Kone hidastelee, HJT logi.

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

sunnuntai 16.11.2025 / 18:58

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > kone hidastelee, hjt logi.

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Kone hidastelee, HJT logi.

Siirry:

Kirjoittaja

Viesti

johtajat

Junior Member

12. tammikuuta 2009 @ 10:40

Linkki tähän viestiin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:17, on 12.1.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.22\RivaTunerWrapper.exe" /S
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ccaf3814] rundll32.exe "C:\ProgramData\mutelupo\mutelupo.dll",b
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [FTweakFCleaner] C:\Program Files\FCleaner\FCleaner.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [jugawimeki] Rundll32.exe "C:\Windows\system32\yasutabe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/ve...vex-2.2.4.2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\Windows\system32\tuwopuye.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 8694 bytes

[ + lainaa]

Hujo

Suspended permanently

13. tammikuuta 2009 @ 00:22

Linkki tähän viestiin

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

===============

Scannaa koneesi Kaspersky Online Scannerin

Ohjelman käynnistyessä kysytään sallitaanko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
" Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
" Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
" Klikkaa nyt asetuksia, Scan Settings
" Tarkista asetuksista, että seuraavat ovat valittuina:
o Scan using the following Anti-Virus database:
+ Extended (Jos valittavissa, muuten valitse Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
" Klikkaa OK
" Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
" Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
" Klikkaa nyt Save as Text-painiketta.
" Tallenna tiedosto työpöydällesi.
" Mikäli haluat jatkaa asian käsittelyä foorumissa niin kopioi tiedoston sisältö viestiisi.

[ + lainaa]

Voiko tietsikka koskaan toimia?

johtajat

Junior Member

13. tammikuuta 2009 @ 15:30

Linkki tähän viestiin

uesday, January 13, 2009
Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, January 13, 2009 11:01:03
Records in database: 1613791
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
I:\
Scan statistics
Files scanned 134452
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 01:29:43

File name Threat name Threats count
C:\Program Files\Windows Sidebar\Gadgets\AutoShutdown.gadget\core\gadget.js Infected: not-a-virus:RiskTool.JS.Shutdown.a 1
The selected area was scanned.

Malwaren logi:

Malwarebytes' Anti-Malware 1.32
Tietokantaversio: 1647
Windows 6.0.6001 Service Pack 1

13.1.2009 13:23:59
mbam-log-2009-01-13 (13-23-59).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 175544
Kulunut aika: 12 hour(s), 1 minute(s), 37 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 9
Saastuneita rekisteriarvoja: 2
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 8

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccaf3814 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\ProgramData\mutelupo\mutelupo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\dutupafu\dutupafu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\fapufipe\fapufipe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\juhodamo\juhodamo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\notosono\notosono.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\yogewaya\yogewaya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\zibuweti\zibuweti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\zuzifore\zuzifore.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

[ + lainaa]

Hujo

Suspended permanently

13. tammikuuta 2009 @ 15:40

Linkki tähän viestiin

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

älä asenna palautus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

[ + lainaa]

Voiko tietsikka koskaan toimia?

johtajat

Junior Member

13. tammikuuta 2009 @ 16:29

Linkki tähän viestiin

ComboFix 09-01-11.04 - Santtu 2009-01-13 16:03:36.1 - NTFSx86
Microsoft® Windows Vista? Ultimate 6.0.6001.1.1252.1.1033.18.3326.2007 [GMT 2:00]
Sijainti: c:\users\Downloads\ComboFix.exe
FW: ZoneAlarm Firewall *disabled*
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\egfghiPo.ini
c:\windows\system32\egfghiPo.ini2
c:\windows\system32\ovmemmrt.ini
c:\windows\system32\x64

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-12-13 to 2009-01-13 )))))))))))))))))
.

2009-01-13 01:20 . 2009-01-13 01:20 <KANSIO> d-------- c:\users\All Users\Malwarebytes
2009-01-13 01:20 . 2009-01-13 01:20 <KANSIO> d-------- c:\programdata\Malwarebytes
2009-01-13 01:20 . 2009-01-13 01:20 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-13 01:20 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-13 01:20 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-12 15:24 . 2009-01-12 15:34 <KANSIO> d-------- c:\program files\CleanCenter
2009-01-12 10:35 . 2009-01-12 10:35 <KANSIO> d-------- c:\program files\Trend Micro
2009-01-12 09:40 . 2009-01-12 15:23 <KANSIO> d-------- c:\windows\Download Manager
2009-01-11 17:11 . 2009-01-11 17:11 <KANSIO> d-------- c:\users\All Users\Locktime
2009-01-11 17:11 . 2009-01-11 17:11 <KANSIO> d-------- c:\programdata\Locktime
2009-01-11 17:11 . 2009-01-11 17:11 <KANSIO> d-------- c:\program files\NetLimiter 2 Pro
2009-01-10 16:55 . 2009-01-10 16:55 <KANSIO> d-------- c:\users\Santtu\netti
2009-01-08 16:09 . 2009-01-08 16:09 <KANSIO> d--hs---- c:\windows\ftpcache
2009-01-05 23:59 . 2009-01-05 23:59 <KANSIO> d-------- c:\users\All Users\Apple Computer
2009-01-05 23:59 . 2009-01-05 23:59 <KANSIO> d-------- c:\programdata\Apple Computer
2009-01-05 23:59 . 2009-01-05 23:59 <KANSIO> d-------- c:\program files\QuickTime
2009-01-05 23:59 . 2009-01-05 23:59 <KANSIO> d-------- c:\program files\Common Files\Apple
2009-01-05 23:58 . 2009-01-05 23:58 <KANSIO> d-------- c:\users\All Users\Apple
2009-01-05 23:58 . 2009-01-05 23:58 <KANSIO> d-------- c:\programdata\Apple
2009-01-05 23:58 . 2009-01-05 23:58 <KANSIO> d-------- c:\program files\Apple Software Update
2009-01-05 21:41 . 2009-01-05 21:41 <KANSIO> d-------- c:\users\All Users\GRAW2
2009-01-05 21:41 . 2009-01-05 21:41 <KANSIO> d-------- c:\programdata\GRAW2
2009-01-05 21:17 . 2009-01-05 21:17 <KANSIO> d-------- c:\users\All Users\Media Center Programs
2009-01-05 21:17 . 2009-01-05 21:17 <KANSIO> d-------- c:\programdata\Media Center Programs
2009-01-05 21:09 . 2009-01-05 21:09 <KANSIO> d-------- c:\program files\UBISOFT
2009-01-04 17:21 . 2009-01-04 17:21 <KANSIO> d-------- c:\program files\Microsoft Works
2009-01-04 17:20 . 2009-01-04 17:20 <KANSIO> d-------- c:\program files\Microsoft.NET
2009-01-04 17:15 . 2009-01-04 17:15 <KANSIO> d-------- c:\program files\Microsoft Visual Studio 8
2009-01-04 17:15 . 2009-01-04 17:15 <KANSIO> d-------- C:\IDE
2009-01-04 17:13 . 2009-01-04 17:13 <KANSIO> dr-h----- C:\MSOCache
2009-01-03 18:33 . 2009-01-03 18:33 <KANSIO> d-------- c:\program files\Common Files\PX Storage Engine
2009-01-03 18:33 . 2008-10-08 03:03 43,872 --------- c:\windows\System32\drivers\PxHelp20.sys
2009-01-03 18:33 . 2008-10-08 03:03 9,200 --------- c:\windows\System32\drivers\cdralw2k.sys
2009-01-03 18:33 . 2008-10-08 03:03 9,072 --------- c:\windows\System32\drivers\cdr4_xp.sys
2009-01-03 18:08 . 2009-01-03 18:08 <KANSIO> d-------- c:\windows\System32\Futuremark
2009-01-03 18:08 . 2008-04-22 08:53 27,672 -ra------ c:\windows\System32\drivers\Entech.sys
2009-01-03 18:07 . 2009-01-03 18:07 <KANSIO> d-------- c:\windows\System32\AGEIA
2009-01-03 18:07 . 2009-01-05 21:34 <KANSIO> d-------- c:\program files\AGEIA Technologies
2009-01-03 14:49 . 2009-01-03 14:49 <KANSIO> d-------- c:\program files\RivaTuner v2.22
2009-01-02 10:42 . 2009-01-02 10:42 <KANSIO> d-------- c:\program files\VideoLAN
2009-01-01 14:16 . 2009-01-01 14:16 <KANSIO> d-------- c:\users\All Users\FTWeak
2009-01-01 14:16 . 2009-01-01 14:16 <KANSIO> d-------- c:\programdata\FTWeak
2009-01-01 14:16 . 2009-01-10 11:51 <KANSIO> d-------- c:\program files\FCleaner
2008-12-30 18:45 . 2008-12-30 18:50 <KANSIO> d-------- C:\RA3_SaveGames
2008-12-30 11:33 . 2008-12-30 11:33 <KANSIO> d-------- c:\users\All Users\ATI
2008-12-30 11:33 . 2008-12-30 11:33 <KANSIO> d-------- c:\programdata\ATI
2008-12-30 11:17 . 2008-12-30 11:17 0 --a------ c:\windows\ativpsrm.bin
2008-12-30 11:15 . 2008-12-30 11:19 <KANSIO> d-------- c:\program files\ATI Technologies
2008-12-30 11:15 . 2008-12-30 11:32 <KANSIO> d-------- c:\program files\ATI
2008-12-30 11:14 . 2008-12-30 11:14 <KANSIO> d-------- C:\ATI
2008-12-30 10:38 . 2008-12-30 10:38 331 --a------ c:\windows\doom3.ini
2008-12-30 10:18 . 2009-01-06 22:27 <KANSIO> d-------- c:\program files\DOOM 3
2008-12-30 04:58 . 2008-12-30 04:58 <KANSIO> d-------- c:\program files\Electronic Arts
2008-12-30 04:58 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
2008-12-30 04:58 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
2008-12-30 04:58 . 2007-07-19 18:14 1,358,192 --a------ c:\windows\System32\D3DCompiler_35.dll
2008-12-30 04:58 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
2008-12-30 04:58 . 2007-07-19 18:14 444,776 --a------ c:\windows\System32\d3dx10_35.dll
2008-12-30 04:57 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\System32\d3dx9_35.dll
2008-12-23 15:21 . 2008-12-23 15:21 127,034 -r------- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-12-23 15:16 . 2008-12-23 15:16 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-12-23 15:16 . 2008-12-23 15:16 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-12-23 15:14 . 2008-12-23 15:15 <KANSIO> d-------- c:\program files\Common Files\Logitech
2008-12-23 15:14 . 2007-04-23 04:00 163,840 --a------ c:\windows\System32\kemutb.dll
2008-12-23 15:14 . 2007-04-23 04:00 135,168 --a------ c:\windows\System32\KemUtil.dll
2008-12-23 15:14 . 2007-04-23 04:00 110,592 --a------ c:\windows\System32\KemWnd.dll
2008-12-23 15:14 . 2007-04-23 04:00 69,632 --a------ c:\windows\System32\KemXML.dll
2008-12-17 02:03 . 2008-12-17 02:03 <KANSIO> d-------- c:\program files\Common Files\PCSuite
2008-12-17 02:03 . 2008-12-17 02:03 <KANSIO> d-------- c:\program files\Common Files\Nokia
2008-12-15 19:27 . 2009-01-01 15:10 69 --a------ c:\windows\NeroDigital.ini
2008-12-15 15:37 . 2008-12-15 15:37 <KANSIO> d-------- C:\RootkitNO
2008-12-15 15:37 . 2008-12-15 15:37 123 --a------ c:\windows\rootkitno.ini
2008-12-15 12:15 . 2008-12-15 12:15 118 --a------ c:\windows\System32\MRT.INI

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 14:14 348,371 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2009-01-13 11:23 --------- d-----w c:\programdata\zuzifore
2009-01-13 11:23 --------- d-----w c:\programdata\zibuweti
2009-01-13 11:23 --------- d-----w c:\programdata\yogewaya
2009-01-13 11:23 --------- d-----w c:\programdata\notosono
2009-01-13 11:23 --------- d-----w c:\programdata\mutelupo
2009-01-13 11:23 --------- d-----w c:\programdata\juhodamo
2009-01-13 11:23 --------- d-----w c:\programdata\fapufipe
2009-01-13 11:23 --------- d-----w c:\programdata\dutupafu
2009-01-11 11:19 --------- d-----w c:\programdata\Logishrd
2009-01-11 11:19 --------- d-----w c:\program files\Logitech
2009-01-11 05:20 --------- d-----w c:\program files\ffdshow
2009-01-10 11:56 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-05 19:34 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-04 21:18 --------- d-----w c:\programdata\Microsoft Help
2009-01-04 15:21 --------- d-----w c:\program files\MSBuild
2009-01-03 15:38 --------- d-----w c:\program files\CCleaner
2008-12-30 12:56 --------- d-----w c:\programdata\DVD Shrink
2008-12-30 08:18 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-29 21:12 --------- d-----w c:\program files\UnHackMe
2008-12-28 08:26 348,371 ---ha-w c:\windows\system32\drivers\vsconfig(241).xml
2008-12-27 14:15 2,769,412 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2008-12-23 13:14 --------- d-----w c:\programdata\Logitech
2008-12-17 00:02 --------- d-----w c:\program files\Nokia
2008-12-16 23:38 --------- d-----w c:\programdata\Installations
2008-12-16 18:09 --------- d-----w c:\programdata\Messenger Plus!
2008-12-15 09:49 --------- d-----w c:\program files\Windows Mail
2008-12-09 22:00 --------- d-----w c:\program files\AC3Filter
2008-12-09 09:57 --------- d-----w c:\program files\Lavalys
2008-12-08 11:53 --------- d-----w c:\programdata\NOS
2008-12-08 11:53 --------- d-----w c:\program files\NOS
2008-12-08 11:28 --------- d-----w c:\program files\Common Files\Adobe
2008-12-08 10:53 57,344 ----a-w c:\windows\System32\ff_vfw.dll
2008-12-07 14:08 --------- d-----w c:\program files\a-squared Free
2008-12-04 22:03 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-12-04 21:48 --------- d-----w c:\program files\Canon
2008-12-04 21:25 --------- d-----w c:\program files\Common Files\Canon
2008-12-04 20:28 --------- d-----w c:\program files\directx
2008-12-03 10:29 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-03 10:29 --------- d-----w c:\program files\Java
2008-12-03 08:09 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-03 08:03 --------- d-----w c:\program files\BitLocker
2008-12-03 07:49 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-02 17:53 --------- d-----w c:\programdata\Lavasoft
2008-12-02 17:53 --------- d-----w c:\program files\Lavasoft
2008-12-02 17:48 --------- d-----w c:\program files\Webteh
2008-12-02 05:39 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-01 22:14 4,179,968 ----a-w c:\windows\system32\drivers\atikmdag.sys
2008-12-01 20:47 425,984 ----a-w c:\windows\System32\ATIDEMGX.dll
2008-12-01 20:46 159,744 ----a-w c:\windows\System32\atitmmxx.dll
2008-12-01 20:45 43,520 ----a-w c:\windows\System32\ati2edxx.dll
2008-12-01 20:45 331,776 ----a-w c:\windows\System32\atipdlxx.dll
2008-12-01 20:45 274,432 ----a-w c:\windows\System32\Ati2evxx.dll
2008-12-01 20:45 262,144 ----a-w c:\windows\System32\Oemdspif.dll
2008-12-01 20:44 720,896 ----a-w c:\windows\System32\Ati2evxx.exe
2008-12-01 20:29 4,033,536 ----a-w c:\windows\System32\atiumdag.dll
2008-12-01 20:17 10,981,376 ----a-w c:\windows\System32\atioglxx.dll
2008-12-01 20:09 4,754,432 ----a-w c:\windows\System32\atiumdva.dll
2008-12-01 19:56 98,304 ----a-w c:\windows\System32\atiadlxx.dll
2008-12-01 19:56 57,344 ----a-w c:\windows\System32\amdcalrt.dll
2008-12-01 19:56 53,248 ----a-w c:\windows\System32\amdcalcl.dll
2008-12-01 19:56 50,688 ----a-w c:\windows\System32\amdpcom32.dll
2008-12-01 19:53 3,256,320 ----a-w c:\windows\System32\amdcaldd.dll
2008-12-01 19:42 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-11-30 22:54 --------- d-----w c:\program files\Common Files\Nero
2008-11-30 22:27 --------- d-----w c:\program files\Nero
2008-11-30 22:11 --------- d-----w c:\programdata\Nero
2008-11-30 18:21 --------- d-----w c:\programdata\ZoomBrowser
2008-11-30 11:31 --------- d-----w c:\program files\Common Files\InterVideo
2008-11-30 11:21 --------- d-----w c:\program files\MSXML 4.0
2008-11-30 11:14 --------- d-----w c:\program files\InterVideo
2008-11-30 10:38 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-30 10:34 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-30 10:08 --------- d-----w c:\program files\Winamp
2008-11-30 10:04 --------- d-----w c:\program files\Zone Labs
2008-11-30 09:55 --------- d-----w c:\programdata\CheckPoint
2008-11-30 09:27 --------- d-----w c:\program files\Alwil Software
2008-11-30 09:17 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-11-30 09:16 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-11-30 09:16 --------- d-----w c:\programdata\PC Suite
2008-11-30 09:10 --------- d-----w c:\program files\uTorrent
2008-11-30 09:10 --------- d-----w c:\program files\DIFX
2008-11-30 09:08 --------- d-----w c:\program files\PC Connectivity Solution
2008-11-29 22:24 --------- d-----w c:\program files\DVD Shrink
2008-11-29 22:00 --------- d-----w c:\program files\Windows Sidebar
2008-11-29 22:00 --------- d-----w c:\program files\Windows Photo Gallery
2008-11-29 22:00 --------- d-----w c:\program files\Windows Journal
2008-11-29 22:00 --------- d-----w c:\program files\Windows Defender
2008-11-29 22:00 --------- d-----w c:\program files\Windows Collaboration
2008-11-29 22:00 --------- d-----w c:\program files\Windows Calendar
2008-11-29 22:00 --------- d-----w c:\program files\Microsoft Games
2008-11-29 18:55 --------- d-----w c:\programdata\WindowsSearch
2008-11-29 18:09 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-11-29 18:09 --------- d-----w c:\program files\Windows Live
2008-11-29 18:06 --------- d-----w c:\programdata\WLInstaller
2008-11-29 17:47 174 --sha-w c:\program files\desktop.ini
2008-11-29 17:44 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-26 17:17 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2008-11-13 13:19 293,776 ----a-w c:\windows\system32\drivers\vsdatant.sys
2008-11-13 13:18 1,221,008 ----a-w c:\windows\System32\zpeng25.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-09-16 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-09-16 125952]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"FTweakFCleaner"="c:\program files\FCleaner\FCleaner.exe" [2009-01-05 1644544]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-09-16 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-06 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-06 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-06 154136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.22\RivaTunerWrapper.exe" [2008-12-29 24576]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-23 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-23 692224]
RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2008-09-17 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\tuwopuye.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8E626B47-C9DC-4723-B082-C15E32E77481}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{94F4B79F-11D0-4A0D-A845-2266FD9FC9A3}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2587E3A1-C5A6-4676-BD1A-B1405EA49677}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{10ECF9FF-6ABA-4EC9-ABFD-708446A2A6EE}"= UDP:c:\windows\System32\mpxu.exe:mpxu
"{881C253E-E956-4315-B195-8EB076EDF50E}"= TCP:c:\windows\System32\mpxu.exe:mpxu
"{57943985-052F-4DB6-A0CE-58BC06DAA142}"= TCP:c:\windows\System32\rundll32.exe:rundll32
"{688B186B-116D-479B-9D32-B3DAED36C93C}"= UDP:c:\windows\System32\rundll32.exe:rundll32
"{32E4655A-670A-4CA9-86F9-E19149F3D38A}"= TCP:c:\windows\System32\rundll32.exe:rundll32
"{3EA65B2C-44E0-42FE-89D9-D24F067B1EBC}"= UDP:c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe:NBService
"{F3C83FBC-DBDB-4024-8B73-AA7D11E06705}"= TCP:c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe:NBService
"{9E08C076-8A53-4C92-923A-0FA3D44AAC17}"= UDP:c:\windows\System32\winlogon.exe:winlogon
"{664FA188-A260-49B9-A341-647134FD9FC6}"= TCP:c:\windows\System32\winlogon.exe:winlogon
"{54F59559-373E-41AB-95EB-ABE017DB470E}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{5CFEC1CC-D2E7-4290-BFD7-44532AB8DCB2}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{0772F038-5F85-41A9-8B68-DBF840D76451}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{BD2F653E-E982-43F4-8ADA-7B646122B78B}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6B0C0CB8-EFE1-4E5D-85FA-98D19AB55C27}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{19A186F2-827A-4A5B-8732-BB3E475A6D18}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{58E68D91-DE0A-4DC9-A36B-242ADABD65E6}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0BFA68B6-1E56-4594-8EB3-1253B0AFDEAC}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{665B80CD-79E7-4D80-A8C9-DF5D8060A525}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 amacpi;Microsoft Away Mode System;c:\windows\System32\drivers\null.sys [2008-09-16 4608]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-11-30 111184]
R1 nltdi;nltdi;c:\windows\System32\drivers\nltdi.sys [2007-04-23 82200]
R3 Ph6xIB32;NXP 716x PCIe TV Card;c:\windows\System32\drivers\Ph6xIB32.sys [2007-01-26 1074560]
R4 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-11-30 20560]
R4 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-11-30 51792]

--- Muut muistissa olevat ajurit/palvelut ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
.
------- Täydentävä tarkistus -------
.
IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

c:\windows\Downloaded Program Files\Manager.exe - c:\windows\Downloaded Program Files\DownloadManagerV2.ocx
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
c:\windows\Downloaded Program Files\DownloadManagerV2.inf
FF - ProfilePath - c:\users\Santtu\AppData\Roaming\Mozilla\Firefox\Profiles\5m4vdckk.default\
FF - prefs.js: browser.startup.homepage - hxxp://thepiratebay.org/
FF - component: c:\users\Santtu\AppData\Roaming\Mozilla\Firefox\Profiles\5m4vdckk.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 16:15:43
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'Explorer.exe'(1440)
c:\program files\RocketDock\RocketDock.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Muut prosessit ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\ZoneLabs\vsmon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\NetLimiter 2 Pro\nlsvc.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\NetLimiter 2 Pro\NLClient.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Valmistumisajankohta: 2009-01-13 16:24:31 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2009-01-13 14:21:39

Ennen ajoa: 3 728 359 424 tavua vapaana
Ajon jälkeen: 2,968,084,480 tavua vapaana

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
357 --- E O F --- 2009-01-13 00:19:34

Nyt pitäs olla täys logi.

[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 13. tammikuuta 2009 @ 16:42

Mainos

Hujo

Suspended permanently

13. tammikuuta 2009 @ 16:36

Linkki tähän viestiin

Loki jäi vajaaksi

[ + lainaa]

Voiko tietsikka koskaan toimia?

Vastaa

Aloita uusi viestiketju

Aiheeseen liittyviä linkkejä

Lataa uusin versio HijackThis-ohjelmasta täältä!

Aiheeseen liittyviä viestiketjuja	Viestejä	Viimeisin viesti	Keskustelualue
HJT Logi	2	3. kesäkuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT-logi ja vale-firefox ongelmia....virus koneella ?	4	6. toukokuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT logi, kone jumittaa	1	3. huhtikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
Näppäimistö sekoilee hjt log	1	2. huhtikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT-log ja Malwarebytes- log, Troijalainen? Apu tarpeen!	2	10. maaliskuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT-loki, kone valtavan hidas ja perusskannereiden läpi ajamisella ei vaikutusta	1	19. helmikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
probook 445 hjt-logit	1	19. tammikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT loki tarkastukseen	1	19. tammikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
Win7 + HJT ongelma ja kummitteleva Mass effect 2	1	11. tammikuuta 2014	Windows -ongelmat
HJT-logia..	1	9. tammikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > kone hidastelee, hjt logi.


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.