|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Netti hidastelee
|
|
|
hnkk
Junior Member
|
25. marraskuuta 2008 @ 16:57 |
Linkki tähän viestiin
|
Eli yhteyteni on kuitenkin 8/1 ja surffailu on silti usein rasittavan hidasta. Apua siis kaivataan!
HJT-LOKI
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:50, on 25.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 5741 bytes
COMBOFIX-LOKI
ComboFix 08-11-24.03 - Henkka 2008-11-25 15:56:19.3 - NTFSx86
Microsoft® Windows Vista? Ultimate 6.0.6001.1.1252.1.1035.18.1268 [GMT 2:00]
Sijainti: c:\users\Henkka\Desktop\Firefox\ComboFix.exe
* Uusi palautuspiste luotu
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-10-25 to 2008-11-25 )))))))))))))))))
.
2008-11-17 10:01 . 2008-10-16 23:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-17 10:01 . 2008-10-16 22:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-17 10:01 . 2008-10-16 23:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-17 10:01 . 2008-10-16 23:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-17 10:00 . 2008-10-16 23:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-17 10:00 . 2008-10-16 22:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-17 10:00 . 2008-10-16 23:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-17 09:59 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-17 09:59 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-15 18:56 . 2008-11-15 18:56 <KANSIO> d-------- c:\users\Henkka\AppData\Roaming\Atari
2008-11-15 18:54 . 2008-11-15 18:54 <KANSIO> d-------- c:\users\Henkka\AppData\Roaming\Leadertech
2008-11-15 18:54 . 2008-11-15 18:54 <KANSIO> d-------- c:\program files\Common Files\PocketSoft
2008-11-15 18:54 . 2002-02-27 18:50 197,120 --a------ c:\windows\patchw32.dll
2008-11-15 18:50 . 2008-11-15 18:50 <KANSIO> d-------- c:\program files\Atari
2008-11-15 17:16 . 2008-11-15 17:16 <KANSIO> d-------- c:\program files\DAEMON Tools Lite
2008-11-12 12:24 . 2008-09-05 07:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 12:24 . 2008-08-27 03:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 12:21 . 2008-09-10 05:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-02 03:02 . 2008-08-05 11:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-02 03:02 . 2008-08-05 11:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-02 03:02 . 2008-08-05 11:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-02 03:02 . 2008-08-05 11:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-02 03:02 . 2008-08-05 11:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-11-01 16:29 . 2008-11-01 16:29 <KANSIO> d-------- c:\program files\directx
2008-11-01 16:23 . 2008-11-04 18:29 <KANSIO> d-------- c:\program files\Deus Ex - Invisible War
2008-11-01 13:38 . 2008-11-01 13:38 <KANSIO> d-------- c:\users\Henkka\AppData\Roaming\Disney Interactive Studios
2008-11-01 13:08 . 2008-11-01 13:08 <KANSIO> d-------- c:\program files\Disney Interactive Studios
2008-11-01 13:05 . 2008-11-01 13:35 994 --a------ c:\windows\disney.ini
2008-11-01 12:55 . 2008-11-10 16:51 <KANSIO> d-------- c:\users\Henkka\Contacts
2008-10-30 20:27 . 2008-11-15 17:46 <KANSIO> d-------- C:\Turhia ohjelmia
2008-10-29 05:07 . 2008-08-12 05:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 05:07 . 2008-09-18 06:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 05:07 . 2008-09-18 06:56 125,952 --a------ c:\windows\System32\wersvc.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 10:52 --------- d-----w c:\users\Henkka\AppData\Roaming\AVG7
2008-11-24 17:33 --------- d-----w c:\users\Harri\AppData\Roaming\OpenOffice.org2
2008-11-24 17:31 --------- d-----w c:\users\Tiina\AppData\Roaming\OpenOffice.org2
2008-11-24 17:21 --------- d-----w c:\users\Tiina\AppData\Roaming\AVG7
2008-11-24 16:41 --------- d-----w c:\users\Lotta\AppData\Roaming\OpenOffice.org2
2008-11-24 16:08 --------- d-----w c:\users\Harri\AppData\Roaming\AVG7
2008-11-24 06:00 --------- d-----w c:\users\Lotta\AppData\Roaming\AVG7
2008-11-20 21:15 --------- d-----w c:\users\Henkka\AppData\Roaming\OpenOffice.org2
2008-11-15 16:51 --------- d-----w c:\users\Henkka\AppData\Roaming\uTorrent
2008-11-15 16:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-15 15:12 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-11 16:11 --------- d-----w c:\users\Henkka\AppData\Roaming\FileZilla
2008-11-09 11:11 --------- d-----w c:\users\Henkka\AppData\Roaming\mIRC
2008-10-31 14:38 --------- d-----w c:\program files\Common Files\Adobe
2008-10-22 10:20 --------- d-----w c:\program files\Common Files\Steam
2008-10-20 16:03 --------- d-----w c:\program files\Valve
2008-10-20 15:35 --------- d--h--w c:\users\Henkka\AppData\Roaming\ijjigame
2008-10-20 15:35 --------- d-----w c:\users\Henkka\AppData\Roaming\Winamp
2008-10-20 15:35 --------- d-----w c:\users\Henkka\AppData\Roaming\Ventrilo
2008-10-20 15:35 --------- d-----w c:\users\Henkka\AppData\Roaming\teamspeak2
2008-10-20 15:35 --------- d-----w c:\users\Henkka\AppData\Roaming\SystemRequirementsLab
2008-10-20 15:35 --------- d-----w c:\users\Henkka\AppData\Roaming\dvdcss
2008-10-20 15:35 --------- d-----w c:\users\Henkka\AppData\Roaming\DAEMON Tools
2008-10-20 15:35 --------- d-----w c:\programdata\avg7
2008-10-16 12:55 --------- d-----w c:\program files\Windows Mail
2008-10-09 13:13 --------- d-----w c:\program files\XMoto
2008-10-08 16:51 --------- d---a-w c:\programdata\TEMP
2008-10-08 15:50 --------- d-----w c:\users\Lotta\AppData\Roaming\Flood Light Games
2008-10-08 15:50 --------- d-----w c:\programdata\Flood Light Games
2008-10-08 15:50 --------- d-----w c:\program files\Taukopelit
2008-10-08 15:50 --------- d-----w c:\program files\Common Files\Oberon Media
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 14:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-30 11:06 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-30 11:06 --------- d-----w c:\program files\iTunes
2008-09-30 11:05 --------- d-----w c:\program files\iPod
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-03 03:59 468,992 ----a-w c:\windows\System32\newdev.dll
2008-09-03 03:58 74,752 ----a-w c:\windows\System32\newdev.exe
2008-08-29 07:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 06:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-06-18 14:38 174 --sha-w c:\program files\desktop.ini
2007-12-24 22:04 22,328 ----a-w c:\users\Henkka\AppData\Roaming\PnkBstrK.sys
2008-07-03 16:19 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-03 16:19 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-03 16:19 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-03-16 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-12-14 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
2007-12-14 19:44 9216 c:\windows\System32\avgwlntf.dll
[HKLM\~\startupfolder\C:^Users^Henkka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\users\Henkka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 14:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-05-15 15:55 1057328 c:\program files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-05-15 15:55 1628208 c:\program files\Nero\Nero 7\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvjbmonitor]
--a------ 2006-12-26 17:08 53248 c:\program files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2288889983-3666411893-3590199007-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{97EC9346-283B-4D38-B976-D1E47A4A3E83}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{7974046A-0FC0-47B1-9141-812645F426D5}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{E3D464D6-953A-4C2E-BF1D-CDAB70DF8C4A}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{97AA655B-5A12-4327-9DD4-386A45F44429}c:\\program files\\steam\\steamapps\\hnkk\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\hnkk\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{E76FDB83-0295-49A7-8F79-AF2E09FF1B21}c:\\program files\\steam\\steamapps\\hnkk\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\hnkk\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{51A5C65E-1D8A-4BA9-87C0-6F28BAD162DE}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{70FC1D58-4C03-4DAA-9808-DB04A8E4423E}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{2E0625A8-B2DB-4C2A-A89A-FB1AB146248D}c:\\program files\\the all-seeing eye\\eye.exe"= UDP:c:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"UDP Query User{51888159-E2F8-4DFE-A283-C5DBBC23E760}c:\\program files\\the all-seeing eye\\eye.exe"= TCP:c:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"TCP Query User{9FD05F55-891D-4DC3-A940-1A3D98C46C04}c:\\ijji\\english\\gunz\\gunz.exe"= UDP:c:\ijji\english\gunz\gunz.exe:Gunz
"UDP Query User{1F9F5747-FD56-467E-B75F-7677918F328C}c:\\ijji\\english\\gunz\\gunz.exe"= TCP:c:\ijji\english\gunz\gunz.exe:Gunz
"TCP Query User{7B1E9094-96E3-4021-8D3A-04D97A4C72C9}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{0959F4FC-45DF-4091-89AC-249EB9E56AF8}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++
"{18F26EA3-480C-49EE-92A7-BF7F7A283D8E}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{9B33D492-2B61-4992-B640-FEB3E86193F3}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{25AD2C1F-E0E7-473D-9E98-4F664C593CAC}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{9D39EC9F-B849-4960-AE66-3F6A22302FA5}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{04186A89-3891-4826-8F74-C1A0719D4066}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3C629100-A34B-4CCF-BBC9-DD7C7D95FE4E}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D5C767FE-08D0-4AAA-A7F8-26639271F981}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{ADC1ED70-DF5A-4F90-B441-893EA963C40E}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{3BADFB8F-C1E0-4EF2-999F-7A342A7167C2}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{8E6F881B-F8EB-490E-9385-A2F298D41421}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{A6A119C3-B77C-45C9-9163-14B0AC41D37A}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{12876641-FF77-4180-8DDC-1C59ADA453F9}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{A0A0FD90-06F4-412E-8E0E-253B8DF63C90}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{31A7B6D3-7112-4BEF-A57B-027ADE05F16A}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"TCP Query User{6A3762AA-2D45-4C87-B390-8A15EC973FF1}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{94EB9222-B30C-499D-94A3-DD8F5F9ECF6F}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{D9DE7F0D-A7D4-4AED-924B-B856BFD40998}c:\\program files\\steam\\steamapps\\hnkk\\ricochet\\hl.exe"= UDP:c:\program files\steam\steamapps\hnkk\ricochet\hl.exe:Half-Life Launcher
"UDP Query User{CE439899-2C82-49EE-8C79-A5B8B8301C58}c:\\program files\\steam\\steamapps\\hnkk\\ricochet\\hl.exe"= TCP:c:\program files\steam\steamapps\hnkk\ricochet\hl.exe:Half-Life Launcher
"{DCA97472-32BA-4445-99CB-A7883C6F6EB8}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{71EF5FDB-79B6-4F40-A064-C500C768D21B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{C5E09EB2-49C5-44B9-8BE7-153A730BCFA8}c:\\program files\\steam\\steamapps\\battery55\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\battery55\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{847B04DB-C439-4094-9F93-0DCAC41FFED5}c:\\program files\\steam\\steamapps\\battery55\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\battery55\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{E2C875F7-0B42-4B9F-A83A-64421FC42C3D}c:\\program files\\ea games\\ultima online mondain's legacy\\client.exe"= UDP:c:\program files\ea games\ultima online mondain's legacy\client.exe:client
"UDP Query User{E93AF1A7-D3E1-4843-8CBB-C2E112BBF009}c:\\program files\\ea games\\ultima online mondain's legacy\\client.exe"= TCP:c:\program files\ea games\ultima online mondain's legacy\client.exe:client
"TCP Query User{61519A35-CE25-4BEE-AE84-213E0326F6F6}c:\\program files\\pokerihuone\\jre\\bin\\javaw.exe"= UDP:c:\program files\pokerihuone\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{05B784B9-D99C-4816-AB1F-1D4F4C4A9B20}c:\\program files\\pokerihuone\\jre\\bin\\javaw.exe"= TCP:c:\program files\pokerihuone\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"{AF10E89C-30EB-44C4-A07E-942FFF05F4B3}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{BA90B2AB-87B7-4686-86B0-A33F09845D14}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{34F9F1A2-5931-4B1E-A668-8835227F8D2C}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{61CD2A17-7E18-4732-B714-C7F6B403998B}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{A9701197-AEA0-411F-8B55-2445A17C1B8E}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{68B7DB46-B944-445E-8510-2FEECCC537FE}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{53224DE0-1F0A-4781-974E-C64144A1FF73}"= UDP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{70CE8CDB-7716-478C-9CCB-65A18C0384F4}"= TCP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"TCP Query User{2D88AB0D-43AF-45EB-B5EA-EC8ADEA509B2}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{F7E7F2AA-730A-4436-8ECA-60CF3530BD73}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"{D7C3049F-539B-4B4E-BA0C-294D01FF3565}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B45CF6DB-1F6D-4337-9588-D3538444DB9F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{3545E058-5F35-4A83-820B-6531AB2555C9}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{05210873-3FF8-40A4-841A-43EC469E914F}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"{18449BFB-9022-4EE7-835B-3F4AA0A0ED8F}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9A0CF552-646E-4EBC-BEDE-27E6015FAE2E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{8DCE66BE-0FA9-4DED-B6D5-9951B30E60E8}c:\\program files\\steam\\steamapps\\hnkk\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\hnkk\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{45BB994E-AF89-4607-863E-51F59D90FD7B}c:\\program files\\steam\\steamapps\\hnkk\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\hnkk\counter-strike\hl.exe:Half-Life Launcher
"{ADBB8A60-6E0E-484C-BAC8-B9090F0F4344}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{81C498FD-3C83-454B-BCAB-014213357B37}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{111D5C47-5524-4682-856C-4CA8F5EAC20A}c:\\program files\\valve\\steam\\steamapps\\hnkk\\condition zero\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\hnkk\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{8E1D34A0-81F9-4D89-9199-7007CC03662B}c:\\program files\\valve\\steam\\steamapps\\hnkk\\condition zero\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\hnkk\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{1CF599A0-A5E1-4769-B15D-1B78D11F4556}c:\\program files\\valve\\steam\\steamapps\\hnkk\\counter-strike\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\hnkk\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{7CCC0BC7-57AD-42EA-A948-7DB620697C83}c:\\program files\\valve\\steam\\steamapps\\hnkk\\counter-strike\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\hnkk\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{EA983BC2-5DA2-4DC1-A59E-4AFA8ECDBAEC}c:\\program files\\valve\\steam\\steamapps\\hnkk\\condition zero deleted scenes\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\hnkk\condition zero deleted scenes\hl.exe:Half-Life Launcher
"UDP Query User{419331D2-CACD-40E2-8F36-30DDB61B369B}c:\\program files\\valve\\steam\\steamapps\\hnkk\\condition zero deleted scenes\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\hnkk\condition zero deleted scenes\hl.exe:Half-Life Launcher
"TCP Query User{F5685B98-C304-446F-8BDA-9667270E7763}c:\\program files\\pokerihuone\\jre\\bin\\javaw.exe"= UDP:c:\program files\pokerihuone\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{A276F775-0329-4DDA-A5B0-54D07A3DBCAC}c:\\program files\\pokerihuone\\jre\\bin\\javaw.exe"= TCP:c:\program files\pokerihuone\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{4289446C-1184-47A4-B818-C85E098C86EA}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{54C4BCAD-6F2F-4D02-9D53-65CDED5100A2}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{C6DF14DD-9ADA-4020-B806-B1B83307EE92}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{ACC1899B-AA2E-440D-83AF-97CBCBA55F7C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{8AA1C170-6B64-4537-B7D8-F1F07D3D9D16}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{CBAA4FA2-DCE6-499C-AA2F-A0B4F8EB4BAA}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
R0 AtiPcie;ATI PCI Express (3GIO) Filter;c:\windows\system32\DRIVERS\AtiPcie.sys [2007-12-14 7680]
R3 AvgWFP;AVG7 Firewall Driver x86;c:\windows\system32\Drivers\avgwfp.sys [2007-12-14 53768]
S3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-11-22 1121536]
S3 MODRC;Ultima Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [2007-02-06 13440]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe /RunAsService [2008-10-20 87288]
S3 stusb2ir;USB 2.0 IrDA Bridge;c:\windows\system32\DRIVERS\stusb2ir.sys [2006-11-02 41728]
.
- - - - POISTETUT JÄMÄRIVIT - - - -
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
------- Täydentävä tarkistus -------
.
FireFox -: Profile - c:\users\Henkka\AppData\Roaming\Mozilla\Firefox\Profiles\7vuczwyu.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - motot.net
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 16:01:32
Windows 6.0.6001 Service Pack 1 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
Valmistumisajankohta: 2008-11-25 16:02:57
ComboFix-quarantined-files.txt 2008-11-25 14:02:55
Ennen ajoa: 143 467 966 464 tavua vapaana
Ajon jälkeen: 143,484,051,456 tavua vapaana
244 --- E O F --- 2008-11-25 11:00:13
Kiitos jo etukäteen jos joku jaksaa auttaa :)
|
|
