Epäilyttävä viesti?? HjT-loki. Tarkastakaa... :/

Tässä tää..
P.S. Kaspersky Skanneri löytäny jo 2 virusta, 20% menny siit.. En jaksa odottaa et se loppuis, joten meen nukkumaan.. Katon sitte aamulla.





"Min„" - 07-11-11 0:06:23 Service Pack 2
ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\Min„"
Command switches used :: "C:\Documents and Settings\Min„\Desktop\ComboFix-Do.txt"


((((((((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 ))))))))))))))))))))))))))))))))))


2007-11-10 19:33 <KANSIO> d-------- C:\WINDOWS\ERUNT
2007-11-10 10:17 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-10 10:17 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-10 10:17 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-10 10:17 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-10 10:17 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-10 10:17 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-10 10:17 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-09 17:02 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2007-11-05 16:59 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-11-04 21:28 236,713 --a------ C:\WINDOWS\system32\wcclzbmcx.exe
2007-11-04 21:28 236,713 --a------ C:\WINDOWS\system32\te.exe
2007-11-02 22:39 299,008 --a------ C:\WINDOWS\uninst.exe
2007-10-30 17:06 <KANSIO> d-------- C:\Program Files\Common Files\Java
2007-10-29 20:50 188,416 --a------ C:\WINDOWS\system32\eax.dll
2007-10-29 20:47 <KANSIO> d-------- C:\Program Files\Eidos
2007-10-29 20:38 <KANSIO> d-------- C:\Program Files\SlySoft
2007-10-29 20:21 81,920 --a------ C:\DOCUME~1\MIN~1\APPLIC~1\ezpinst.exe
2007-10-29 20:21 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-10-29 20:21 47,360 --a------ C:\DOCUME~1\MIN~1\APPLIC~1\pcouffin.sys
2007-10-29 20:21 14 --a------ C:\WINDOWS\system32\systeminfo3.dll
2007-10-29 20:21 <KANSIO> d-------- C:\DOCUME~1\MIN~1\APPLIC~1\Vso
2007-10-29 18:00 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-10-28 16:29 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2007-10-26 16:19 <KANSIO> d-------- C:\Program Files\Lavalys
2007-10-25 18:30 <KANSIO> d-------- C:\Program Files\Alcohol 120
2007-10-18 16:57 <KANSIO> d-------- C:\DOCUME~1\MIN~1\APPLIC~1\Command & Conquer 3 Tiberium Wars


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-11-09 17:13 -------- d--h----- C:\Program Files\installshield installation information
2007-11-09 17:13 -------- d--h----- C:\Program Files\installshield installation information
2007-11-08 17:21 -------- d-------- C:\Program Files\steam
2007-11-08 17:21 -------- d-------- C:\Program Files\steam
2007-11-06 16:15 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-06 16:13 103736 --a------ C:\WINDOWS\system32\pnkbstrb.exe
2007-10-30 20:27 -------- d-------- C:\Program Files\limewire
2007-10-30 20:27 -------- d-------- C:\Program Files\limewire
2007-10-30 17:12 1780 --a------ C:\WINDOWS\mozver.dat
2007-10-30 17:12 -------- d-------- C:\Program Files\java
2007-10-30 17:12 -------- d-------- C:\Program Files\java
2007-10-29 20:51 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll
2007-10-28 16:36 -------- d-------- C:\Program Files\electronic arts
2007-10-28 16:36 -------- d-------- C:\Program Files\electronic arts
2007-10-14 20:56 -------- d-------- C:\Program Files\ganymede
2007-10-14 20:56 -------- d-------- C:\Program Files\ganymede
2007-10-14 20:55 -------- d-------- C:\Program Files\artmoney
2007-10-14 20:55 -------- d-------- C:\Program Files\artmoney
2007-10-14 20:52 -------- d-------- C:\Program Files\videolan
2007-10-14 20:52 -------- d-------- C:\Program Files\videolan
2007-10-13 18:40 40 --a------ C:\WINDOWS\rsoftinfo.dat
2007-10-11 20:07 -------- d-------- C:\Program Files\bittorrent
2007-10-11 20:07 -------- d-------- C:\Program Files\bittorrent
2007-10-07 19:16 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-10-04 15:56 -------- d-------- C:\Program Files\ipod
2007-10-04 15:56 -------- d-------- C:\Program Files\ipod
2007-09-22 21:42 -------- d-------- C:\Program Files\winamp
2007-09-22 21:42 -------- d-------- C:\Program Files\winamp
2007-09-22 15:29 4 --a------ C:\WINDOWS\info147.sys
2007-09-22 15:26 -------- d-------- C:\Program Files\Common Files\totem shared
2007-09-17 20:04 -------- d-------- C:\Program Files\emule
2007-09-17 20:04 -------- d-------- C:\Program Files\emule
2007-09-11 16:12 -------- d-------- C:\Program Files\gamespy arcade
2007-09-11 16:12 -------- d-------- C:\Program Files\gamespy arcade
2007-09-07 15:47 4 --a------ C:\WINDOWS\system32\proc-503976190.bin
2007-09-04 19:06 0 -ra------ C:\logwmemory.bin
2007-08-21 08:15 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-08-13 07:55 66872 --a------ C:\WINDOWS\system32\pnkbstra.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"1A:Stardock TrayMonitor"="\"C:\\Program Files\\Common Files\\Stardock\\TrayServer.exe\""
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"LaunchApp"="Alaunch"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe 1"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe"
"mspwr"="C:\\WINDOWS\\system32\\PuXpMan.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"="D:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Multi
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f3707da-e130-11db-9138-001921053f47}]
Shell\AutoRun\command K:\LaunchU3.exe -a


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\chkdsk.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Tarkistetaan Windows Live -ty”kalurivin p„ivitykset.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-11-11 0:10:17
C:\ComboFix2.txt ... 07-11-10 23:50
C:\ComboFix3.txt ... 07-11-10 22:59

 

Ja täs tää Kaspersky Scannauksen loki:





-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, November 11, 2007 10:03:37 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/11/2007
Kaspersky Anti-Virus database records: 456151
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\
L:\
M:\
N:\

Scan Statistics:
Total number of scanned objects: 256587
Number of viruses found: 4
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 03:58:43

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04012007-211231.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16A51F06.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EB55B92.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F0A1F34.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F93029E.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FD77452.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\212B02DC.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\224173AB.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28D40820.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A0E46C7.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A4F0E7F.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36110BF6.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F0B7516.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Minä\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\cert8.db Object is locked skipped
C:\Documents and Settings\Minä\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\flashgot.log Object is locked skipped
C:\Documents and Settings\Minä\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\history.dat Object is locked skipped
C:\Documents and Settings\Minä\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\key3.db Object is locked skipped
C:\Documents and Settings\Minä\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\parent.lock Object is locked skipped
C:\Documents and Settings\Minä\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Minä\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Minä\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Minä\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Minä\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Minä\Local Settings\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Minä\Local Settings\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Minä\Local Settings\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Minä\Local Settings\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Minä\Local Settings\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\Minä\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Minä\Local Settings\History\History.IE5\MSHist012007111120071112\index.dat Object is locked skipped
C:\Documents and Settings\Minä\Local Settings\Temp\hsperfdata_Minä\3580 Object is locked skipped
C:\Documents and Settings\Minä\Local Settings\Temp\~DF29B.tmp Object is locked skipped
C:\Documents and Settings\Minä\Local Settings\Temp\~DF6EDA.tmp Object is locked skipped
C:\Documents and Settings\Minä\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Minä\ntuser.dat Object is locked skipped
C:\Documents and Settings\Minä\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\eDS_PSD_drive.vmdf Object is locked skipped
C:\Program Files\AdVantage\TR.dll Infected: not-a-virus:AdTool.Win32.WhenU.r skipped
C:\Program Files\Alcohol 120\StarWind\logs\starwind.2007-11-10.22-46-41.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Taustasuojaus.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\tracking.log Object is locked skipped
C:\System Volume Information\_restore{1289DBFF-7866-429D-B56A-15FA7EAC6C13}\RP402\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{3898115F-C6A4-4F84-A19B-1F9456803E31}.crmlog Object is locked skipped
C:\WINDOWS\S4E60D04B.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\te.exe Infected: Backdoor.Win32.Agent.ckj skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wcclzbmcx.exe Infected: Backdoor.Win32.Agent.ckj skipped
C:\WINDOWS\temp\Perflib_Perfdata_788.dat Object is locked skipped
C:\WINDOWS\temp\_avast4_\unp226540112.tmp Object is locked skipped
C:\WINDOWS\temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{1289DBFF-7866-429D-B56A-15FA7EAC6C13}\RP402\change.log Object is locked skipped
D:\Users\Minä\AppData\Local\Temp\~DF6582.tmp Object is locked skipped
D:\Users\Minä\AppData\Local\Temp\~DF666C.tmp Object is locked skipped
D:\Users\Minä\AppData\Local\Temp\~DFCBEE.tmp Object is locked skipped
D:\Users\Minä\AppData\Local\Temp\~DFCC11.tmp Object is locked skipped
D:\Windows\CSC\v2.0.6\pq Object is locked skipped
D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Object is locked skipped
D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Object is locked skipped
D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl Object is locked skipped
D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Object is locked skipped

Scan process completed.

 

Oho Olin aika pälli En oikein lukenu tarkkaa ku ois pitäny Ajaa se F-Securen skannaus eikä Kasperskyn skannausta D'oh!
No, laitan sen F-Securen päälle ja täs on sit uus HjT-loki:







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:25, on 11.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Stardock\TrayServer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\PuXpMan.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: WebBlinds - {4F92B827-1E56-4E30-A978-A17A7861A606} - C:\Program Files\Object Desktop\WebBlinds\WebBlinds.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?08fa1db26a11472a87c38a5a769b8974
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?08fa1db26a11472a87c38a5a769b8974
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: Multi - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Stardock Multiplicity (Multiplicity) - Unknown owner - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 10540 bytes

 

Täs Tää F-Secure Reportti:








Scanning Report
Sunday, November 11, 2007 10:22:59 - 19:54:15

Computer name: MIIKKA
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 16 malware found
Backdoor.Win32.Agent.ckj (virus)

* C:\WINDOWS\system32\te.exe (Renamed & Submitted)
* C:\WINDOWS\system32\wcclzbmcx.exe (Renamed & Submitted)

Tracking Cookie (spyware)

* System (Disinfected)
* System

Trojan-Downloader.WMA.Wimad.d (virus)

* C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16A51F06.wma (Renamed & Submitted)
* C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EB55B92.wma (Renamed & Submitted)
* C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F0A1F34.wma (Renamed & Submitted)
* C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F93029E.wma (Renamed & Submitted)
* C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FD77452.wma (Renamed)
* C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\212B02DC.wma (Renamed & Submitted)
* C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\224173AB.wma (Renamed & Submitted)
* C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28D40820.wma (Renamed & Submitted)
* C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A0E46C7.wma (Renamed & Submitted)
* C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A4F0E7F.wma (Renamed & Submitted)
* C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36110BF6.wma (Renamed & Submitted)

W32/Delf.AXSP (virus)

* D:\Program Files\BitComet\tools\CometBrowser.exe (Submitted)

Statistics
Scanned:

* Files: 591735
* System: 5119
* Not scanned: 505

Actions:

* Disinfected: 1
* Renamed: 13
* Deleted: 0
* None: 2
* Submitted: 13

Files not scanned:

* x&#65533;3x
3IBERFIL.SYS C:\PAGEFILE.SYS
* C:\WINDOWS\S4E60D04B.TMP
* C:\WINDOWS\TEMP\PERFLIB_PERFDATA_788.DAT
* C:\WINDOWS\TEMP\_AVAST4_\WEBSHLOCK.TXT
* C:\WINDOWS\SYSTEM32\BIOS1.ROM
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* Overgrowth/Overgrowth.raw
* overgrowth/Overgrowth.raw
* overgrowth/Overgrowth.raw
* Overgrowth/Overgrowth.raw
* HeightmapSecondary_U1.raw
* overgrowth/Overgrowth.raw
* overgrowth/Overgrowth.raw
* Overgrowth/Overgrowth.raw
* Overgrowth/OvergrowthShadowmap.raw
* Overgrowth/Overgrowth.raw
* Overgrowth/OvergrowthShadowmap.raw
* overgrowth/Overgrowth.raw
* overgrowth/Overgrowth.raw
* overgrowth/OvergrowthShadowmap.raw
* overgrowth/Overgrowth.raw
* Overgrowth/Overgrowth.raw
* Undergrowth.raw
* HeightmapPrimary.mat
* HeightmapSecondary_D1.raw
* HeightmapSecondary_L1.raw
* HeightmapSecondary_L1D1.raw
* HeightmapSecondary_L1U1.raw
* HeightmapSecondary_R1.raw
* HeightmapSecondary_R1D1.raw
* HeightmapSecondary_R1U1.raw
* HeightmapSecondary_U1.raw
* overgrowth/Overgrowth.raw
* overgrowth/Overgrowth.raw
* Overgrowth/Overgrowth.raw
* C:\WINDOWS\.FILE_STORE_32\RUNESCAPE\MAIN_FILE_CACHE.DAT2
* C:\PROGRAM FILES\STEAM\STEAMAPPS\MIIKKA_K\DAY OF DEFEAT SOURCE\DOD\SOUND\ADMIN_PLUGIN\GOODLUCK.MP3
* C:\PROGRAM FILES\STEAM\STEAMAPPS\MIIKKA_K\DAY OF DEFEAT SOURCE\DOD\SOUND\ADMIN_PLUGIN\WAITINGFORSUSPECT.MP3
* {3DB2B2C1-0DB5-47B5-B4ED-99D0D234BF4A}.dxstat
* {EF83AE35-8F91-4066-B678-59AAC3029103}.dxstat
* {1CFBAD70-2B37-4C9B-B6F7-629BC2DFAA0D}.dxstat
* {0FCB3A11-10C8-4561-A7E5-5A857DBDB5B4}.dxstat
* C:\PROGRAM FILES\NEWTECH INFOSYSTEMS\NTI CD & DVD-MAKER 7\FILECD\FILECD.ISO
* C:\PROGRAM FILES\EMULE\TEMP\001.PART
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 19\AdAware_SE_default.ask\Ad-Aware SE Default.skn
* C:\DOWNLOADS\PRISON.BREAK.S2E15-22-JC\PRISON.BREAK.S2E15-22-JC.R01.BC!
* C:\DOWNLOADS\PRISON.BREAK.S2E15-22-JC\PRISON.BREAK.S2E15-22-JC.R58.BC!
* C:\DOCUMENTS AND SETTINGS\ADMINI~1.LOG
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\MIN&#65533;\NTUSER.DAT
* C:\Documents and Settings\Min&#65533;\My Documents\Salasanat\Salasanoja.rar\Salasanoja.rtf
* C:\DOCUMENTS AND SETTINGS\MIN&#65533;\MY DOCUMENTS\OMAT MUSIIKKITIEDOSTOT\LAVEERRE - ALLA VAAHTERAPUUN.MP3
* C:\DOCUMENTS AND SETTINGS\MIN&#65533;\MY DOCUMENTS\OMAT MUSIIKKITIEDOSTOT\SIIVOUSPOJAT - HIRVOSEN PENTTI.MP3
* C:\DOCUMENTS AND SETTINGS\MIN&#65533;\MY DOCUMENTS\OMAT MUSIIKKITIEDOSTOT\MIGHTY 44\MIGHTY 44 - MIGHTY 44.MP3
* {D0AD8BEA-189C-4862-AA79-ADC57137D376}.dxstat
* C:\DOCUMENTS AND SETTINGS\MIN&#65533;\MY DOCUMENTS\BITTORRENT DOWNLOADS\MTX.VS.ATV.UNLEASHED.RELOADED\MXVSATV-UNLEASHED-RELOADED.ISO
* C:\DOCUMENTS AND SETTINGS\MIN&#65533;\MY DOCUMENTS\BITTORRENT DOWNLOADS\MICROSOFT OFFICE MULTI-LANGUAGE PACK 2007 - DA - NL - FI - SV - ISO\O12MLPDA.ISO
* C:\DOCUMENTS AND SETTINGS\MIN&#65533;\MY DOCUMENTS\BITTORRENT DOWNLOADS\MICROSOFT OFFICE MULTI-LANGUAGE PACK 2007 - DA - NL - FI - SV - ISO\O12MLPFI.ISO
* C:\DOCUMENTS AND SETTINGS\MIN&#65533;\MY DOCUMENTS\BITTORRENT DOWNLOADS\MICROSOFT OFFICE MULTI-LANGUAGE PACK 2007 - DA - NL - FI - SV - ISO\O12MLPNL.ISO
* C:\DOCUMENTS AND SETTINGS\MIN&#65533;\MY DOCUMENTS\BITTORRENT DOWNLOADS\MICROSOFT OFFICE MULTI-LANGUAGE PACK 2007 - DA - NL - FI - SV - ISO\O12MLPSV.ISO
* C:\DOCUMENTS AND SETTINGS\MIN&#65533;\LE&#65533;
&#65533;
O


* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\S4E60D04B.TMP
* C:\WINDOWS\TEMP\PERFLIB_PERFDATA_788.DAT
* C:\WINDOWS\TEMP\_AVAST4_\WEBSHLOCK.TXT
* C:\WINDOWS\SYSTEM32\BIOS1.ROM
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONF&#65533;
Y

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-11-09
* F-Secure AVP: 7.0.171, 2007-11-10
* F-Secure Orion: 1.2.37, 2007-11-09
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0620-150-72
* F-Secure Pegasus: 1.19.0, 2007-10-06

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

 

moro
olihan siellä vielä...

poista nämä
C:\WINDOWS\system32\te.exe (voi olla muodossa te.ren)
C:\WINDOWS\system32\wcclzbmcx.exe (ja tämä myös *ren loppu)

ja tyhjennä tämä kansio C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine

ja tämä vaatii lisä tutkimuksia(tässä tiedostossa voi olla myös ren loppu
Varmistu ensin, että piilotiedostot on näkyvillä.

Piilotiedostot näkyviin

Mene --> tänne

Kun sivu on latautunut, klikkaa Selaa-nappulaa ja etsi seuraava tiedosto ja paina Submit.

D:\Program Files\BitComet\tools\CometBrowser.exe

Lähetä skannin tulokset seuraavassa viestissäsi.

Jos Jotti on ruuhkainen, yritä samaa Virustotalissa: http://www.virustotal.com/flash/index_en.html

 

Tässä Tää Scanner Result:






Scanner results
Scan taken on 11 Nov 2007 18:52:35 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found W32/Delf.AXSP
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing











P.S. Vissii iha sekasin mun kone noista viruksista? :/

 

jep tuo tiedosto on väärä hälytys
löytykö ne poistettavat

 

Joo, jos meinasit niitä te.0xe ja wcclzbmcx.0xe (Niissä oli tommonen .0xe-pääte) Ja sit tyhjensin sen Quarantine-kansion.
Mitä sitten Pitää tehdä?

 

jep nämä kaks te.0xe ja wcclzbmcx.0xe poista
sitten olisi kone puhdas,jos ei ole muuta ongelmaa

 

Ootko Ihan varma? :/ jos lähetän vielä HjT-lokin?

 

lähetä vaa

 

Joo, yöksi vielä Avast!:n päälle ni se löys jonku Troijalaisen :/ Täs kummiski HjT-loki:







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:23:20, on 12.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Stardock\TrayServer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\PuXpMan.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: WebBlinds - {4F92B827-1E56-4E30-A978-A17A7861A606} - C:\Program Files\Object Desktop\WebBlinds\WebBlinds.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll
O20 - Winlogon Notify: Multi - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Stardock Multiplicity (Multiplicity) - Unknown owner - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 9711 bytes

 

moi
mitä avast löysi ja mistä???

tää vielä unohtu

Paina Käynnistä ---> Suorita -->kirjoita(tai kopioi ja liitä) sc stop CLTNetCnService(pamauta enteriä )
Paina Käynnistä ---> Suorita -->kirjoita(tai kopioi ja liitä)sc delete CLTNetCnService(pamauta enteriä )

Poista kansio : C:\Program Files\Common Files\Symantec Shared

lähetä uusi hjt-loki

 

Se löys 2 Win32:Rbot-ETN [Trj], toisen täältä: C:\system volume information\_restore{1289DBFF-7866-429D-B56A-15FA7EAC6C13}\RP409\A0079255.exe

Ja toisen täältä: C:\Downloads\alcohol 120_1.9.6.4719\alcohol120_retail 196.4719.exe


Ja Täs on se uus HjT-loki:






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:05, on 12.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Stardock\TrayServer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\PuXpMan.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Downloads\PC_GTA.SanAndreas -(rip)-(ToeD)\PC_GTA.SanAndreas -(rip)-(ToeD)\GTA.San.Andreas\gta_sa.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: WebBlinds - {4F92B827-1E56-4E30-A978-A17A7861A606} - C:\Program Files\Object Desktop\WebBlinds\WebBlinds.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll
O20 - Winlogon Notify: Multi - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Stardock Multiplicity (Multiplicity) - Unknown owner - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 9625 bytes

 

poista tuo kansio: C:\Downloads\alcohol 120_1.9.6.4719
tällast se on ku warettaa
laitetaan vielä toinenskanneri


Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi.
*Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
*Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
*Käynnistä AVG Anti-Spyware.
*Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
*Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

*Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
*Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
*Sitten "Reports" valikon alta:
*Ota täppi pois kohdasta"Automatically generate report after every scan"
*Ota täppi pois kohdasta"Only if threats were found

*Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
*"Resident shield is", muuta tila active:sta inactive:ksi
*Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä koneesi vikasietotilaan, Ohje!



HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
*Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
*Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
*AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
*Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
*Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

*Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
*Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
*Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.

 

Kestää hiukan...

 

Doh! En pysty muuttamaan sitä jtn "Set All (en muista) to:" Quarantineks, ku se on silleen "tummennettuna" tai kummiski sitä ei voi muuttaa. Siin on nyt "Delete". miten voin muuttaa sen? ku sitä painaa ni ei tapahdu mitään... Teen aina kaiken ihan väärin :|

 

En pystyny vaihtaa sitä "Set All Elements To:" kohtaa Quarantineks, ni siin oli Delete, ku painoin jtn et "jatka" ta jtn ni se sit vissii poisti ne kaikki mitä se löys, eli 18 TrackingCookieta... Täs kummiski se Reportti:






---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:45:44 12.11.2007

+ Scan result:



:mozilla.92:\Users\Minä\AppData\Roaming\Mozilla\Firefox\Profiles\e4ovnoeu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:\Users\Minä\AppData\Roaming\Mozilla\Firefox\Profiles\e4ovnoeu.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.25:\Users\Minä\AppData\Roaming\Mozilla\Firefox\Profiles\e4ovnoeu.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.26:\Users\Minä\AppData\Roaming\Mozilla\Firefox\Profiles\e4ovnoeu.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.93:\Users\Minä\AppData\Roaming\Mozilla\Firefox\Profiles\e4ovnoeu.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.94:\Users\Minä\AppData\Roaming\Mozilla\Firefox\Profiles\e4ovnoeu.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.44:\Users\Minä\AppData\Roaming\Mozilla\Firefox\Profiles\e4ovnoeu.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.65:\Users\Minä\AppData\Roaming\Mozilla\Firefox\Profiles\e4ovnoeu.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.14:\Users\Minä\AppData\Roaming\Mozilla\Firefox\Profiles\e4ovnoeu.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.15:\Users\Minä\AppData\Roaming\Mozilla\Firefox\Profiles\e4ovnoeu.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\Minä\Cookies\minä@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.61:\Users\Minä\AppData\Roaming\Mozilla\Firefox\Profiles\e4ovnoeu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.16:\Users\Minä\AppData\Roaming\Mozilla\Firefox\Profiles\e4ovnoeu.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.95:\Users\Minä\AppData\Roaming\Mozilla\Firefox\Profiles\e4ovnoeu.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.101:\Users\Minä\AppData\Roaming\Mozilla\Firefox\Profiles\e4ovnoeu.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.42:\Users\Minä\AppData\Roaming\Mozilla\Firefox\Profiles\e4ovnoeu.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.43:\Users\Minä\AppData\Roaming\Mozilla\Firefox\Profiles\e4ovnoeu.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.34:\Users\Minä\AppData\Roaming\Mozilla\Firefox\Profiles\e4ovnoeu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

 

laita vielä uusi hjt-loki

 

Täs tää uus HjT-loki:






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:24, on 13.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\PuXpMan.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
D:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: WebBlinds - {4F92B827-1E56-4E30-A978-A17A7861A606} - C:\Program Files\Object Desktop\WebBlinds\WebBlinds.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll
O20 - Winlogon Notify: Multi - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Stardock Multiplicity (Multiplicity) - Unknown owner - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 9572 bytes