31 16:08 . 2008-08-31 16:08 <KANSIO> d-------- C:\ProgramData\FLEXnet
2008-08-31 16:03 . 2008-08-31 16:03 <KANSIO> d-------- C:\ProgramData\ALM
2008-08-28 00:03 . 2008-08-28 00:03 42,320 --a------ C:\Windows\System32\xfcodec.dll
2008-08-26 15:18 . 2008-08-26 15:18 <KANSIO> d-------- C:\Program Files\GALA-NET
2008-08-26 00:05 . 2008-07-19 08:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-26 00:05 . 2008-07-19 06:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-26 00:05 . 2008-07-19 08:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-26 00:05 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-26 00:05 . 2008-07-19 06:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-26 00:05 . 2008-07-19 08:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-26 00:05 . 2008-07-19 08:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-26 00:05 . 2008-07-19 08:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-26 00:05 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-23 06:47 . 2008-08-23 06:47 86,523 --a------ C:\Windows\WinVerCheck.exe
2008-08-14 20:09 . 2008-07-16 04:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-14 19:26 . 2008-06-27 04:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-14 19:26 . 2008-06-27 07:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-14 19:26 . 2008-04-10 08:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-14 19:26 . 2008-06-19 06:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-14 19:26 . 2008-04-18 08:48 269,312 --a------ C:\Windows\System32\es.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-13 11:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-13 11:08 --------- d-----w C:\Program Files\Steam
2008-09-12 18:56 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 13:35 --------- d-----w C:\Users\eDy\AppData\Roaming\Xfire
2008-09-12 13:34 --------- d-----w C:\Users\eDy\AppData\Roaming\uTorrent
2008-09-12 11:57 --------- d-----w C:\ProgramData\Xfire
2008-09-11 19:43 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-10 15:10 --------- d-----w C:\Program Files\Common Files\Steam
2008-09-09 21:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-09-08 00:15 --------- d-----w C:\Users\eDy\AppData\Roaming\mIRC
2008-09-07 20:58 --------- d-----w C:\Users\eDy\AppData\Roaming\LimeWire
2008-09-07 20:35 --------- d-----w C:\Program Files\mIRC
2008-09-07 13:31 --------- d---a-w C:\ProgramData\TEMP
2008-09-07 13:30 --------- d-----w C:\Program Files\Fraps
2008-09-04 16:10 --------- d-----w C:\Program Files\Xfire
2008-09-03 21:34 --------- d-----w C:\Program Files\Electronic Arts
2008-09-03 12:08 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-08-30 21:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-30 21:07 --------- d-----w C:\Program Files\Winamp
2008-08-18 17:26 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-14 17:49 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 11:51 --------- d-----w C:\Program Files\ATI
2008-08-10 12:05 --------- d-----w C:\ProgramData\Codemasters
2008-08-10 12:01 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
2008-08-10 12:01 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
2008-08-10 12:01 --------- d-----w C:\Program Files\OpenAL
2008-08-09 18:45 --------- d-----w C:\ProgramData\Apple
2008-08-09 18:45 --------- d-----w C:\Program Files\Apple Software Update
2008-08-04 22:50 --------- d-----w C:\ProgramData\Symantec
2008-08-02 13:58 --------- d-----w C:\Program Files\Boris FX, Inc
2008-07-31 17:17 --------- d-----w C:\Program Files\VASST
2008-07-31 17:15 --------- d-----w C:\Program Files\Sonic Foundry
2008-07-31 17:15 --------- d-----w C:\Program Files\DebugMode
2008-07-31 07:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll
2008-07-31 07:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll
2008-07-31 07:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 14:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-07-30 14:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-07-30 14:28 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-07-27 23:45 --------- d-----w C:\Users\eDy\AppData\Roaming\Hamachi
2008-07-27 10:27 --------- d-----w C:\Program Files\LimeWire
2008-07-26 11:52 --------- d-----w C:\Program Files\DC++
2008-07-26 10:04 --------- d-----w C:\Program Files\uTorrent Acceleration Tool
2008-07-26 10:03 --------- d-----w C:\Program Files\LimeWire(2)
2008-07-24 09:40 --------- d-----w C:\Program Files\AGEIA Technologies
2008-07-24 09:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-23 10:50 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-07-23 10:44 --------- d-----w C:\Users\eDy\AppData\Roaming\teamspeak2
2008-07-23 00:38 --------- d-----w C:\Program Files\Bonjour
2008-07-23 00:25 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-07-21 23:50 --------- d-----w C:\Users\eDy\AppData\Roaming\Winamp
2008-07-21 21:38 --------- d-----w C:\Program Files\Audacity
2008-07-21 17:00 --------- d-----w C:\ProgramData\TrackMania United
2008-07-21 11:35 --------- d-----w C:\Program Files\TrackMania United
2008-07-20 20:31 --------- d-----w C:\Program Files\IDoser v4
2008-07-18 03:33 --------- d-----w C:\ProgramData\TrackMania
2008-07-16 12:48 --------- d-----w C:\ProgramData\WindowsSearch
2008-07-16 10:36 --------- d-----w C:\ProgramData\River Past G5
2008-07-12 05:18 467,984 ----a-w C:\Windows\System32\d3dx10_39.dll
2008-07-12 05:18 3,851,784 ----a-w C:\Windows\System32\D3DX9_39.dll
2008-07-12 05:18 1,493,528 ----a-w C:\Windows\System32\D3DCompiler_39.dll
2008-07-09 18:30 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-07-09 18:27 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-19 20:43 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-06-19 20:31 315,392 ----a-w C:\Windows\HideWin.exe
2008-06-19 18:43 174 --sha-w C:\Program Files\desktop.ini
2008-06-19 15:06 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-19 15:06 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-13 10:52 6,183,456 ----a-w C:\Windows\RtHDVCpl.exe
2008-05-12 12:40 22,328 ----a-w C:\Users\eDy\AppData\Roaming\PnkBstrK.sys
2008-01-29 18:10 47,360 ----a-w C:\Users\eDy\AppData\Roaming\pcouffin.sys
2008-01-26 12:05 81,920 ----a-w C:\Users\eDy\AppData\Roaming\ezpinst.exe
2007-12-23 22:35 808,448 --sh--r C:\Windows\odbconf.exe
2008-03-13 12:35 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-13 12:35 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-13 12:37 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
2008-03-13 12:37 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
2008-03-13 12:37 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
2008-03-13 12:35 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-05-20 10:24 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051220080519\index.dat
2008-05-26 10:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051920080526\index.dat
2008-05-26 10:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052620080527\index.dat
2008-05-27 10:15 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052720080528\index.dat
2008-05-28 10:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052820080529\index.dat
2008-05-30 08:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008053020080531\index.dat
2008-06-01 10:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008060120080602\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-09-12_21.27.14.61 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-12 17:00:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-13 09:46:09 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-09-12 17:00:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-09-13 09:46:09 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-12 17:04:04 1,310,720 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-09-13 09:48:17 1,310,720 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-09-12 17:03:52 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-09-13 09:49:06 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-09-12 18:08:42 229,376 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-13 11:00:21 229,376 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-12 18:08:42 1,933,312 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-13 11:00:21 1,933,312 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-12 18:08:42 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-13 11:00:21 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-12 18:15:55 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-09-13 11:34:00 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-09-13 11:34:00 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-02-21 23:23:35 135,168 ----a-w C:\Windows\System32\java.exe
+ 2008-06-09 22:21:01 135,168 ----a-w C:\Windows\System32\java.exe
- 2008-02-21 23:23:39 135,168 ----a-w C:\Windows\System32\javaw.exe
+ 2008-06-09 22:21:04 135,168 ----a-w C:\Windows\System32\javaw.exe
- 2008-02-22 00:33:32 139,264 ----a-w C:\Windows\System32\javaws.exe
+ 2008-06-09 23:32:34 139,264 ----a-w C:\Windows\System32\javaws.exe
- 2008-09-12 17:04:08 13,868 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2223133414-1777158752-3304994779-1002_UserData.bin
+ 2008-09-12 18:53:34 14,050 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2223133414-1777158752-3304994779-1002_UserData.bin
- 2008-09-12 17:04:07 78,206 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-12 21:49:56 78,272 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-12 11:51:37 59,492 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-13 09:49:44 59,840 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 228088]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 22696]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 C:\Windows\RtHDVCpl.exe]
C:\Users\eDy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-12-13 557568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL ktfacl.dll dzvyyh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.avis"= ff_acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"UpdatesDisableNotify"="0x00000000"
"AntiVirusDisableNotify"="0x00000000"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6DE4EF4D-504D-414B-B1BD-EA857B9B8EA1}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{D26A1AB5-3DC8-41EC-BE73-E60A14C89BE6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{0F14D24A-D0E7-43D8-9718-D0DFA8336490}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{AEAA3492-DAF6-429D-966D-3C14705A9575}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{9F75219E-E733-4560-9EEB-AF6F3B8045D1}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{9F5140EC-EA46-4050-A949-77C6675A0AAA}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{798DB3DE-D704-42B5-82D5-AABD5BC5806E}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{80DAF794-CF15-4783-B4B7-7BDB0A3D96A4}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3AD1C762-6D2F-4F9E-AC3F-64D794BDB041}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{12F5DA58-918C-4739-99EE-39E5ABD9604C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5FF56F9D-7148-4B88-8E55-881FD36E119D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{41D88386-1868-4B7B-AE1B-6224121BB070}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{AAA1AC87-95D1-4A5E-9E84-B89E03817C0C}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{3E6B9D4F-CBFB-41A0-97A9-08E2B7519B7F}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{5B95B573-C6C8-4FB8-B4CE-181F77E62F22}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{E62A8DF0-5B32-4F7E-8C57-BE0C778D0BB3}C:\\program files\\trackmania sunrise\\tmsunrise.exe"= UDP:C:\program files\trackmania sunrise\tmsunrise.exe:TmSunrise
"UDP Query User{F33B5F75-0BEB-48D4-AB5B-75960117A640}C:\\program files\\trackmania sunrise\\tmsunrise.exe"= TCP:C:\program files\trackmania sunrise\tmsunrise.exe:TmSunrise
"TCP Query User{3E11A1C9-94ED-4E30-B37E-F2A4CF4C9AF2}C:\\program files\\[pc] splinter cell pandora tomorrow [rip] [dopeman]\\scpd\\splinter cell pandora tomorrow\\pandora.exe"= UDP:C:\program files\[pc] splinter cell pandora tomorrow [rip] [dopeman]\scpd\splinter cell pandora tomorrow\pandora.exe:pandora
"UDP Query User{187EAD21-5932-47CE-BB51-4DA8614789B6}C:\\program files\\[pc] splinter cell pandora tomorrow [rip] [dopeman]\\scpd\\splinter cell pandora tomorrow\\pandora.exe"= TCP:C:\program files\[pc] splinter cell pandora tomorrow [rip] [dopeman]\scpd\splinter cell pandora tomorrow\pandora.exe:pandora
"TCP Query User{CAA333D1-670A-42CA-BAF5-19351043585A}C:\\users\\edy\\appdata\\local\\xenocode\\appliancecaches\\kumaclient.exe_v71b24f3e\\native\\stubexe\\@programfiles@\\kuma games\\kuma.exe"= UDP:C:\users\edy\appdata\local\xenocode\appliancecaches\kumaclient.exe_v71b24f3e\native\stubexe\@programfiles@\kuma games\kuma.exe:kuma.exe
"UDP Query User{547E73C9-8561-4BC6-AF97-0EAE0A405858}C:\\users\\edy\\appdata\\local\\xenocode\\appliancecaches\\kumaclient.exe_v71b24f3e\\native\\stubexe\\@programfiles@\\kuma games\\kuma.exe"= TCP:C:\users\edy\appdata\local\xenocode\appliancecaches\kumaclient.exe_v71b24f3e\native\stubexe\@programfiles@\kuma games\kuma.exe:kuma.exe
"TCP Query User{A2BDBE65-7DD8-4F50-BBFA-67BA538B1D50}C:\\program files\\steam\\steamapps\\ts0mpi\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{46736481-5D1C-46F0-BF0C-1785D9DA44C0}C:\\program files\\steam\\steamapps\\ts0mpi\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{1724A2D6-38C2-46E6-8A1E-CE9655A9905B}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{9891D4A0-A8C9-4EED-A1E6-CD7A7769E72D}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{9F4BC339-CBD5-406C-8442-D2D91F2126F4}C:\\program files\\steam\\steamapps\\ts0mpi\\day of defeat\\hl.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{FCA40045-0385-4845-B2C0-DE8EFECE0362}C:\\program files\\steam\\steamapps\\ts0mpi\\day of defeat\\hl.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{270DEB84-E739-47E0-8BE2-61037403BC36}C:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:C:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{BCD5039E-D69D-4E7C-BDB0-FF0CBFA8F70E}C:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:C:\program files\wolfenstein - enemy territory\et.exe:ET
"{FB4D5CBA-10FC-4F29-9679-2D161465CBD2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{52BBAB77-A961-4605-BF39-308CA8F42726}C:\\program files\\steam\\steamapps\\ts0mpi\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\team fortress 2\hl2.exe:hl2
"UDP Query User{3D046931-D84E-4957-8E5A-8C613D7A99AB}C:\\program files\\steam\\steamapps\\ts0mpi\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\team fortress 2\hl2.exe:hl2
"TCP Query User{9F1CFA65-E334-4CB3-8771-D30ED9DEA41E}C:\\program files\\steam\\steamapps\\ts0mpi\\source sdk base\\hl2.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\source sdk base\hl2.exe:hl2
"UDP Query User{4141FADE-38D6-425B-90CA-D5F51C7414CE}C:\\program files\\steam\\steamapps\\ts0mpi\\source sdk base\\hl2.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\source sdk base\hl2.exe:hl2
"TCP Query User{FEC3BB70-064E-4818-B824-89B0B9B459A4}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam
"UDP Query User{75093C78-3FB3-4170-AF31-FB94A800E8A8}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam
"TCP Query User{FDC87E98-388D-40B3-80D6-26CC29409717}C:\\program files\\steam\\steamapps\\ts0mpi\\half-life 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\half-life 2\hl2.exe:hl2
"UDP Query User{0F6A8421-C83E-4A62-BB1C-2394577CFB02}C:\\program files\\steam\\steamapps\\ts0mpi\\half-life 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\half-life 2\hl2.exe:hl2
"TCP Query User{62334EED-A011-4A3C-9852-F403B295891A}C:\\windows\\system32\\rxbot2.exe"= UDP:C:\windows\system32\rxbot2.exe:rxbot2
"UDP Query User{EC9EF5C7-2A8E-4348-961A-A092886AAD8F}C:\\windows\\system32\\rxbot2.exe"= TCP:C:\windows\system32\rxbot2.exe:rxbot2
"TCP Query User{957C8E02-2BE8-4A2B-9A1F-810AAEC206E5}C:\\windows\\system32\\wuamgrd.exe"= UDP:C:\windows\system32\wuamgrd.exe:wuamgrd
"UDP Query User{0DB1F23A-B03B-4943-9A5C-323AC36C109E}C:\\windows\\system32\\wuamgrd.exe"= TCP:C:\windows\system32\wuamgrd.exe:wuamgrd
"TCP Query User{44C1870D-5475-411A-BFB2-E8646DA5F3CD}C:\\users\\edy\\desktop\\downloads\\cabaltemp\\estsetuploader.exe"= UDP:C:\users\edy\desktop\downloads\cabaltemp\estsetuploader.exe:estsetuploader.exe
"UDP Query User{FE173293-B7B2-4446-8604-2DCD233B49C4}C:\\users\\edy\\desktop\\downloads\\cabaltemp\\estsetuploader.exe"= TCP:C:\users\edy\desktop\downloads\cabaltemp\estsetuploader.exe:estsetuploader.exe
"TCP Query User{DA206DEC-5B07-4992-AD1F-120922B7B68F}C:\\windows\\system32\\wuamgrd.exe"= UDP:C:\windows\system32\wuamgrd.exe:wuamgrd
"UDP Query User{087B9389-EAB2-4C2B-961E-AD3A937BE263}C:\\windows\\system32\\wuamgrd.exe"= TCP:C:\windows\system32\wuamgrd.exe:wuamgrd
"{B540D59B-B442-47DE-959C-D1D403CFDD71}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{185E76E3-870F-4457-BE2D-6E1A819E1B70}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"TCP Query User{598CEE78-B17D-4541-BD4A-5731314BCA0D}C:\\program files\\steam\\steamapps\\ts0mpi\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{C6BA753F-6DFD-48B0-B223-EC7C144A286C}C:\\program files\\steam\\steamapps\\ts0mpi\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{63ED93EE-A909-486F-9D90-18D356C4A6B2}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"UDP Query User{AC32CB46-527A-49D9-860B-136C61474967}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"TCP Query User{EF148274-31E4-4DC6-AB35-50687970A7A4}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{F2D28122-7122-4D37-8C3E-A34AF0A8F105}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{64F11094-F81F-4CBA-B4CC-46FA11BE6DCD}C:\\program files\\rainbow six vegas\\rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:C:\program files\rainbow six vegas\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"UDP Query User{5900BE55-CD12-4C79-8892-C39D9EAAF8DD}C:\\program files\\rainbow six vegas\\rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:C:\program files\rainbow six vegas\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"TCP Query User{C7AE8A31-3B66-47FF-8D36-C0D6D945AF8C}C:\\program files\\e frontier\\poser 7\\poser.exe"= UDP:C:\program files\e frontier\poser 7\poser.exe:Poser executable file
"UDP Query User{81EDF152-C02D-481D-A374-AD6EC7F06F85}C:\\program files\\e frontier\\poser 7\\poser.exe"= TCP:C:\program files\e frontier\poser 7\poser.exe:Poser executable file
"TCP Query User{B5165048-77AC-4CDD-8F1F-D2184E0B5127}C:\\program files\\walaber's trampoline\\bin\\release\\trampolinegame.exe"= UDP:C:\program files\walaber's trampoline\bin\release\trampolinegame.exe:TrampolineGame
"UDP Query User{1FF480FE-9D76-41B5-ADA9-D06BBD323C73}C:\\program files\\walaber's trampoline\\bin\\release\\trampolinegame.exe"= TCP:C:\program files\walaber's trampoline\bin\release\trampolinegame.exe:TrampolineGame
"{6D10385D-F158-429E-869D-CA6DC8A4686B}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{A98DDC02-7B32-4973-B34B-E083BA9AAF15}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D6D09900-76C4-4C3A-8E39-5D05EBC74E80}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{955F1414-05D1-426A-A663-9F68DD06A8DC}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{E6FC0035-7F98-4C06-9D0E-D95E595B8E6C}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{E5A6D4C8-58DB-4CDD-988F-5DB0DA7CA99F}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{10F1FF13-7399-4362-818F-9B37EA841F90}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{DA3B9536-18ED-4B9C-ABEF-43885DCFE724}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"TCP Query User{6E382DEC-44BF-41FA-AA27-332099A38221}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"UDP Query User{1FD3E02A-AA52-417B-AF28-3033268A4B75}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"TCP Query User{AA0A43B3-F79B-4D73-A6EF-F6E214ED42FA}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{1526C467-66B4-420A-992B-B527E7246308}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{0099635C-4701-4D06-938E-952D22D096FD}C:\\program files\\ut2004\\ut2004\\system\\ut2004.exe"= UDP:C:\program files\ut2004\ut2004\system\ut2004.exe:UT2004
"UDP Query User{714D4099-F9F3-4EAF-B034-BBA0E91171CE}C:\\program files\\ut2004\\ut2004\\system\\ut2004.exe"= TCP:C:\program files\ut2004\ut2004\system\ut2004.exe:UT2004
"TCP Query User{CFB10CFF-CBD6-4C5C-9D1D-C51643D8C6D9}C:\\program files\\id software\\quake 4\\quake4ded.exe"= UDP:C:\program files\id software\quake 4\quake4ded.exe:Quake 4
"UDP Query User{5AFE1615-C6B5-4F30-AF7B-DC0C5BC5BDED}C:\\program files\\id software\\quake 4\\quake4ded.exe"= TCP:C:\program files\id software\quake 4\quake4ded.exe:Quake 4
"{35CDD6A8-35E4-49A9-8591-B857824DF2A1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1046B40D-12A5-49C7-8550-C977653B20A8}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{BE9F02C3-9306-46D1-80C0-BF3880E45AF8}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{77628A07-FB76-42BD-811F-85AA6B12F47F}"= UDP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{AB3C9EB8-3396-4A91-B823-C61AAC4932F9}"= TCP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{60F9669C-AE0F-4B71-87C4-D239F8207E7D}"= UDP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{AA89A1F9-6571-4D0F-B289-314351F46CB1}"= TCP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071204.001\IDSvix86.sys [2007-11-06 180272]
R2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-22 554616]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-03 3695104]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-05-13 43520]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 37936]
R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
S3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-11-15 816512]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-09-21 43520]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-10 92656]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\OblivionLauncher.exe
*Newly Created Service* - COMHOST
.
'Ajoitetut tehtävät'-kansion sisältö
.
.
------- Täydentävä tarkistus -------
.
FireFox -: Profile - C:\Users\eDy\AppData\Roaming\Mozilla\Firefox\Profiles\q2prvqpp.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - afterdawn.fi
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMFireLauncher.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-13 14:40:00
Windows 6.0.6001 Service Pack 1 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
Valmistumisajankohta: 2008-09-13 14:43:29
ComboFix-quarantined-files.txt 2008-09-13 11:43:17
ComboFix2.txt 2008-09-12 18:28:24
Pre-Run: 229,687,013,376 tavua vapaana
Post-Run: 229,700,435,968 tavua vapaana
373 --- E O F --- 2008-09-11 19:46:27
hjt loki:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:44, on 2008-09-13
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL ktfacl.dll dzvyyh.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 9193 bytes
|
|
EDYSTERi
Junior Member
4 tuotearviota
|
13. syyskuuta 2008 @ 14:56 |
Linkki tähän viestiin
|
|
Nyt on poistttu ja karanteenit tyhjenntty vois ton Nortoninki joskus maksaa uusiks.
|
|
Hujo
Suspended permanently
|
13. syyskuuta 2008 @ 15:04 |
Linkki tähän viestiin
|
Poista kansio
C:\Program Files\MicroAV
==============
Niin tai keventää virustorjuntaa.
vaikka ilmaiseen ja sille ilmanen palomuuri
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 13. syyskuuta 2008 @ 15:05
|
|
EDYSTERi
Junior Member
4 tuotearviota
|
13. syyskuuta 2008 @ 15:05 |
Linkki tähän viestiin
|
|
Katos siel oli semmonenki no nyt o poistettu.
|
|
Hujo
Suspended permanently
|
13. syyskuuta 2008 @ 16:17 |
Linkki tähän viestiin
|
|
No niin mites se kone toimii
Voiko tietsikka koskaan toimia?
|
|
EDYSTERi
Junior Member
4 tuotearviota
|
13. syyskuuta 2008 @ 16:20 |
Linkki tähän viestiin
|
|
Hyvinhä tämä kiitti vaa sulle avusta. Fyysinen muisti kyl käytös 80 % koko ajan mut johtuu varmaa taas vistan omista jutuist.
|
|
Hujo
Suspended permanently
|
13. syyskuuta 2008 @ 16:26 |
Linkki tähän viestiin
|
|
Paljos koneessa on sitä keskusmuistia
Voiko tietsikka koskaan toimia?
|
|
EDYSTERi
Junior Member
4 tuotearviota
|
13. syyskuuta 2008 @ 16:28 |
Linkki tähän viestiin
|
|
1 giga näköjää oon kyl luullu et 512 =D
|
|
Hujo
Suspended permanently
|
13. syyskuuta 2008 @ 16:30 |
Linkki tähän viestiin
|
sen vois nostaa tuohon 2gigaa ja laitaa koneelle kevyempi virustorjunta ja sille palomuuri kaveriksi.
toimis nopeemin
Voiko tietsikka koskaan toimia?
|
|
EDYSTERi
Junior Member
4 tuotearviota
|
13. syyskuuta 2008 @ 16:31 |
Linkki tähän viestiin
|
|
Oon meinannu joo vähäsen kokoo nostaa ei o viel keren. Täytyy tota virustorjunnanki vaihtoa harkita.
|
|
Hujo
Suspended permanently
|
13. syyskuuta 2008 @ 16:35 |
Linkki tähän viestiin
|
|
kyllä se ilmanen virustojunta ajaa saman kuin maksulinenkin ja kyllä netistä tulee se pöpö jos on tullakseen.
Voiko tietsikka koskaan toimia?
|
|
EDYSTERi
Junior Member
4 tuotearviota
|
13. syyskuuta 2008 @ 16:35 |
Linkki tähän viestiin
|
|
Jep ja tänkä viruksen alkuperästä mul ei o mitään tietoa.
|
|
Hujo
Suspended permanently
|
13. syyskuuta 2008 @ 16:57 |
Linkki tähän viestiin
|
|
vundoosta smitfraudiin ja haitta ohjelmiin oli koneella .. ja sitten niiten kaverit vielä pippaloissa mukana.
Voiko tietsikka koskaan toimia?
|
|
EDYSTERi
Junior Member
4 tuotearviota
|
13. syyskuuta 2008 @ 16:58 |
Linkki tähän viestiin
|
|
Jeps
|
|
Hujo
Suspended permanently
|
13. syyskuuta 2008 @ 17:14 |
Linkki tähän viestiin
|
|
ei muuta kuin uusia pöpöjä metsästään netistä :D
Voiko tietsikka koskaan toimia?
|
|
Mainos
|
|
|
|
EDYSTERi
Junior Member
4 tuotearviota
|
13. syyskuuta 2008 @ 17:15 |
Linkki tähän viestiin
|
|
Jep just etin :D noei jos ny sais vaik puol vuotta ees pidettyy tän koneen kunnos.
|
|
